{"channels":[{"auth_modes":["none"],"category":"Local browser context","config":{"include_headings":true,"include_matches":true,"max_chars":4200,"source":"active_document","type":"page_context"},"description":"Sends the current page title, headings, and bounded body text to the model.","id":"page-context","label":"Current page context","runtime_support":"live","status":"native"},{"auth_modes":["none"],"category":"Local browser context","config":{"sections":["prompt-library","security-remediation","automation","docs"],"source":"/recipes-index.json","top_k":5,"type":"recipes_index"},"description":"Searches the generated recipe index and attaches the most relevant docs, prompts, and remediation pages.","id":"recipe-index","label":"SecurityRecipes search index","runtime_support":"live","status":"native"},{"auth_modes":["public","pat","oauth"],"category":"Code and findings sources","config":{"include":["readme","security","contributing","manifests","issues","pull_requests"],"max_chars_per_file":1600,"max_files":18,"repository":"owner/repo","type":"github_repository"},"description":"Pulls bounded public or authenticated GitHub repo metadata, manifest files, open issues, and pull requests.","id":"github-repository","label":"GitHub repository context","runtime_support":"live","status":"native"},{"auth_modes":["public","pat","oauth"],"category":"Code and findings sources","config":{"include":["sbom_packages","advisories","cvss","aliases"],"max_advisories":12,"max_packages":40,"repository":"owner/repo","type":"deps_dev_lookup"},"description":"Checks public GitHub Dependency Graph SBOM packages against deps.dev advisory metadata.","id":"deps-dev-advisories","label":"deps.dev advisory context","runtime_support":"live","status":"native"},{"auth_modes":["public","pat","oauth"],"category":"Code and findings sources","config":{"base_url":"https://gitlab.com/api/v4","include":["project","readme","default_branch","issues","merge_requests","vulnerability_findings"],"max_items":20,"project":"group/project","type":"gitlab_project_context"},"description":"Pulls bounded GitLab project metadata, useful repository files, open issues, and open merge requests directly in the browser for GitLab-centered remediation work.","id":"gitlab-project-context","label":"GitLab project context","runtime_support":"live","status":"native"},{"auth_modes":["oauth","pat"],"category":"Code and findings sources","config":{"api_version":"7.1","base_url":"https://dev.azure.com","include":["repository","default_branch","readme","security","contributing","manifests","pull_requests","work_items"],"max_chars_per_file":1600,"max_files":18,"organization":"example-org","project":"security-platform","repository":"payments-api","type":"azure_devops_repository"},"description":"Pulls bounded Azure DevOps repository metadata, useful repo files, active pull requests, and recent open work items directly in the browser for remediation planning.","id":"azure-devops-repository","label":"Azure DevOps repository context","runtime_support":"live","status":"native"},{"auth_modes":["none"],"category":"Scanner findings","config":{"accepted_formats":["sarif-2.1.0-json"],"expected_files":["findings.sarif.json"],"normalization":{"max_results":250,"severity_map":"sarif_default"},"required_fields":["runs[].tool.driver.name","runs[].results[].ruleId","runs[].results[].level"],"source":"local_file","type":"sarif_bundle"},"description":"Uploads a local SARIF 2.1.0 file in the browser, normalizes the findings, and attaches a bounded summary to prompts and agent runs.","id":"sarif-manual-import","label":"SARIF upload","runtime_support":"live","status":"native"},{"auth_modes":["none"],"category":"Scanner findings","config":{"accepted_formats":["cyclonedx-json","spdx-json"],"format_markers":["bomFormat=CycloneDX","spdxVersion"],"normalization":{"infer_ecosystem":true,"max_components":5e3},"source":"local_file","type":"sbom_bundle"},"description":"Uploads a local CycloneDX or SPDX JSON SBOM in the browser and attaches a bounded package, dependency, and vulnerability summary to prompts.","id":"sbom-manual-import","label":"SBOM upload","runtime_support":"live","status":"native"},{"auth_modes":["none"],"category":"Scanner findings","config":{"accepted_formats":["aws-security-hub-asff","tenable-vulnerability-export","defectdojo-findings-json","generic-findings-array-json"],"normalization":{"max_files":12,"max_findings":1500,"max_sample_findings":12},"source":"local_file","type":"scanner_export_bundle"},"description":"Uploads major scanner and findings-platform JSON exports in the browser, normalizes them into a bounded summary, and feeds the exposure queue plus downstream reports without any server-side secret handling.","id":"scanner-export-bundle","label":"Major scanner JSON exports","runtime_support":"live","status":"native"},{"auth_modes":["api_key","oauth"],"category":"Scanner