An MCP (Model Context Protocol) server that provides AI agents and developers with structured access to the BLT (Bug Logging Tool) ecosystem. This server enables seamless integration with IDEs and chat interfaces to log bugs, triage issues, query data, and manage security workflows.

BLT-MCP implements the MCP standard, giving AI agents structured access to BLT through three powerful layers:

Access BLT data through standardized URIs:

• blt://issues - All issues in the system
• blt://issues/{id} - Specific issue details
• blt://repos - Tracked repositories
• blt://repos/{id} - Specific repository details
• blt://contributors - All contributors
• blt://contributors/{id} - Specific contributor details
• blt://workflows - All workflows
• blt://workflows/{id} - Specific workflow details
• blt://leaderboards - Leaderboard rankings and statistics
• blt://rewards - Rewards and bacon points

Perform actions on BLT:

• submit_issue - Report new bugs and vulnerabilities
• award_bacon - Award bacon points to contributors (gamification)
• update_issue_status - Change issue status (open, in_progress, resolved, closed, wont_fix)
• add_comment - Add comments to issues

AI-guided workflows for common security tasks:

• triage_vulnerability - Guide AI through vulnerability triage and severity assessment
• plan_remediation - Create comprehensive remediation plans for security issues
• review_contribution - Evaluate contributions with quality assessment and bacon point recommendations

• ✅ JSON-RPC 2.0 - Standard protocol for reliable communication
• ✅ OAuth/API Key Authentication - Secure access to BLT endpoints
• ✅ Unified Interface - Single agent-friendly interface to all BLT functionality
• ✅ Autonomous Workflows - Enable AI agents to work independently
• ✅ Gamification Support - Built-in support for BLT's bacon point system
• ✅ Security-First - Designed for vulnerability management and security workflows

• Node.js 18 or higher
• npm or yarn

npm install

npm run build

Create a .env file based on .env.example:

cp .env.example .env

Configure the following variables:

BLT_API_BASE=https://blt.owasp.org/api
BLT_API_KEY=your_api_key_here

To use this server with an MCP client (like Claude Desktop or Cline), add it to your MCP settings:

{
  "mcpServers": {
    "blt": {
      "command": "node",
      "args": ["/absolute/path/to/blt-mcp/dist/index.js"],
      "env": {
        "BLT_API_BASE": "https://blt.owasp.org/api",
        "BLT_API_KEY": "your_api_key_here"
      }
    }
  }
}

The server runs using stdio transport for MCP communication:

node dist/index.js

Once configured in your MCP client, you can interact with BLT through natural language:

"Submit a new critical vulnerability in the authentication system of repo 123"

The AI agent will use the submit_issue tool to create the issue.

"Show me the leaderboard"

The AI agent will read from blt://leaderboards to display the rankings.

"Help me triage this XSS vulnerability in the login form"

The AI agent will use the triage_vulnerability prompt to guide the analysis.

URI: blt://issues
Returns: JSON array of all issues

URI: blt://issues/{id}
Returns: JSON object with issue details

URI: blt://leaderboards
Returns: JSON object with leaderboard data

Submit a new issue to BLT.

Parameters:

• title (string, required) - Issue title
• description (string, required) - Detailed description
• repo_id (string, optional) - Repository ID
• severity (string, optional) - One of: low, medium, high, critical
• type (string, optional) - One of: bug, vulnerability, feature, other

Example:

{
  "title": "XSS vulnerability in login form",
  "description": "The login form is vulnerable to reflected XSS...",
  "repo_id": "123",
  "severity": "high",
  "type": "vulnerability"
}

Award bacon points to a contributor.

Parameters:

• contributor_id (string, required) - Contributor ID
• points (number, required) - Points to award
• reason (string, required) - Reason for the award

Update the status of an issue.

Parameters:

• issue_id (string, required) - Issue ID
• status (string, required) - One of: open, in_progress, resolved, closed, wont_fix
• comment (string, optional) - Explanation for status change

Add a comment to an issue.

Parameters:

• issue_id (string, required) - Issue ID
• comment (string, required) - Comment text

Guides AI through vulnerability triage.

Arguments:

• vulnerability_description (required) - Description of the vulnerability
• affected_component (optional) - Affected component or system

Creates remediation plans for security issues.

Arguments:

• issue_id (required) - Issue ID to create plan for
• context (optional) - Additional context

Evaluates security contributions.

Arguments:

• contribution_id (required) - Contribution ID
• contribution_type (optional) - Type of contribution

For development, use watch mode to automatically rebuild on changes:

npm run watch

blt-mcp/
├── src/
│   └── index.ts          # Main server implementation
├── dist/                 # Compiled JavaScript (generated)
├── package.json          # Project dependencies
├── tsconfig.json         # TypeScript configuration
├── .env.example          # Example environment configuration
└── mcp-config.json       # Example MCP client configuration

• API Keys: Never commit API keys to version control. Use environment variables.
• Access Control: Ensure proper authentication is configured for production use.
• Rate Limiting: Be mindful of API rate limits when making requests.
• Input Validation: The server validates all inputs before sending to the BLT API.

Contributions are welcome! Please follow these guidelines:

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Submit a pull request

MIT License - see LICENSE file for details

For issues, questions, or contributions, please visit:

• GitHub: https://github.com/OWASP-BLT/BLT-MCP
• OWASP BLT: https://owasp.org/www-project-bug-logging-tool/

• Built on the Model Context Protocol
• Part of the OWASP BLT Project
• Powered by the security community