Getting started
Welcome to the Getting Started guide! This document will help you set up your environment and get familiar with the basics of our project.
AI Assistants are powerful tools that can significantly enhance your development workflow. This guide will walk you through the initial steps to integrate AI into your development process.
Prerequisites
I suppose you have the following prerequisites:
- A OS with a terminal (Linux, macOS, or Windows with WSL)
- A code editor (VSCode, IntelliJ based IDE: PHPStorm, PyCharm, etc., Xcode)
Best practices for Github Copilot
Read this section Best practices for Github Copilot to learn how to use GitHub Copilot effectively.
Best practices for Github Copilot
Customizing GitHub Copilot
Custom instructions allow you to provide specific guidelines to GitHub Copilot to tailor its responses to your coding practices and project requirements. Instead of repeatedly providing the same instructions, you can store them in files that are automatically included in each chat request.
There are three main ways to customize AI responses:
- Custom instructions: Define common guidelines for tasks like generating code, code reviews, or commit messages.
- Prompt files: Create reusable prompts for common tasks.
- Custom chat modes: Define how chat operates, which tools it can use, and how it interacts with the codebase.
Custom Instructions
You can define custom instructions in several ways:
.github/copilot-instructions.md: A single file in your workspace that contains general coding practices and project requirements. These instructions are automatically included in every chat request..instructions.mdfiles: Multiple files that can be stored in your workspace or user profile. You can use glob patterns to apply them to specific files or include them in all requests.- VS Code settings: Define instructions directly in your user or workspace settings for tasks like code generation, test generation, and commit messages.
Prompt Files
Prompt files are reusable prompts for common tasks, such as generating code or performing a code review. They are standalone prompts that you can run directly in chat.
Key features of prompt files include:
- Reusability: Define a prompt once and reuse it across your projects.
- Structure: Prompt files are Markdown files with a
.prompt.mdextension and can include a header with metadata (e.g.,mode,model,tools) and a body with the prompt content. - Variables: Use variables like
${workspaceFolder}and${selection}to make your prompts more dynamic.
For more details, visit the official GitHub Copilot Customization documentation.
Chat Modes
Chat modes in VS Code allow you to tailor the AI chat behavior for specific tasks. You can switch between different modes depending on your needs.
Built-in chat modes
VS Code comes with three built-in chat modes:
- Ask mode: Optimized for answering questions about your codebase and general technology concepts.
- Edit mode: Optimized for making code edits across multiple files.
- Agent mode: Optimized for making autonomous edits across multiple files, especially for complex tasks that may require running terminal commands and tools.
Agent Mode
Agent mode is particularly useful for complex tasks that require autonomous reasoning and planning. It can:
- Refactor parts of your codebase.
- Plan and implement new features.
- Migrate your codebase to a new framework.
- Generate implementation plans for complex tasks.
For more details, visit the official documentation on Chat Modes and Agent Mode.
Configuring MCP Servers
To set up MCP servers for GitHub Copilot, follow the guidelines provided in the Visual Studio Code documentation. The process involves:
- Server Setup: Ensure your MCP server is properly configured to handle requests from GitHub Copilot.
- Authentication: Implement secure authentication mechanisms to validate user access.
- Integration: Connect the MCP server with your development environment to enable seamless communication.
- Testing: Verify the server's functionality by running tests to ensure compatibility and performance.
For detailed instructions, visit the official documentation.
Best practices for Kilo Assistant
This document provides a summary of best practices for using Kilo Assistant, with links to the official documentation for more detailed information.
Using Modes
Modes in Kilo Code are specialized personas that tailor the assistant's behavior to your current task. Each mode offers different capabilities, expertise, and access levels to help you accomplish specific goals.
- Code Mode: For writing code, implementing features, debugging, and general development.
- Ask Mode: For code explanation, concept exploration, and technical learning.
- Architect Mode: For system design, high-level planning, and architecture discussions.
- Debug Mode: For tracking down bugs, diagnosing errors, and resolving complex issues.
- Orchestrator Mode: For breaking down complex projects into manageable subtasks.
For more details, see the Using Modes documentation.
Context Mentions
Context mentions are a powerful way to provide Kilo Code with specific information about your project. Use the @ symbol to refer to files, folders, problems, and Git commits.