findings","config":{"base_url":"https://api.us1.app.wiz.io/graphql","filters":{"severity":["CRITICAL","HIGH"],"status":["OPEN"]},"pagination":{"page_size":100},"scopes":["issues:read"],"type":"wiz_findings"},"description":"Pre-populated browser-side config for pulling cloud and workload findings from Wiz when a customer enables direct API access.","id":"wiz-findings-api","label":"Wiz findings API","runtime_support":"planned","status":"template"},{"auth_modes":["api_token"],"category":"Scanner findings","config":{"base_url":"https://api.snyk.io/rest","filters":{"effective_severity_level":["high","critical"],"status":["open"]},"type":"snyk_issues","version":"2024-10-15"},"description":"Pulls a bounded first page of high-priority Snyk organization issues directly in the browser for scanner-aware triage and remediation planning.","id":"snyk-issues-api","label":"Snyk issues API","runtime_support":"live","status":"native"},{"auth_modes":["aws_sigv4"],"category":"Scanner findings","config":{"filters":{"RecordState":["ACTIVE"],"SeverityLabel":["HIGH","CRITICAL"]},"region":"us-east-1","type":"aws_security_hub"},"description":"Config profile for pulling ASFF findings into remediation reports and downstream workflow packs.","id":"security-hub-api","label":"AWS Security Hub","runtime_support":"planned","status":"template"},{"auth_modes":["oauth"],"category":"Scanner findings","config":{"base_url":"https://api.security.microsoft.com/api/incidents","filters":{"severity":["High","Medium"],"status":["Active"]},"pagination":{"top":50},"scopes":["Incident.Read.All"],"type":"microsoft_defender_xdr_incidents"},"description":"Pulls a bounded Microsoft Defender XDR incident sample directly in the browser with local severity and status filters for queueing, reporting, and remediation planning.","id":"microsoft-defender-xdr-incidents","label":"Microsoft Defender XDR incidents","runtime_support":"live","status":"native"},{"auth_modes":["oauth"],"category":"Scanner findings","config":{"api_version":"2025-09-01","base_url":"https://management.azure.com","filters":{"severity":["High","Medium"],"status":["New","Active"]},"include":["incidents"],"pagination":{"top":50},"resource_path":"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents","type":"microsoft_sentinel_incidents"},"description":"Pulls a bounded Microsoft Sentinel workspace incident sample directly in the browser with local severity and status filters for queueing, reporting, and remediation planning.","id":"microsoft-sentinel-incidents","label":"Microsoft Sentinel incidents","runtime_support":"live","status":"native"},{"auth_modes":["pat","oauth"],"category":"Scanner findings","config":{"base_url":"https://gitlab.com/api/v4","endpoint":"/projects/:id/vulnerability_findings","filters":{"report_type":["dependency_scanning","sast"],"severity":["high","critical"],"state":["detected","confirmed"]},"project":"group/project","type":"gitlab_vulnerability_findings"},"description":"Pulls a bounded first page of GitLab project vulnerability findings directly in the browser when AppSec findings and fix ownership live in the same GitLab namespace.","id":"gitlab-vulnerability-findings","label":"GitLab vulnerability findings","runtime_support":"live","status":"native"},{"auth_modes":["oauth","api_key"],"category":"Scanner findings","config":{"base_url":"https://api.crowdstrike.com","endpoint":"/detects/queries/detects/v1","filters":{"severity":["high","critical"],"status":["new","in_progress"]},"type":"crowdstrike_detections"},"description":"Starter config for bounded CrowdStrike Falcon detection intake into browser-side triage and response workflows.","id":"crowdstrike-detections","label":"CrowdStrike detections","runtime_support":"planned","status":"template"},{"auth_modes":["api_key"],"category":"Scanner findings","config":{"base_url":"https://cloud.tenable.com","export_path":"/vulns/export","filters":{"severity":["high","critical"],"state":["OPEN","REOPENED"]},"type":"tenable_vuln_export"},"description":"Starter config for exporting high-severity Tenable vulnerabilities into remediation and report workflows.","id":"tenable-vulnerability-management","label":"Tenable vulnerability management","runtime_support":"planned","status":"template"},{"auth_modes":["api_token","oauth"],"category":"Scanner findings","config":{"base_url":"https://dojo.example.com/api/v2","endpoint":"/findings","filters":{"active":true,"severity":["Critical","High"]},"include":["product","engagement","test","finding"],"type":"defectdojo_findings"},"description":"Starter config for pulling active high-severity DefectDojo findings with enough context for analyst routing and ticket creation.","id":"defectdojo-findings","label":"DefectDojo findings","runtime_support":"planned","status":"template"},{"auth_modes":["access_key"],"category":"Scanner