UNPKG

@brianveltman/sonatype-mcp

Version:

Model Context Protocol server for Sonatype Nexus Repository Manager

github.com/brianveltman/sonatype-mcp

brianveltman/sonatype-mcp

387 lines (309 loc) 10.9 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
# Sonatype MCP Server A Model Context Protocol (MCP) server for Sonatype Nexus Repository Manager that enables AI assistants to interact with Nexus repositories through a standardized interface. ## Features - **Repository Management**: List, view, and manage repositories - **Component Operations**: Search, retrieve, and manage components - **System Administration**: Monitor system status, blob stores, and metrics - **Security**: HTTP Basic Authentication with read-only mode support ## Installation ### Prerequisites - Node.js 18 or higher - Access to a Nexus Repository Manager instance - Valid Nexus credentials ### Using npm ```bash npm install -g @brianveltman/sonatype-mcp ``` ## Usage ### Claude Desktop Integration Add to your `claude_desktop_config.json`: ```json { "mcpServers": { "sonatype-mcp": { "command": "npx", "args": [ "-y", "@brianveltman/sonatype-mcp", "--nexus-url", "http://localhost:8081", "--nexus-username", "your-username", "--nexus-password", "your-password" ] } } } ``` #### With Firewall Quarantine Support To enable Firewall quarantine tools, add Firewall credentials: ```json { "mcpServers": { "sonatype-mcp": { "command": "npx", "args": [ "-y", "@brianveltman/sonatype-mcp", "--nexus-url", "http://localhost:8081", "--nexus-username", "your-username", "--nexus-password", "your-password", "--firewall-url", "http://localhost:8070", "--firewall-username", "firewall-user", "--firewall-password", "firewall-password" ] } } } ``` ### Visual Studio Code Integration Add to your `mcp.json`: ```json { "servers": { "sonatype-mcp": { "command": "npx", "args": [ "-y", "@brianveltman/sonatype-mcp", "--nexus-url", "http://localhost:8081", "--nexus-username", "your-username", "--nexus-password", "your-password" ], "type": "stdio" } }, "inputs": [] } ``` #### With Firewall Support ```json { "servers": { "sonatype-mcp": { "command": "npx", "args": [ "-y", "@brianveltman/sonatype-mcp", "--nexus-url", "http://localhost:8081", "--nexus-username", "your-username", "--nexus-password", "your-password", "--firewall-url", "http://localhost:8070", "--firewall-username", "firewall-user", "--firewall-password", "firewall-password" ], "type": "stdio" } }, "inputs": [] } ``` ## Available Tools ### Repository Management - `nexus_list_repositories` - List all repositories with filtering - `nexus_get_repository` - Get repository details - `nexus_create_repository` - Create proxy, hosted, or group repositories (write mode) - `nexus_update_repository` - Update repository configuration (write mode) - `nexus_delete_repository` - Delete repositories (write mode) ### Component Management - `nexus_search_components` - Search components across repositories - `nexus_get_component` - Get component details - `nexus_delete_component` - Delete components (write mode) - `nexus_get_component_versions` - List all versions of a component - `nexus_upload_component` - Upload components with assets to repositories (write mode) ### Asset Management - `nexus_upload_asset` - Upload individual assets to raw repositories (write mode) ### System Administration - `nexus_get_system_status` - Get system health status - `nexus_list_blob_stores` - List blob store configurations - `nexus_list_tasks` - List scheduled tasks - `nexus_get_usage_metrics` - Get usage metrics including total components and daily request counts (requires nexus:metrics:read privilege) - `nexus_generate_support_zip` - Generate and optionally save a support zip file containing diagnostic information for troubleshooting ### Firewall Quarantine (Optional) - `firewall_get_quarantined_components` - Retrieve components quarantined by Sonatype Firewall policies (requires Firewall credentials) - `firewall_release_from_quarantine` - Release components from Firewall quarantine by waiving policy violations (write mode, requires Firewall credentials) ## Usage Examples ### Common Prompts for AI Assistants Once you have the MCP server configured, you can use natural language prompts with your AI assistant: #### Repository Management - *"List all Maven repositories"* - *"Show me details about the npm-public repository"* - *"Create a new hosted Maven repository called 'internal-releases'"* - *"What repositories do we have for Docker images?"* #### Component Search and Analysis - *"Search for all versions of the Spring Boot starter components"* - *"Find all components in the maven-central repository that contain 'jackson'"* - *"Show me all versions of com.fasterxml.jackson.core:jackson-core"* - *"What's the latest version of lodash in our npm repository?"* #### System Monitoring - *"Check the system health status"* - *"Show me the current usage metrics for our Nexus instance"* - *"List all blob stores and their sizes"* - *"What scheduled tasks are currently running?"