- File:
@/path/to/file.ts - Folder:
@/path/to/folder/ - Problems:
@problems - Terminal:
@terminal - Git Commit:
@a1b2c3d - Git Changes:
@git-changes - URL:
@https://example.com
For more details, see the Context Mentions documentation.
Auto-Approving Actions
Auto-approve settings speed up your workflow by eliminating repetitive confirmation prompts, but they significantly increase security risks. Only enable auto-approval for actions you fully trust.
For more details, see the Auto-Approving Actions documentation.
How Tools Work
Kilo Code uses tools to interact with your code and environment. These specialized helpers perform specific actions like reading files, making edits, running commands, or searching your codebase.
For more details, see the How Tools Work documentation.
Enhance Prompt
The "Enhance Prompt" feature helps you improve the quality and effectiveness of your prompts before sending them to the AI model.
For more details, see the Enhance Prompt documentation.
Prompt Engineering
Prompt engineering is the art of crafting effective instructions for AI models. Well-written prompts lead to better results, fewer errors, and a more efficient workflow.
For more details, see the Prompt Engineering Tips documentation.
Custom Rules
Custom rules provide a powerful way to define project-specific and global behaviors and constraints for the Kilo Code AI agent.
For more details, see the Custom Rules documentation.
Custom Instructions
Custom Instructions allow you to personalize how Kilo Code behaves, providing specific guidance that shapes responses, coding style, and decision-making processes.
For more details, see the Custom Instructions documentation.
Memory Bank
Memory Bank is a system of structured documentation that enables Kilo Code to better understand your project and maintain context across coding sessions.
For more details, see the Memory Bank documentation.
Working with Large Projects
Large projects require some extra care to manage context effectively. Use specific file paths, break down tasks, and summarize large amounts of code.
For more details, see the Working with Large Projects documentation.
Model Temperature
Temperature controls the randomness of AI model outputs. Adjusting this setting optimizes results for different tasks.
For more details, see the Model Temperature documentation.
Best utils in MCP
In this section, we help you configure the most common MCP utilities so you can maximize their potential.
MCP servers allow AI to use tools to gather more contextual information or perform actions in the real world. These servers can be configured to interact with external APIs, execute commands, or even connect to databases.
There are two types of MCP servers: those that run on the client (on your computer) and therefore need to be installed, and those that run in the cloud and are accessible via a URL. The latter can use SSE or HTTPS protocols. It is important to know that if the server runs on the client, you need to install and configure it on your computer, whereas if it is a remote server, you need to configure the server's URL in your agent.
Client-installed MCP servers can interact with your computer, execute commands within it, or read parts of your system. They are useful for reading files, connecting to local databases, or systems accessed via a VPN from your computer.
Remote MCP servers are useful for interacting with external APIs, such as the Figma API or the YouTrack API, and do not require local installation.
Here we highlight three particularly useful tools as they allow you to implement multiple tools in a single MCP process:
-
Hyper-MCP: A fast MCP server built in Rust (uses very little memory) that allows adding WASM plugins to extend its functionality.
-
Especially useful enable Conect7 plugin to connect to the Context7 API, which allows you to use the Context7 platform as a tool in your AI agents. This service provides to the all versions of documentation of a big amount of libraries and frameworks, such as React, Angular, Node.js, etc. It is a very useful tool to have in your MCP server.
-
Other useful plugin is
serper, provides access to Google Search results. You can register free and get 2.5k requests.
-
-
MCP-Link: An MCP server that enables connecting any API with an OpenAPI specification to an MCP agent, turning it into an interface compatible with AI agents.
-
MyCommandMCP: A versatile MCP server written in Rust that allows executing system commands as MCP tools. It is highly configurable and can be adapted to a wide range of use cases.
