Remove MCP server changes, keep CLI-only scope

Revert MCP command to original, remove fastmcp/httpx deps,
remove async_auth_client. MCP server enhancement will be a
separate PR.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: MaorDavidzon

cycode/cli/apps/api/async_auth_client.py

@@ -2,10 +2,9 @@
 
 import json
 import os
-import re
 import time
 from pathlib import Path
-from typing import Any, Optional
+from typing import Optional
 
 import requests
 
@@ -22,13 +21,6 @@
 
 _OPENAPI_SPEC_PATH = '/v4/api-docs/cycode-api-swagger.json'
 
-# MCP has a 60-character limit for combined server name + tool name
-_MCP_SERVER_NAME = 'cycode'
-_MAX_TOOL_NAME_LENGTH = 60 - len(_MCP_SERVER_NAME) - 1  # -1 for the colon separator
-
-# Pattern to match parenthetical deprecation notices
-_DEPRECATION_PATTERN = re.compile(r'\s*\([^)]*(?:please use|deprecated|use the new)[^)]*\)', re.IGNORECASE)
-
 
 def get_openapi_spec(client_id: Optional[str] = None, client_secret: Optional[str] = None) -> dict:
     """Get the OpenAPI spec, using cache if fresh, otherwise fetching from API.
@@ -146,95 +138,6 @@ def _cache_spec(spec: dict) -> None:
         logger.warning('Failed to cache OpenAPI spec: %s', e)
 
 
-def filter_openapi_get_only(spec: dict) -> dict:
-    """Filter OpenAPI spec to include only GET operations (read-only mode)."""
-    filtered = spec.copy()
-    if 'paths' in filtered:
-        filtered['paths'] = {
-            path: {'get': methods['get']} for path, methods in filtered['paths'].items() if 'get' in methods
-        }
-    return filtered
-
-
-def _path_to_snake_case(path: str, method: str) -> str:
-    """Convert an API path to a snake_case operation ID.
-
-    GET /v4/projects -> list_projects
-    GET /v4/projects/{projectId} -> get_project
-    GET /v4/scans/statistics/cli/scan-count -> get_cli_scan_count
-    """
-    # Strip /v4/ prefix
-    clean = re.sub(r'^/v\d+/', '', path)
-
-    # Remove path parameter placeholders
-    has_path_param = '{' in clean
-    clean = re.sub(r'/\{[^}]+\}', '', clean)
-
-    # Convert to snake_case: hyphens, slashes, dots -> underscores
-    clean = re.sub(r'[^a-zA-Z0-9]+', '_', clean).strip('_')
-
-    # Convert camelCase segments to snake_case
-    clean = re.sub(r'([a-z])([A-Z])', r'\1_\2', clean).lower()
-
-    # Collapse multiple underscores
-    clean = re.sub(r'_+', '_', clean)
-
-    # Choose prefix based on whether this is a collection or single resource
-    prefix = ('get' if has_path_param else 'list') if method == 'get' else method
-
-    name = f'cycode_{prefix}_{clean}'
-
-    # Truncate to fit MCP limit
-    if len(name) > _MAX_TOOL_NAME_LENGTH:
-        name = name[:_MAX_TOOL_NAME_LENGTH].rstrip('_')
-
-    return name
-
-
-def normalize_tool_names(spec: dict) -> dict:
-    """Generate proper snake_case operationId values for MCP tool names.
-
-    Derives names from the URL path and HTTP method, following MCP conventions:
-    - list_* for collection endpoints (GET without path params)
-    - get_* for single resource endpoints (GET with path params)
-    """
-    if 'paths' not in spec:
-        return spec
-
-    original_paths = spec['paths']
-    spec = spec.copy()
-    spec['paths'] = {}
-    used_names: dict[str, int] = {}
-
-    for path, methods in original_paths.items():
-        spec['paths'][path] = {}
-        for method, details in methods.items():
-            details = details.copy()
-            name = _path_to_snake_case(path, method)
-
-            # Handle duplicates with _v2, _v3, etc.
-            if name in used_names:
-                used_names[name] += 1
-                name = f'{name}_v{used_names[name]}'
-            else:
-                used_names[name] = 1
-
-            details['operationId'] = name
-            spec['paths'][path][method] = details
-
-    return spec
-
-
-def disable_output_validation(route: Any, component: Any) -> None:
-    """Disable output schema validation for MCP tools.
-
-    The Cycode API returns additional fields not defined in the OpenAPI spec,
-    causing MCP output validation to fail.
-    """
-    if hasattr(component, 'output_schema'):
-        component.output_schema = None
-
-
 def parse_spec_commands(spec: dict) -> dict[str, list[dict]]:
     """Parse OpenAPI spec into resource groups with their endpoints.
 