* - *"Generate a support zip file for troubleshooting"* - *"Create a support zip with system info and logs, save it to the raw repository"* #### Security and Compliance - *"Search for components with known vulnerabilities"* - *"Find all snapshot versions in our release repositories"* - *"Show me components uploaded in the last 24 hours"* - *"Show me all components quarantined by Firewall policies"* - *"Check if any components containing 'log4j' are quarantined"* - *"Release quarantine ID 'abc123' with a comment explaining the business justification"* ### Advanced Use Cases #### Dependency Analysis ``` "Search for all components that depend on log4j and show me their versions. Then check if any of them are using vulnerable versions." ``` #### Repository Cleanup ``` "Find all snapshot artifacts older than 30 days in the maven-snapshots repository and prepare a list for cleanup." ``` #### Release Management ``` "Check if version 2.1.0 of our internal library 'com.company:core-utils' exists in the releases repository, and if not, help me upload it." ``` #### Storage Management ``` "Show me which blob stores are consuming the most space and identify the largest components in each repository." ``` #### Troubleshooting and Support ``` "Generate a comprehensive support zip file including system information, thread dumps, metrics, and log files, but exclude security information for sharing with external support." ``` #### Firewall Quarantine Management ``` "Check all repositories for quarantined components, identify which policy violations are causing the most quarantines, and provide a summary report with recommendations for policy adjustments." ``` ### Interactive Workflows The MCP server enables complex, multi-step workflows: 1. **Component Discovery**: Start by searching for components 2. **Detailed Analysis**: Get specific component details 3. **Repository Operations**: Create, update, or manage repositories 4. **Upload Management**: Upload new versions or assets 5. **Monitoring**: Check system health and usage metrics ### Example Conversation Flow ``` You: "What Maven repositories do we have?" AI: [Lists repositories using nexus_list_repositories] You: "Show me the largest components in maven-releases" AI: [Searches components and shows results with sizes] You: "Upload version 1.2.0 of com.example:my-app to maven-releases" AI: [Uses nexus_upload_component to upload the specified version] You: "Check if the upload was successful" AI: [Searches for the component to verify upload] ``` ### Troubleshooting Examples #### Permission Issues If you encounter permission errors: - *"Check the system status to see if I have the required permissions"* - *"List the repositories I have access to"* - *"Show me what admin tasks are available"* #### Component Not Found When searching doesn't return expected results: - *"Search for 'spring' in all repositories, not just maven-central"* - *"Check if the component name has special characters or different casing"* - *"List all components in the repository to see what's actually there"* #### Upload Issues For upload problems: - *"Verify the repository format supports the type of component I'm trying to upload"* - *"Check if the repository is in read-only mode"* - *"Show me the repository configuration for upload settings"* ### Best Practices #### Efficient Searching - Use specific search terms to reduce result sets - Filter by repository when you know the target location - Combine multiple search criteria for precise results #### Repository Management - Always check repository details before making changes - Use descriptive names for new repositories - Verify blob store configuration before creating repositories #### Monitoring and Maintenance - Regularly check system health status - Monitor usage metrics to understand growth patterns - Review scheduled tasks for maintenance operations ### Integration Examples #### CI/CD Pipeline Integration ``` "After our build completes, check if the new artifact version already exists in the releases repository. If not, upload it and verify the upload succeeded." ``` #### Dependency Auditing ``` "Generate a report of all third-party dependencies in our maven-central proxy, grouped by organization, and highlight any with recent security advisories." ``` #### Storage Optimization ``` "Identify duplicate artifacts across repositories and suggest consolidation opportunities to optimize storage usage." ``` ## Development ### Building from Source ```bash git clone https://github.com/brianveltman/sonatype-mcp.git cd sonatype-mcp yarn install yarn build ``` ### Running in Development ```bash yarn dev ``` ### Running Tests ```bash yarn test ``` ## Security - Uses HTTP Basic Authentication - Supports read-only mode for enhanced security - Input validation on all parameters - Comprehensive error handling ## Contributing 1. Fork the repository 2. Create a feature branch 3. Make your changes 4. Add tests if applicable 5. Submit a pull request ### Example how to use the source with Claude ```json { "mcpServers": { "sonatype-mcp": { "command": "node", "args": [ "/path-to/mcp-sonatype/build/index.js", "--nexus-url", "http://localhost:8081", "--nexus-username", "your-username", "--nexus-password", "your-password" ] } } } ``` ## License MIT License - see LICENSE file for details ## Support For issues and questions: - GitHub Issues: https://github.com/brianveltman/sonatype-mcp/issues ## References - [Model Context Protocol](https://modelcontextprotocol.io/) - [Nexus Repository Manager API](https://help.sonatype.com/en/repositories-api.html) - [Sonatype Nexus Repository Manager](https://help.sonatype.com/)