{"_id":"@sysdig/secure-mcp-server","_rev":"4-3d597accede44862e50c0d73e43b55a2","name":"@sysdig/secure-mcp-server","dist-tags":{"latest":"0.0.6"},"versions":{"0.0.3":{"name":"@sysdig/secure-mcp-server","version":"0.0.3","_id":"@sysdig/secure-mcp-server@0.0.3","maintainers":[{"name":"madchicken","email":"pfollia@gmail.com"},{"name":"admangum","email":"adammangum@yahoo.com"},{"name":"opsadmin-sysdig","email":"opsadmin+npmjs@sysdig.com"}],"homepage":"https://github.com/draios/secure-mcp-server#readme","bugs":{"url":"https://github.com/draios/secure-mcp-server/issues"},"bin":{"sysdig-secure-mcp":"dist/index.js"},"dist":{"shasum":"ad0d5b0d3e04b960c01197f80849c138d72eef17","tarball":"https://registry.npmjs.org/@sysdig/secure-mcp-server/-/secure-mcp-server-0.0.3.tgz","fileCount":62,"integrity":"sha512-/bDduB59uYQvNKWmGvIwJH78UKqUMczo6hv+FafWgXHuLyIfVtMYvbu1T1b17bXyoGYJifLc2fApdHDuV38FIA==","signatures":[{"sig":"MEYCIQCjxxHgjU7jK7Org+HHxJ8VpAtKAQisaJjo1Vjjk0q7NQIhAO3FGWkCl1jCFDRflbrst1XHPTnTv949VGPPVzebwg/3","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":257518},"main":"dist/index.js","type":"module","types":"./dist/index.d.ts","engines":{"node":">=18.0.0"},"gitHead":"f426c22ead4435226050f5a3f04f918704c3c2d9","scripts":{"dev":"tsc --watch","build":"tsc","start":"node dist/index.js","prepare":"npm run build"},"_npmUser":{"name":"madchicken","email":"pfollia@gmail.com"},"repository":{"url":"git+https://github.com/draios/secure-mcp-server.git","type":"git"},"_npmVersion":"11.11.0","description":"Sysdig MCP server wrapping Sysdig Secure REST API endpoints","directories":{},"_nodeVersion":"25.8.1","dependencies":{"zod":"^3.24.2","express":"^5.2.1","@types/express":"^5.0.6","@modelcontextprotocol/sdk":"^1.27.1"},"publishConfig":{"access":"public","registry":"https://registry.npmjs.org"},"_hasShrinkwrap":false,"devDependencies":{"typescript":"^5.7.3","@types/node":"^22.13.4"},"_npmOperationalInternal":{"tmp":"tmp/secure-mcp-server_0.0.3_1777993538386_0.7109780942320318","host":"s3://npm-registry-packages-npm-production"}},"0.0.4":{"name":"@sysdig/secure-mcp-server","version":"0.0.4","_id":"@sysdig/secure-mcp-server@0.0.4","maintainers":[{"name":"madchicken","email":"pfollia@gmail.com"},{"name":"admangum","email":"adammangum@yahoo.com"},{"name":"opsadmin-sysdig","email":"opsadmin+npmjs@sysdig.com"}],"homepage":"https://github.com/draios/secure-mcp-server#readme","bugs":{"url":"https://github.com/draios/secure-mcp-server/issues"},"bin":{"sysdig-secure-mcp":"dist/index.js"},"dist":{"shasum":"59b8e61e45dfb15acf280799a28ccf372ea32152","tarball":"https://registry.npmjs.org/@sysdig/secure-mcp-server/-/secure-mcp-server-0.0.4.tgz","fileCount":58,"integrity":"sha512-zH6gTAuSyw+c2oPZpr2r2aU6omZ5nR3tQGc112dTdosGCsZYEpyC1nbH80V8kyhNdrwjZh+5E0CbkYZXuTB4lA==","signatures":[{"sig":"MEUCIQD3HTaqJ/gm82eeYDXUWQ9rPI5TZdQXQ0A/QDNcXB9qLgIgE2Odpoa1GhEJeVbfP5sPmOQ8yyWz9PnmMNBHHtiGUbA=","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":240412},"main":"dist/index.js","type":"module","types":"./dist/index.d.ts","engines":{"node":">=18.0.0"},"gitHead":"7dcd44d2ca2d52439b24e25782696d47e2ae626f","scripts":{"dev":"tsc --watch","build":"tsc","start":"node dist/index.js","prepare":"npm run build"},"_npmUser":{"name":"GitHub