This is a sample of mcp.json
{
"mcpServers": {
"@brave": {
"url": "http://mcplink.madeindigio.com/sse?s=https%3A%2F%2Fgithub.com%2Fautomation-ai-labs%2Fmcp-link%2Fraw%2Frefs%2Fheads%2Fmain%2Fexamples%2Fbrave.yaml&u=https%3A%2F%2Fapi.search.brave.com%2Fres%2Fv1&h=%7B%22X-Subscription-Token%22%3A%22BSAfPg0fhEKKX5sV-Tc2XCVD-qEfyI-%22%8J&f=%2B%2F**"
},
"@hyper-mcp": {
"command": "hyper-mcp",
"args": [
"--config-file",
"/home/sevir/.config/hyper-mcp/kilo.json"
]
},
"@mycommandmcp": {
"command": "mycommandmcp",
"args": [
"--config",
"/home/sevir/.config/mc-mcp/optimized.yaml",
"--log-file",
"/www/MCP/MyCommandMCP/mycommandmcp/mcp.log"
]
}
}
}
MCP Server Catalogs
If you use VSCode with Copilot or any other tool, there are MCP marketplaces that are usually installed locally. You download the project and execute it, but you must be especially careful because you don't know what kind of code it might execute.
There are other marketplaces like Smithery that can deploy the code on their infrastructure instead of yours, making it safer and allowing you to pass configuration parameters as environment variables. For all servers that can run without needing data from your system, it is recommended to execute them on a remote server rather than your local machine. This reduces the risk of a malicious plugin accessing your personal data or executing unwanted commands on your system.
Docker has also released its own MCP catalog, Docker Hub MCP, where you can find plugins that can be executed in containers and are safe to use.
Hyper-MCP
Hyper-MCP is a fast and secure MCP server that extends its functionality through WebAssembly (WASM) plugins. It allows developers to add AI capabilities to their applications by integrating with tools like Claude Desktop and Cursor IDE.
Key Features
- Extensible with WebAssembly: Write plugins in any language that compiles to WASM.
- Secure: Plugins run in a sandboxed environment with fine-grained access control.
- OCI Registry Support: Distribute and manage plugins using standard OCI registries like Docker Hub.
- Lightweight and Portable: Suitable for various environments, from cloud to edge devices.
- Cross-platform: Compatible with Linux, macOS, and Windows.
Configuration
To get started with Hyper-MCP, you need to create a config.json file in the appropriate directory for your operating system:
- Linux:
$HOME/.config/hyper-mcp/config.json - macOS:
$HOME/Library/Application Support/hyper-mcp/config.json - Windows:
{FOLDERID_RoamingAppData}\hyper-mcp\config.json
Below is an example configuration that includes several useful plugins:
{
"plugins": [
{
"name": "time",
"path": "oci://ghcr.io/tuananh/time-plugin:latest"
},
{
"name": "think",
"path": "oci://ghcr.io/tuananh/think-plugin:latest"
},
{
"name": "hash",
"path": "oci://ghcr.io/tuananh/hash-plugin:latest"
},
{
"name": "fetch",
"path": "oci://ghcr.io/tuananh/fetch-plugin:latest",
"runtime_config": {
"allowed_hosts": ["*"],
"memory_limit": "100 MB"
}
},
{
"name": "context7",
"path": "oci://ghcr.io/tuananh/context7-plugin:nightly",
"runtime_config": {
"allowed_hosts": ["context7.com"]
}
},
{
"name": "sequentialthinking",
"path": "oci://ghcr.io/sevir/sequentialthinking-plugin:latest"
},
{
"name": "serper",
"path": "oci://ghcr.io/tuananh/serper-plugin:latest",
"runtime_config": {
"env_vars": {
"SERPER_API_KEY": "YOUR_SERPER_API_KEY"
},
"allowed_hosts": ["google.serper.dev"]
}
}
]
}
In this configuration:
- Each object in the
pluginsarray defines a new tool for the MCP server. "name": The name of the tool that will be exposed."path": The OCI path to the plugin image."runtime_config": (Optional) Allows you to configure the plugin's runtime environment, such as setting environment variables (env_vars), restricting network access (allowed_hosts), or limiting memory usage. For theserperplugin, you should replace"YOUR_SERPER_API_KEY"with your actual Serper API key.
MCP-Link
At digio, we have deployed an instance of MCP-Link at mcplink.madeindigio.com for you to use.
MCP-Link is a tool that automatically converts any API with an OpenAPI v3 specification into a complete MCP server. This allows AI agents to interact with existing RESTful APIs without needing to modify the original API code.
How does it work?
