From 9f72e70bd515651bf5514a1eae2a59ef9ab129fe Mon Sep 17 00:00:00 2001 From: Fede Barcelona Date: Thu, 4 Dec 2025 13:06:43 +0100 Subject: [PATCH 1/2] chore: add user agent in requests with mcp version --- cmd/server/main.go | 1 + internal/infra/sysdig/client.go | 20 +++++++++++++------- package.nix | 2 +- 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/cmd/server/main.go b/cmd/server/main.go index c85e88a..fa29c3b 100644 --- a/cmd/server/main.go +++ b/cmd/server/main.go @@ -74,6 +74,7 @@ func setupLogger(logLevel string) { func setupSysdigClient(cfg *config.Config) (sysdig.ExtendedClientWithResponsesInterface, error) { sysdigClient, err := sysdig.NewSysdigClient( + sysdig.WithVersion(Version), sysdig.WithFallbackAuthentication( sysdig.WithHostAndTokenFromContext(), sysdig.WithFixedHostAndToken(cfg.APIHost, cfg.APIToken), diff --git a/internal/infra/sysdig/client.go b/internal/infra/sysdig/client.go index 8d0e8de..fc638e6 100644 --- a/internal/infra/sysdig/client.go +++ b/internal/infra/sysdig/client.go @@ -3,12 +3,11 @@ package sysdig import ( "context" "errors" + "fmt" "net/http" "net/url" ) -type SysdigAuthentication func(ctx context.Context, req *http.Request) error - type contextKey string const ( @@ -46,7 +45,7 @@ func updateReqWithHostURL(req *http.Request, host string) error { return nil } -func WithFixedHostAndToken(host, apiToken string) SysdigAuthentication { +func WithFixedHostAndToken(host, apiToken string) RequestEditorFn { return func(ctx context.Context, req *http.Request) error { if err := updateReqWithHostURL(req, host); err != nil { return err @@ -56,7 +55,7 @@ func WithFixedHostAndToken(host, apiToken string) SysdigAuthentication { } } -func WithHostAndTokenFromContext() SysdigAuthentication { +func WithHostAndTokenFromContext() RequestEditorFn { return func(ctx context.Context, req *http.Request) error { if host, ok := ctx.Value(contextKeyHost).(string); ok && host != "" { if err := updateReqWithHostURL(req, host); err != nil { @@ -71,7 +70,7 @@ func WithHostAndTokenFromContext() SysdigAuthentication { } } -func WithFallbackAuthentication(auths ...SysdigAuthentication) SysdigAuthentication { +func WithFallbackAuthentication(auths ...RequestEditorFn) RequestEditorFn { return func(ctx context.Context, req *http.Request) error { for _, auth := range auths { if err := auth(ctx, req); err == nil { @@ -82,10 +81,17 @@ func WithFallbackAuthentication(auths ...SysdigAuthentication) SysdigAuthenticat } } -func NewSysdigClient(requestEditors ...SysdigAuthentication) (ExtendedClientWithResponsesInterface, error) { +func WithVersion(version string) RequestEditorFn { + return func(ctx context.Context, req *http.Request) error { + req.Header.Set("User-Agent", fmt.Sprintf("sysdig-mcp-server/%s", version)) + return nil + } +} + +func NewSysdigClient(requestEditors ...RequestEditorFn) (ExtendedClientWithResponsesInterface, error) { editors := make([]ClientOption, len(requestEditors)) for i, e := range requestEditors { - editors[i] = WithRequestEditorFn(RequestEditorFn(e)) + editors[i] = WithRequestEditorFn(e) } return NewClientWithResponses("", editors...) diff --git a/package.nix b/package.nix index fa27a9f..158ce18 100644 --- a/package.nix +++ b/package.nix @@ -1,7 +1,7 @@ { buildGoModule, versionCheckHook }: buildGoModule (finalAttrs: { pname = "sysdig-mcp-server"; - version = "0.5.3"; + version = "0.5.4"; src = ./.; # This hash is automatically re-calculated with `just rehash-package-nix`. This is automatically called as well by `just bump`. vendorHash = "sha256-jf/px0p88XbfuSPMry/qZcfR0QPTF9IrPegg2CwAd6M="; From d0f553d766c0badc584fd341f55cbd8cae9cb06f Mon Sep 17 00:00:00 2001 From: Fede Barcelona Date: Thu, 4 Dec 2025 13:12:48 +0100 Subject: [PATCH 2/2] fix(build): update base image to fix vulns --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ee65ac1..f20ceaa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ RUN nix build .#default # Final image # quay.io/sysdig/sysdig-mini-ubi9:1 -FROM quay.io/sysdig/sysdig-mini-ubi9@sha256:dcef7a07dc6a8655cbee5e2f3ad7822dea5a0cf4929b1b9effa39e56ce928ca0 +FROM quay.io/sysdig/sysdig-mini-ubi9@sha256:fa959bec7353ce38ed2d35190d5ec4445b3c525f1d4ad00e26afca387360a253 # Copy the binary from the builder stage COPY --from=builder /app/result/bin/sysdig-mcp-server /usr/local/bin/sysdig-mcp-server