Actions","email":"npm-oidc-no-reply@github.com","trustedPublisher":{"id":"github","oidcConfigId":"oidc:95453af7-2b66-43cc-80c9-6b03b1fe3823"}},"repository":{"url":"git+https://github.com/draios/secure-mcp-server.git","type":"git"},"_npmVersion":"11.13.0","description":"Sysdig MCP server wrapping Sysdig Secure REST API endpoints","directories":{},"_nodeVersion":"24.14.1","dependencies":{"zod":"^3.24.2","express":"^5.2.1","@types/express":"^5.0.6","@modelcontextprotocol/sdk":"^1.27.1"},"publishConfig":{"access":"public","registry":"https://registry.npmjs.org"},"_hasShrinkwrap":false,"devDependencies":{"typescript":"^5.7.3","@types/node":"^22.13.4"},"_npmOperationalInternal":{"tmp":"tmp/secure-mcp-server_0.0.4_1778072552495_0.8441043860974462","host":"s3://npm-registry-packages-npm-production"}},"0.0.5":{"name":"@sysdig/secure-mcp-server","version":"0.0.5","_id":"@sysdig/secure-mcp-server@0.0.5","maintainers":[{"name":"madchicken","email":"pfollia@gmail.com"},{"name":"admangum","email":"adammangum@yahoo.com"},{"name":"opsadmin-sysdig","email":"opsadmin+npmjs@sysdig.com"}],"homepage":"https://github.com/draios/secure-mcp-server#readme","bugs":{"url":"https://github.com/draios/secure-mcp-server/issues"},"bin":{"sysdig-secure-mcp":"dist/index.js"},"dist":{"shasum":"d46734d591f08018d219d390b1ba83f3924669cd","tarball":"https://registry.npmjs.org/@sysdig/secure-mcp-server/-/secure-mcp-server-0.0.5.tgz","fileCount":58,"integrity":"sha512-Z1qK1rZgr9QRbPOOCfvooZsjCYHwlO1tPc2PIwcCXpqPJE/KfwUfYwgicwMdu8hrP+kGQMyRDNypht+2sSc+5w==","signatures":[{"sig":"MEQCID3TDrlxED/BbN3vLVjChlj7S1P5VnxGTAtV8yWk+AAuAiBzhLbmftX7Emt9JHUJE6Zv3KSylN1SzDqmAqBO6ZFilQ==","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":242402},"main":"dist/index.js","type":"module","types":"./dist/index.d.ts","engines":{"node":">=18.0.0"},"gitHead":"08588cc28723cd2cdebcd2a4951584a1a55e4af0","scripts":{"dev":"tsc --watch","build":"tsc","start":"node dist/index.js","prepare":"npm run build"},"_npmUser":{"name":"GitHub Actions","email":"npm-oidc-no-reply@github.com","trustedPublisher":{"id":"github","oidcConfigId":"oidc:95453af7-2b66-43cc-80c9-6b03b1fe3823"}},"repository":{"url":"git+https://github.com/draios/secure-mcp-server.git","type":"git"},"_npmVersion":"11.13.0","description":"Sysdig MCP server wrapping Sysdig Secure REST API endpoints","directories":{},"_nodeVersion":"24.14.1","dependencies":{"zod":"^3.24.2","express":"^5.2.1","@types/express":"^5.0.6","@modelcontextprotocol/sdk":"^1.27.1"},"publishConfig":{"access":"public","registry":"https://registry.npmjs.org"},"_hasShrinkwrap":false,"devDependencies":{"typescript":"^5.7.3","@types/node":"^22.13.4"},"_npmOperationalInternal":{"tmp":"tmp/secure-mcp-server_0.0.5_1778085469163_0.5746909320511975","host":"s3://npm-registry-packages-npm-production"}},"0.0.6":{"name":"@sysdig/secure-mcp-server","version":"0.0.6","description":"Sysdig MCP server wrapping Sysdig Secure REST API endpoints","type":"module","main":"dist/index.js","bin":{"sysdig-secure-mcp":"dist/index.js"},"repository":{"type":"git","url":"git+https://github.com/draios/secure-mcp-server.git"},"homepage":"https://github.com/draios/secure-mcp-server#readme","bugs":{"url":"https://github.com/draios/secure-mcp-server/issues"},"publishConfig":{"access":"public","registry":"https://registry.npmjs.org"},"scripts":{"build":"tsc","prepare":"npm run build","start":"node dist/index.js","dev":"tsc --watch"},"dependencies":{"@modelcontextprotocol/sdk":"^1.27.1","@types/express":"^5.0.6","express":"^5.2.1","prom-client":"^15.1.3","zod":"^3.24.2"},"devDependencies":{"@types/node":"^22.13.4","typescript":"^5.7.3"},"engines":{"node":">=18.0.0"},"gitHead":"703b647524b0e301ea4bd37b9535a48ebaea8ca9","types":"./dist/index.d.ts","_id":"@sysdig/secure-mcp-server@0.0.6","_nodeVersion":"24.14.1","_npmVersion":"11.14.0","dist":{"integrity":"sha512-wEfHpxK9SXAgfAb9zQovjDV0Pm9/Eamth11RGz0RYxbS9Zff6dX3MQwR2QWmoKip5DVV/EdkAEQlbNk59kkHSg==","shasum":"486b6fddaf323f09d2276ca0e9f7b9d7bbf6eb0c","tarball":"https://registry.npmjs.org/@sysdig/secure-mcp-server/-/secure-mcp-server-0.0.6.tgz","fileCount":62,"unpackedSize":256950,"signatures":[{"keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U","sig":"MEUCIQC6ysRFqZVSfFk20Whn8QmxWNsKFUw6k+/w19tM9NpigwIgRaaB3vuClwCX497QDyNfzItA2eNsAOW1t3045QXCZx4="}]},"_npmUser":{"name":"GitHub Actions","email":"npm-oidc-no-reply@github.com","trustedPublisher":{"id":"github","oidcConfigId":"oidc:95453af7-2b66-43cc-80c9-6b03b1fe3823"}},"directories":{},"maintainers":[{"name":"madchicken","email":"pfollia@gmail.com"},{"name":"admangum","email":"adammangum@yahoo.com"},{"name":"opsadmin-sysdig","email":"opsadmin+npmjs@sysdig.com"}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages-npm-production","tmp":"tmp/secure-mcp-server_0.0.6_1778164852456_0.06588902946593045"},"_hasShrinkwrap":false}},"time":{"created":"2026-05-05T15:05:38.289Z","modified":"2026-05-07T14:40:52.825Z","0.0.3":"2026-05-05T15:05:38.645Z","0.0.4":"2026-05-06T13:02:32.654Z","0.0.5":"2026-05-06T16:37:49.335Z","0.0.6":"2026-05-07T14:40:52.663Z"},"bugs":{"url":"https://github.com/draios/secure-mcp-server/issues"},"homepage":"https://github.com/draios/secure-mcp-server#readme","repository":{"type":"git","url":"git+https://github.com/draios/secure-mcp-server.git"},"description":"Sysdig MCP server wrapping Sysdig Secure REST API endpoints","maintainers":[{"name":"madchicken","email":"pfollia@gmail.com"},{"name":"admangum","email":"adammangum@yahoo.com"},{"name":"opsadmin-sysdig","email":"opsadmin+npmjs@sysdig.com"}],"readme":"# Sysdig MCP Server for Secure Product\n\nA [Model Context Protocol](https://modelcontextprotocol.io/) server that exposes Sysdig Secure API capabilities as agent-callable tools. Used by the [Bloom](https://github.com/draios/bloom) skill plugins.\n\n## Tools\n\n### Customer & User\n\n| Tool | Endpoint | Description |\n|------|----------|-------------|\n| `get_customer_settings` | `GET /ui/customerSettings` | Fetch all Secure settings for the current customer (which product features are enabled) |\n| `get_current_user` | `GET /api/users/me` | Fetch the user profile of the currently authenticated principal |\n| `get_user_permissions` | `GET /api/users/me/permissions` | Fetch the permissions granted to the current principal in their active team (with customer/user/team IDs) |\n\n### Threats Engine\n\n| Tool | Endpoint | Description |\n|------|----------|-------------|\n| `list_threats_engine_groups` | `GET /api/v1/threatsEngine/groups` | List threat groups with filters (time, status, type, zones, query expression) |\n| `get_threats_engine_group` | `GET /api/v1/threatsEngine/groups/{groupId}` | Get a single threat group by ID |\n| `get_threats_engine_threat` | `GET /api/v1/threatsEngine/threats/{threatId}` | Get a single threat occurrence by ID |\n| `list_threats_engine_threats_by_group` | `GET /api/v1/threatsEngine/groups/{groupId}/threats` | List the threat occurrences inside a group |\n| `list_threats_engine_rules_by_group` | `GET /api/v1/threatsEngine/groups/{groupId}/rules` | List the detection rules that triggered within a group |\n| `list_threats_engine_resources_by_group` | `GET /api/v1/threatsEngine/groups/{groupId}/resources` | List the infrastructure resources involved in a group |\n\n### Runtime Security Events\n\n| Tool | Endpoint | Description |\n|------|----------|-------------|\n| `list_runtime_events` | `GET /secure/events/v1/events` | List runtime security events (Falco + ML detections) from the last N hours |\n| `get_event_info` | `GET /secure/events/v1/events/{event_id}` | Retrieve full details for a specific security event by ID |\n| `get_event_process_tree` | `GET /api/process-tree/v1/process-branches/{event_id}` + `GET /api/process-tree/v1/process-trees/{event_id}` | Retrieve the process tree (branches + full tree) for a security event |\n\n### Threat Intelligence\n\n| Tool | Endpoint | Description |\n|------|----------|-------------|\n| `fetch_threat_intelligence_feed` | `GET /api/secure/threat-center/v1/articles` | Fetch the daily Sysdig threat intelligence feed (CVEs, zero-days, active attacks) |\n\n### Vulnerability Scan Results\n\n| Tool | Endpoint | Description |\n|------|----------|-------------|\n| `list_runtime_scan_results` | `GET /secure/vulnerability/v1/runtime-results` | List vulnerability scan results for runtime workloads |\n| `get_scan_result` | `GET /secure/vulnerability/v1/results/{resultId}` | Retrieve the full vulnerability scan report for a given `resultId` |\n\n### Vulnerability Findings\n\n| Tool | Endpoint | Description |\n|------|----------|-------------|\n| `list_vulnerability_findings` | `GET /api/secure/analytics/v1/data/vulnerabilities/findings` | List vulnerability findings, optionally filtered by zone and severity |\n| `list_vulnerability_findings_by_image` | `GET /api/secure/analytics/v1/data/vulnerabilities/findings/by-image` | List vulnerability findings for a specific container image |\n| `list_vulnerability_findings_by_resource` | `GET /api/secure/analytics/v1/data/vulnerabilities/findings/by-resource` | List vulnerability findings affecting a specific resource (host, workload, …) |\n\n### Posture\n\n| Tool | Endpoint | Description |\n|------|----------|-------------|\n| `list_posture_resource_kinds` | `GET /api/cspm/v1/policy/controls/resource-template/kinds` | List the resource kinds supported by Posture custom controls |\n| `get_posture_resource_template` | `GET /api/cspm/v1/policy/controls/resource-template/view/{resource_kind}` | Fetch the sample `input` fixture for a resource kind |\n| `test_posture_rego` | `POST /api/cspm/v1/policy/controls/test-rego` | Compile and evaluate a Rego rule against the sample fixture |\n| `list_posture_controls` | `GET /api/cspm/v1/policy/controls/search` | List Posture controls (custom by default; built-in via `is_custom: false`) |\n| `list_posture_policies` | `GET /api/cspm/v1/policy/policies/list` | List Posture policies (custom by default; built-in via `is_custom: false`) |\n\n### CloudAuth\n\n| Tool | Endpoint | Description |\n|------|----------|-------------|\n| `list_cloud_accounts` | `GET /api/cloudauth/v1/accounts` | List onboarded cloud accounts (AWS / Azure / GCP / Okta / GitHub / IBM