MCP-Link generates an MCP-compatible interface from an OpenAPI specification URL. You can configure the conversion using the following parameters in the URL:
s=: The URL of the OpenAPI specification file.u=: The base URL of the target API.h=: The format of the authentication header (e.g.,Authorization:Bearer).f=: Expressions to filter the API routes to include or exclude.
Use MCP-Link Configurator
MCP-Link digio Configurator is a web interface that allows you to easily configure MCP-Link parameters. It provides a user-friendly way to set up the OpenAPI specification URL, base URL, authentication headers, and route filters.
Example usage in an AI Agent
To connect an agent to an API via MCP-Link, configure it as follows in the MCP server configuration file:
{
"mcpServers": {
"@service-name": {
"url": "https://mcplink.madeindigio.com/sse?s=[OpenAPI-specification-URL]&u=[API-base-URL]"
}
}
}
This allows any API with an OpenAPI specification to be immediately converted into an MCP-compatible interface accessible to AI agents.
Example with Figma
To illustrate a real use case, let's see how to configure MCP-Link for the Figma API. The URL to connect with Figma through our MCP-Link instance would be:
https://mcplink.madeindigio.com/sse?s=https%3A%2F%2Fraw.githubusercontent.com%2Ffigma%2Frest-api-spec%2Frefs%2Fheads%2Fmain%2Fopenapi%2Fopenapi.yaml&u=https%3A%2F%2Fapi.figma.com&h=%7B%22X-Figma-Token%22%3A%22YOUR_FIGMA_TOKEN%22%7D&f=%2B%2F**
Breaking down the parameters:
- s:
https://raw.githubusercontent.com/figma/rest-api-spec/refs/heads/main/openapi/openapi.yaml- The OpenAPI specification of the Figma API. - u:
https://api.figma.com- The base URL of the Figma API. - h:
{"X-Figma-Token":"YOUR_FIGMA_TOKEN"}- The authentication header. A JSON object (URL-encoded) specifies that theX-Figma-Tokenheader should be sent with your personal Figma token. ReplaceYOUR_FIGMA_TOKENwith your actual token. - f:
+/**- Includes all API routes.
The configuration in your agent would look like this:
{
"mcpServers": {
"@figma": {
"url": "https://mcplink.madeindigio.com/sse?s=https%3A%2F%2Fraw.githubusercontent.com%2Ffigma%2Frest-api-spec%2Frefs%2Fheads%2Fmain%2Fopenapi%2Fopenapi.yaml&u=https%3A%2F%2Fapi.figma.com&h=%7B%22X-Figma-Token%22%3A%22YOUR_FIGMA_TOKEN%22%7D&f=%2B%2F**"
}
}
}
Example with YouTrack
Similarly, to connect with YouTrack, the MCP-Link URL would be:
http://mcplink.madeindigio.com/sse?s=https%3A%2F%2Fdigio.youtrack.cloud%2Fapi%2Fopenapi.json&u=https%3A%2F%2Fdigio.youtrack.cloud%2Fapi&h=%7B%22Authorization%22%3A%22Bearer%20TOKEN_YOUTRACK%22%7D&f=%2B%2F**
Breaking down the parameters:
- s:
https://digio.youtrack.cloud/api/openapi.json- The OpenAPI specification of the YouTrack API. - u:
https://digio.youtrack.cloud/api- The base URL of the YouTrack API. - h:
{"Authorization":"Bearer TOKEN_YOUTRACK"}- The authentication header. A Bearer authorization token is used. ReplaceTOKEN_YOUTRACKwith your permanent YouTrack token. - f:
+/**- Includes all API routes.
The configuration in your agent would look like this:
{
"mcpServers": {
"@youtrack": {
"url": "http://mcplink.madeindigio.com/sse?s=https%3A%2F%2Fdigio.youtrack.cloud%2Fapi%2Fopenapi.json&u=https%3A%2F%2Fdigio.youtrack.cloud%2Fapi&h=%7B%22Authorization%22%3A%22Bearer%20TOKEN_YOUTRACK%22%7D&f=%2B%2F**"
}
}
}
Mycommandmcp
MyCommandMCP is a versatile MCP server written in Rust that allows you to execute system commands as MCP tools. It's highly configurable and can be adapted to a wide range of use cases.