cycode/cli/apps/api/openapi_spec.py

@@ -16,8 +16,8 @@
 from cycode.logger import LoggersManager, get_logger
 
 try:
-    from fastmcp import FastMCP
-    from fastmcp.tools import Tool
+    from mcp.server.fastmcp import FastMCP
+    from mcp.server.fastmcp.tools import Tool
 except ImportError:
     raise ImportError(
         'Cycode MCP is not supported for your Python version. MCP support requires Python 3.10 or higher.'
@@ -404,74 +404,30 @@ async def cycode_status() -> str:
         return json.dumps({'error': f'Status check failed: {e!s}'}, indent=2)
 
 
-_SCAN_TOOLS = [cycode_status, cycode_secret_scan, cycode_sca_scan, cycode_iac_scan, cycode_sast_scan]
-
-
-def _create_scan_only_mcp_server(host: str, port: int) -> FastMCP:
-    """Create MCP server with scan tools only (fallback when API spec unavailable)."""
-    tools = [Tool.from_function(fn) for fn in _SCAN_TOOLS]
-    _logger.info('Creating MCP server with scan tools only: %s', [t.name for t in tools])
+def _create_mcp_server(host: str, port: int) -> FastMCP:
+    """Create and configure the MCP server."""
+    tools = [
+        Tool.from_function(cycode_status),
+        Tool.from_function(cycode_secret_scan),
+        Tool.from_function(cycode_sca_scan),
+        Tool.from_function(cycode_iac_scan),
+        Tool.from_function(cycode_sast_scan),
+    ]
+    _logger.info('Creating MCP server with tools: %s', [tool.name for tool in tools])
     return FastMCP(
         'cycode',
         tools=tools,
+        host=host,
+        port=port,
+        debug=_is_debug_mode(),
+        log_level='DEBUG' if _is_debug_mode() else 'INFO',
     )
 
 
-async def _create_mcp_server_with_api(host: str, port: int) -> FastMCP:
-    """Create MCP server with both API v4 tools and scan tools."""
-    from cycode.cli.apps.api.async_auth_client import AsyncTokenManager, CycodeAsyncAuthClient
-    from cycode.cli.apps.api.openapi_spec import (
-        disable_output_validation,
-        filter_openapi_get_only,
-        get_openapi_spec,
-        normalize_tool_names,
-    )
-
-    # Load and filter OpenAPI spec
-    spec = get_openapi_spec()
-    spec = filter_openapi_get_only(spec)
-    spec = normalize_tool_names(spec)
-
-    # Create async auth client
-    token_manager = AsyncTokenManager()
-    client = CycodeAsyncAuthClient(token_manager)
-
-    # Count endpoints for logging
-    endpoint_count = sum(len(methods) for methods in spec.get('paths', {}).values())
-    _logger.info('Creating MCP server with %d API endpoints + scan tools', endpoint_count)
-
-    # Create server from OpenAPI (API v4 tools - experimental)
-    server = FastMCP.from_openapi(
-        openapi_spec=spec,
-        client=client,
-        name='cycode',
-        mcp_component_fn=disable_output_validation,
-        instructions='Cycode API v4 tools are experimental and may change.',
-    )
-
-    # Add scan tools on top
-    for fn in _SCAN_TOOLS:
-        server.add_tool(Tool.from_function(fn))
-
-    return server
-
-
 def _run_mcp_server(transport: McpTransportOption, host: str, port: int) -> None:
     """Run the MCP server using transport."""
-    try:
-        # Try to create server with API v4 tools
-        server = asyncio.run(_create_mcp_server_with_api(host, port))
-        _logger.info('MCP server created with API v4 tools and scan tools')
-    except Exception as e:
-        # Fall back to scan-only server if API spec is unavailable
-        _logger.warning('Could not load API v4 tools, falling back to scan-only: %s', e)
-        server = _create_scan_only_mcp_server(host, port)
-
-    run_kwargs = {'transport': str(transport)}
-    if str(transport) != 'stdio':
-        run_kwargs['host'] = host
-        run_kwargs['port'] = port
-    server.run(**run_kwargs)  # type: ignore[arg-type]
+    mcp = _create_mcp_server(host, port)
+    mcp.run(transport=str(transport))  # type: ignore[arg-type]
 
 
 def mcp_command(
@@ -499,19 +455,13 @@ def mcp_command(
 ) -> None:
     """:robot: Start the Cycode MCP (Model Context Protocol) server.
 
-    The MCP server provides tools for:
-
-    **Scanning:**
+    The MCP server provides tools for scanning code with Cycode CLI:
     - cycode_secret_scan: Scan for hardcoded secrets
     - cycode_sca_scan: Software Composition Analysis scanning
     - cycode_iac_scan: Infrastructure as Code scanning
     - cycode_sast_scan: Static Application Security Testing scanning
     - cycode_status: Get Cycode CLI status (version, auth status) and configuration
 
-    **Cycode API v4** (when authenticated):
-    - 100+ read-only tools auto-generated from the Cycode API
-    - Projects, compliance, members, scans, workflows, and more
-
     Examples:
         cycode mcp # Start with default transport (stdio)
         cycode mcp -t sse -p 8080 # Start with Server-Sent Events (SSE) transport on port 8080