Cloud / Oracle Cloud), with provider/organization/feature filters |\n| `get_cloud_account` | `GET /api/cloudauth/v1/accounts/{accountId}` | Get a single cloud account by UUID (optionally with decrypted credentials) |\n| `get_cloud_account_feature` | `GET /api/cloudauth/v1/accounts/{accountId}/feature/{featureType}` | Get the configuration of a specific feature on an account |\n| `validate_cloud_account` | `POST /api/cloudauth/v1/accounts/{accountId}/validate` | Trigger a fresh validation of the account (bypasses cache) and persist the result |\n\n### Remediation Jobs\n\n| Tool | Endpoint | Description |\n|------|----------|-------------|\n| `list_remediation_jobs` | `GET /api/next/cp/jobs` | List existing remediation jobs |\n| `get_remediation_job` | `GET /api/next/cp/jobs/{job_id}` | Retrieve a single remediation job by ID |\n| `update_remediation_job` | `PUT /api/next/cp/jobs/{job_id}` | Update a remediation job (status, assignee, notes) |\n| `list_candidate_remediation_jobs` | `GET /api/next/cp/candidate_jobs` | List candidate jobs that could be added to a remediation plan |\n\n### Remediation Plans\n\n| Tool | Endpoint | Description |\n|------|----------|-------------|\n| `list_plans` | `GET /api/next/cp/plans` | List remediation plans |\n| `get_plan` | `GET /api/next/cp/plans/{plan_id}` | Retrieve a single remediation plan by ID |\n| `create_plan` | `POST /api/next/cp/plans` | Create a new remediation plan |\n| `update_plan` | `PUT /api/next/cp/plans/{plan_id}` | Update an existing remediation plan |\n| `delete_plan` | `DELETE /api/next/cp/plans/{plan_id}` | Delete a remediation plan |\n| `duplicate_plan` | `POST /api/next/cp/plans/{plan_id}/duplicate` | Duplicate an existing remediation plan |\n| `list_plan_remediation_jobs` | `GET /api/next/cp/plans/{plan_id}/jobs` | List the remediation jobs attached to a plan |\n| `get_plan_target_measure` | `GET /api/next/cp/plans/{plan_id}/target_measure` | Get the target-measure time series for a plan |\n| `batch_plan_target_measures` | `POST /api/next/cp/plans/target_measures` | Batch-fetch target measures across multiple plans |\n| `list_scope_labels` | `GET /api/next/cp/scope/labels` | List the scope label keys available for plan targeting |\n\n### Zones\n\n| Tool | Endpoint | Description |\n|------|----------|-------------|\n| `list_zones` | `GET /api/v2/zones` | List the zones configured for the current customer |\n\n### SysQL\n\n| Tool | Endpoint | Description |\n|------|----------|-------------|\n| `run_sysql` | `GET /api/sysql/v2/query` | Execute a SysQL query against the Sysdig API |\n| `generate_sysql` | `GET /api/sage/sysql/generate` | Translate a natural-language question into a SysQL query |\n\n### Bloom Skill State\n\n| Tool | Endpoint | Description |\n|------|----------|-------------|\n| `get_skill_state` | `GET /api/bloom/{skill_state}` | Read the persisted state of a Bloom skill |\n| `save_skill_state` | `POST /api/bloom/{skill_state}` | Persist the state of a Bloom skill |\n| `delete_skill_state` | `DELETE /api/bloom/{skill_state}` | Delete the persisted state of a Bloom skill |\n\n## Transports\n\nThe server supports two transport modes, selected via `SYSDIG_MCP_TRANSPORT`:\n\n| Mode | Value | How credentials are passed |\n|------|-------|---------------------------|\n| **stdio** (default) | `stdio` | `SYSDIG_SECURE_API_TOKEN` and `SYSDIG_SECURE_URL` env vars (or the MCP-specific overrides — see [Environment Variables](#environment-variables)) |\n| **HTTP** | `http` | `Authorization: Bearer ` and `X-Sysdig-Host: ` request headers |\n\nIn HTTP mode the server listens on port `8808` by default (override with `SYSDIG_MCP_PORT`).