Installation
You can install MyCommandMCP by downloading the binary from the releases page or by building it from source.
To install the binary, download the appropriate version for your system, uncompress it, and place the executable in a directory included in your system's PATH.
Configuration
MyCommandMCP is configured using a YAML file. By default, it looks for a file named mycommand-tools.yaml in the current directory. You can also specify a custom configuration file using the --config flag.
The configuration file has three main sections: prompts, tools, and resources.
Here is an example of a tools configuration:
tools:
- name: "list_files"
description: "Lists files in a specific directory"
command: "ls"
path: "/"
accepts_args: true
accept_input: false
default_args: "-l"
- name: "get_date"
description: "Gets the current system date and time"
command: "date"
path: "/"
accepts_args: false
accept_input: false
This configuration defines two tools: list_files, which executes the ls -l command, and get_date, which executes the date command.
You can find more detailed information about the configuration options in the official documentation.
This is a full example of a real dev mycommand-tools.yaml:
tools:
- name: "get_date"
description: "Displays the current system date and time in various formats. Can show UTC time, format output, or display specific timezones, the tool accepts the same arguments of the `date` linux command"
command: "date"
path: "/"
accepts_args: true
accept_input: false
- name: "process_list"
description: "Displays information about running processes"
command: "ps"
path: "/"
accepts_args: true
accept_input: false
default_args: "auxef"
- name: "network_info"
description: "Shows the network interfaces, routing, devices, and tunnels. This tools accepts the same arguments of the `ip` linux command"
command: "ip"
path: "/"
accepts_args: true
accept_input: false
default_args: "addr"
- name: "curl"
description: "Downloads any resource from a URL using `curl` command. Use this tool for run any `curl` command what you want"
command: "curl"
path: "/tmp"
accepts_args: true
accept_input: false
- name: "vscode"
description: "Call always to open VSCode in the path specified in the argument. Use this tool when you write or edit code"
command: "vscode"
path: "/www"
accepts_args: true
accept_input: false
prompts:
- name: "summarize"
description: "Summarize a given text"
content: |
Please summarize the following text in 3 sentences or less.
Consider the main points and key details.
Maintain a clear and concise style.
- name: "translate"
description: "Translate text to Spanish"
content: |
Translate the following text to Spanish.
Preserve the original meaning and tone.
Use natural and fluent Spanish language.
- name: "code_review"
description: "๐ Comprehensive code review with security and performance analysis"
content: |
๐ **Code Review Request**
Please perform a comprehensive code review of: `{file_path}`
**Focus Areas:** {focus_areas}
**Review Criteria:**
- ๐ก๏ธ Security vulnerabilities and best practices
- โก Performance implications and optimizations
- ๐ Code clarity and maintainability
- ๐ฆ Language-specific idioms and patterns
- ๐งช Testability and error handling
- ๐ Documentation and comments
**Deliverables:**
1. Summary assessment with severity levels
2. Specific issues with line references
3. Actionable improvement suggestions
4. Positive highlights and well-implemented patterns
Please use file operations to read the code and provide detailed feedback.
- name: "rust_optimization"
description: "๐ฆ Rust-specific optimization suggestions and idiomatic patterns"
content: |
๐ฆ **Rust Optimization Analysis**
**Target:** {optimization_goal}
**Code to Optimize:**
```rust
{code_snippet}
```
**Analysis Framework:**
- ๐ Performance: Zero-cost abstractions, allocation patterns
- ๐พ Memory: Ownership, borrowing, lifetime optimizations
- ๐ Readability: Idiomatic Rust patterns, clarity
- ๐ก๏ธ Safety: Memory safety, thread safety, error handling
**Deliverables:**
1. Optimized code with explanations
2. Performance impact analysis
3. Trade-offs and alternatives
4. Benchmark suggestions if applicable
Focus on modern Rust idioms and zero-cost abstractions.
- name: "debug_assistance"
description: "๐ Debug analysis with error investigation and fix suggestions"
content: |
๐ **Debug Assistance Request**
**Error Message:**
```
{error_message}
```
**Context:**
{context}
**Debug Strategy:**
1. ๐ Error Analysis: Root cause identification
2. ๐ ๏ธ Fix Suggestions: Step-by-step resolution
3. ๐งช Verification: Testing approach for the fix
4. ๐ Prevention: How to avoid similar issues
**Investigation Tools:**
- Use file operations to examine related code
- Search for similar patterns in the codebase
- Check dependencies and configurations
Please provide actionable debugging steps and fix recommendations.
- name: "architecture_design"
description: "๐๏ธ Software architecture analysis and design recommendations"
content: |
๐๏ธ **Architecture Design Consultation**
**Project:** {project_description}
**Constraints:** {constraints}
**Design Framework:**
- ๐ฏ Requirements Analysis: Functional and non-functional
- ๐๏ธ Architectural Patterns: Suitable design patterns
- ๐ง Technology Stack: Language, frameworks, databases
- ๐ Scalability: Growth and performance considerations
- ๐ก๏ธ Security: Security architecture and threat model
- ๐งช Testing: Testing strategy and quality assurance
**Deliverables:**
1. High-level architecture diagram (text-based)
2. Component breakdown with responsibilities
3. Data flow and interface definitions
4. Technology recommendations with rationale
5. Implementation roadmap with priorities
Focus on maintainable, scalable, and robust design principles.
- name: "rag_query_optimization"
description: "๐ง Optimize RAG queries for better semantic search results"
content: |
๐ง **RAG Query Optimization**
**Current Query:** {query}
**Domain:** {domain}
**Optimization Strategy:**
- ๐ฏ Semantic Enhancement: Improve query semantics
- ๐ Keyword Expansion: Add relevant synonyms and terms
- ๐ Query Structuring: Optimize for vector similarity
- ๐๏ธ Parameter Tuning: Suggest search parameters
**Analysis Areas:**
1. Query intent and information need
2. Domain-specific terminology
3. Semantic similarity patterns
4. Chunk retrieval effectiveness
**Deliverables:**
- Optimized query variations
- Search strategy recommendations
- RAG parameter suggestions
- Expected retrieval improvements
Use RAG tools to test query effectiveness if helpful.
- name: "documentation_generator"
description: "๐ Generate comprehensive documentation from code"
content: |
๐ **Documentation Generation**
**Target File:** {code_file}
**Documentation Type:** {doc_type}
**Documentation Framework:**
- ๐ API Documentation: Function signatures and usage
- ๐ก Examples: Practical usage examples
- ๐๏ธ Architecture: Module structure and relationships
- ๐ Getting Started: Quick start guides
- โ ๏ธ Edge Cases: Error handling and limitations
**Output Requirements:**
1. Clear, concise descriptions
2. Code examples with explanations
3. Proper markdown formatting
4. Cross-references and links
5. Maintainable documentation structure
Please read the code file and generate appropriate documentation.
Include inline doc comments and external documentation as needed.
- name: "test_strategy"
description: "๐งช Test planning and strategy recommendations"
content: |
๐งช **Test Strategy Development**
**Component:** {component}
**Test Types:** {test_types}
**Testing Framework:**
- ๐ฌ Unit Tests: Individual function testing
- ๐ Integration Tests: Component interaction testing
- โก Performance Tests: Load and stress testing
- ๐ก๏ธ Security Tests: Vulnerability and penetration testing
- ๐ค User Acceptance: End-to-end workflow testing
**Deliverables:**
1. Test plan with coverage targets
2. Test case specifications
3. Testing infrastructure requirements
4. Automation strategy
5. Quality gates and success criteria
**Implementation Guidance:**
- Rust-specific testing patterns
- Mocking and test doubles
- Continuous integration setup
Analyze the component and provide a comprehensive testing strategy.
- name: "refactoring_plan"
description: "โป๏ธ Systematic refactoring strategy with risk assessment"
content: |
โป๏ธ **Refactoring Strategy**
**Target Code:** {target_code}
**Goals:** {goals}
**Refactoring Process:**
- ๐ Analysis: Current state assessment
- ๐ฏ Objectives: Clear refactoring goals
- ๐ Plan: Step-by-step refactoring plan
- โ ๏ธ Risk Assessment: Potential breaking changes
- ๐งช Validation: Testing strategy for changes
**Key Considerations:**
1. Backward compatibility requirements
2. Performance impact analysis
3. Team coordination and communication
4. Incremental delivery approach
5. Rollback strategies
**Deliverables:**
- Detailed refactoring roadmap
- Risk mitigation strategies
- Before/after code comparisons
- Testing and validation plan
Provide a safe, systematic approach to code improvement.