\n\n## Running\n\n### Via npx (no clone needed)\n\nThe easiest way to use the server locally — npx downloads and builds it on first run:\n\n```bash\nSYSDIG_SECURE_API_TOKEN= \\\nSYSDIG_SECURE_URL=https://us2.app.sysdig.com \\\nnpx -y @sysdig/secure-mcp-server\n```\n\n### From source\n\n```bash\nnpm install\nnpm run build\n```\n\n**stdio:**\n```bash\nSYSDIG_SECURE_API_TOKEN= \\\nSYSDIG_SECURE_URL=https://us2.app.sysdig.com \\\nnode dist/index.js\n```\n\n**HTTP:**\n```bash\nSYSDIG_MCP_TRANSPORT=http SYSDIG_MCP_PORT=8808 node dist/index.js\n```\n\nHealth check: `GET /health` · MCP endpoint: `POST /mcp`\n\n## Claude Code Configuration\n\n### One-liner via `claude mcp add` (stdio)\n\n```bash\nclaude mcp add sysdig-extended \\\n --transport stdio \\\n --env SYSDIG_SECURE_API_TOKEN= \\\n --env SYSDIG_SECURE_URL=https://us2.app.sysdig.com \\\n -- npx -y @sysdig/secure-mcp-server\n```\n\nPin a tag/branch with `@sysdig/secure-mcp-server#`.\n\n### stdio via npx (manual `.mcp.json`)\n\n```json\n{\n \"mcpServers\": {\n \"sysdig-extended\": {\n \"command\": \"npx\",\n \"args\": [\"@sysdig/secure-mcp-server\"],\n \"env\": {\n \"SYSDIG_SECURE_API_TOKEN\": \"${SYSDIG_SECURE_API_TOKEN}\",\n \"SYSDIG_SECURE_URL\": \"${SYSDIG_SECURE_URL}\"\n }\n }\n }\n}\n```\n\n### stdio from local clone\n\n```json\n{\n \"mcpServers\": {\n \"sysdig-extended\": {\n \"command\": \"node\",\n \"args\": [\"/path/to/secure-mcp-server/dist/index.js\"],\n \"env\": {\n \"SYSDIG_SECURE_API_TOKEN\": \"${SYSDIG_SECURE_API_TOKEN}\",\n \"SYSDIG_SECURE_URL\": \"${SYSDIG_SECURE_URL}\"\n }\n }\n }\n}\n```\n\n### HTTP (hosted instance)\n\n```json\n{\n \"mcpServers\": {\n \"sysdig-extended\": {\n \"type\": \"http\",\n \"url\": \"http://:8808/mcp\",\n \"headers\": {\n \"Authorization\": \"Bearer ${SYSDIG_SECURE_API_TOKEN}\",\n \"X-Sysdig-Host\": \"${SYSDIG_SECURE_URL}\"\n }\n }\n }\n}\n```\n\n---\n\n## Environment Variables\n\n| Variable | Required | Default | Description |\n|----------|----------|---------|-------------|\n| `SYSDIG_SECURE_API_TOKEN` | Yes (stdio)¹ | — | Sysdig API token (standard generic name, shared with the Sysdig CLI / Terraform provider) |\n| `SYSDIG_SECURE_URL` | No | `https://app.sysdigcloud.com` | Sysdig instance URL (standard generic name) |\n| `SYSDIG_MCP_API_TOKEN` | No | — | MCP-specific override for the API token. Wins over `SYSDIG_SECURE_API_TOKEN` when both are set |\n| `SYSDIG_MCP_API_HOST` | No | — | MCP-specific override for the instance URL. Wins over `SYSDIG_SECURE_URL` when both are set |\n| `SYSDIG_MCP_TRANSPORT` | No | `stdio` | Transport mode: `stdio` or `http` |\n| `SYSDIG_MCP_PORT` | No | `8808` | HTTP listen port (HTTP mode only) |\n| `SYSDIG_MCP_BASE_PATH` | No | — | Base path prefix when mounting the HTTP server behind a reverse proxy |\n| `SYSDIG_AUTH_SERVER` | No | `http://localhost:9000` | OAuth2 authorization server URL (HTTP mode only) |\n\n¹ Either `SYSDIG_SECURE_API_TOKEN` or `SYSDIG_MCP_API_TOKEN` must be set in stdio mode. The same applies to the host: either `SYSDIG_SECURE_URL` or `SYSDIG_MCP_API_HOST`.\n","readmeFilename":"README.md"}