- name: "security_audit"
description: "๐ก๏ธ Security vulnerability assessment and mitigation strategies"
content: |
๐ก๏ธ **Security Audit Request**
**Audit Scope:** {scope}
**Threat Model:** {threat_model}
**Security Assessment Framework:**
- ๐ Authentication: Identity verification
- ๐ช Authorization: Access control mechanisms
- ๐ก๏ธ Input Validation: Data sanitization and validation
- ๐ Cryptography: Encryption and key management
- ๐ Data Protection: Privacy and data handling
- ๐ Network Security: Communication security
**Vulnerability Categories:**
1. OWASP Top 10 compliance
2. Memory safety issues (Rust-specific)
3. Dependency vulnerabilities
4. Configuration security
5. Business logic flaws
**Deliverables:**
- Security vulnerability report
- Risk assessment with severity levels
- Remediation recommendations
- Security best practices guide
Perform thorough security analysis using file operations and search tools.
resources:
- name: "mcp_server_prompts"
description: "Specification of Prompts for MCP Servers"
path: "https://raw.githubusercontent.com/modelcontextprotocol/modelcontextprotocol/refs/heads/main/docs/specification/2024-11-05/server/prompts.mdx"
- name: "mcp_server_tools"
description: "Specification of Tools for MCP Servers"
path: "https://raw.githubusercontent.com/modelcontextprotocol/modelcontextprotocol/refs/heads/main/docs/specification/2024-11-05/server/tools.mdx"
- name: "mcp_server_resources"
description: "Specification of Resources for MCP Servers"
path: "https://raw.githubusercontent.com/modelcontextprotocol/modelcontextprotocol/refs/heads/main/docs/specification/2024-11-05/server/resources.mdx"
Agents prompts
In the repository digio-aidd, you can find a series of prompts designed to effectively interact with AI agents. These prompts are organized into different categories based on their purpose and functionality.
In progress....: Teams are adding their own prompts, and the most useful ones will be incorporated into the repository over time.
MCP-Link URL Generator
Enter the details of the API you want to connect to.
<div class="card">
<h2>Load from URL</h2>
<p>Paste a full MCP-Link URL to fill the form automatically.</p>
<div class="form-group">
<input type="text" id="full-url-input" placeholder="Paste full MCP-Link URL here">
<button id="load-from-url-btn">Load</button>
</div>
</div>
<div class="card">
<h2>Configuration</h2>
<form id="mcp-link-form">
<div class="form-group">
<label for="openapi-spec-url">OpenAPI Specification URL</label>
<input type="text" id="openapi-spec-url" placeholder="https://example.com/openapi.yaml">
<small>URL to the OpenAPI specification (YAML/JSON)</small>
</div>
<div class="form-group">
<label for="api-base-url">API Base URL</label>
<input type="text" id="api-base-url" placeholder="https://api.example.com">
<small>Base URL of the target service where API requests will be forwarded</small>
</div>
<div class="form-group">
<label>HTTP Headers</label>
<div class="headers-container" id="headers-container">
<!-- Headers will be added here by JavaScript -->
</div>
<button type="button" id="add-header-btn">Add Header</button>
</div>
<div class="form-group">
<label>Path Filters</label>
<div class="filters-container" id="filters-container">
<div class="filter-item">
<input type="text" class="filter-input" value="+/**">
<button type="button" class="remove-filter-btn">Remove</button>
</div>
</div>
<button type="button" id="add-filter-btn">Add Filter</button>
<small>
Filter Format Examples:
<ul>
<li><code>+/path/**</code> - Include all endpoints under /path/</li>
<li><code>-/path/**</code> - Exclude all endpoints under /path/</li>
<li><code>+/users/*:GET</code> - Include GET endpoints for /users/{id}</li>
</ul>
</small>
</div>
</form>
</div>
<div class="card">
<h2>Generated URL</h2>
<div class="generated-url-container">
<textarea id="generated-url" readonly></textarea>
<button id="copy-url-btn">Copy</button>
</div>
</div>
</div>
<script src="script.js"></script>