findings","config":{"base_url":"https://api.prismacloud.io","filters":{"alert_status":["open"],"policy_severity":["high","critical"]},"resource":"/alert","type":"prisma_cloud_alerts"},"description":"Starter config for Prisma Cloud alert intake across posture and runtime findings.","id":"prisma-cloud-alerts","label":"Prisma Cloud alerts","runtime_support":"planned","status":"template"},{"auth_modes":["oauth"],"category":"Scanner findings","config":{"base_url":"https://securitycenter.googleapis.com","filters":{"severity":["HIGH","CRITICAL"],"state":["ACTIVE"]},"resource":"organizations/{organizationId}/sources/-/findings","type":"google_cloud_scc_findings"},"description":"Starter config for Security Command Center findings when cloud exposures need browser-side triage and routing.","id":"google-cloud-scc-findings","label":"Google Cloud SCC findings","runtime_support":"planned","status":"template"},{"auth_modes":["pat","oauth"],"category":"Scanner findings","config":{"base_url":"https://api.github.com","endpoint":"/repos/{owner}/{repo}/code-scanning/alerts","filters":{"severity":["high","critical"],"state":["open"]},"repository":"owner/repo","type":"github_code_scanning_alerts"},"description":"Starter config for pulling open high-severity GitHub code scanning alerts into browser-side triage and remediation planning.","id":"github-code-scanning-alerts","label":"GitHub code scanning alerts","runtime_support":"planned","status":"template"},{"auth_modes":["api_token"],"category":"Scanner findings","config":{"base_url":"https://semgrep.dev/api/v1","filters":{"severity":["high","critical"],"state":["open","triaged"]},"resource":"/deployments/{deploymentId}/findings","type":"semgrep_appsec_findings"},"description":"Starter config for bringing bounded Semgrep AppSec findings into browser-side reviewer queues and remediation handoffs.","id":"semgrep-appsec-findings","label":"Semgrep AppSec findings","runtime_support":"planned","status":"template"},{"auth_modes":["api_token"],"category":"Scanner findings","config":{"base_url":"https://sonarqube.example.com/api","endpoint":"/issues/search","filters":{"severities":["CRITICAL","BLOCKER"],"statuses":["OPEN","CONFIRMED","REOPENED"],"types":["VULNERABILITY","SECURITY_HOTSPOT"]},"type":"sonarqube_issues"},"description":"Starter config for pulling open SonarQube vulnerabilities and security hotspots into a browser-local remediation queue.","id":"sonarqube-issues","label":"SonarQube security issues","runtime_support":"planned","status":"template"},{"auth_modes":["oauth","api_key"],"category":"Scanner findings","config":{"base_url":"https://ast.checkmarx.net/api","filters":{"severity":["HIGH","CRITICAL"],"state":["NEW","TO_VERIFY"]},"resource":"/findings","type":"checkmarx_one_findings"},"description":"Starter config for pulling high-severity Checkmarx One findings into browser-side triage and routed handoff workflows.","id":"checkmarx-one-findings","label":"Checkmarx One findings","runtime_support":"planned","status":"template"},{"auth_modes":["api_key"],"category":"Scanner findings","config":{"base_url":"https://api.veracode.com/appsec/v1","filters":{"scan_status":["OPEN"],"severity":["HIGH","VERY_HIGH"]},"resource":"/findings","type":"veracode_findings"},"description":"Starter config for pulling actionable Veracode findings into a browser-local remediation and reporting workflow.","id":"veracode-findings","label":"Veracode findings","runtime_support":"planned","status":"template"},{"auth_modes":["aws_sigv4"],"category":"Scanner findings","config":{"base_url":"https://inspector2.us-east-1.amazonaws.com","filters":{"finding_status":["ACTIVE"],"severity":["HIGH","CRITICAL"]},"resource":"/findings/list","type":"aws_inspector_findings"},"description":"Starter config for pulling Amazon Inspector findings into browser-side prioritization, reporting, and downstream routing.","id":"aws-inspector-findings","label":"AWS Inspector findings","runtime_support":"planned","status":"template"},{"auth_modes":["api_key"],"category":"Scanner findings","config":{"base_url":"https://console.insight.rapid7.com/api/3","filters":{"severity":["Severe","Critical"],"status":["active"]},"resource":"/vulnerabilities","type":"rapid7_insightvm_vulnerabilities"},"description":"Starter config for pulling high-risk Rapid7 InsightVM vulnerabilities into browser-side triage and routing workflows.","id":"rapid7-insightvm-vulnerabilities","label":"Rapid7 InsightVM vulnerabilities","runtime_support":"planned","status":"template"},{"auth_modes":["api_token"],"category":"Scanner findings","config":{"base_url":"https://api.orcasecurity.io","filters":{"severity":["high","critical"],"state":["open"]},"resource":"/api/alerts","type":"orca_security_alerts"},"description":"Starter config for Orca alert intake when cloud exposure and workload findings need browser-side case and report handling.","id":"orca-security-alerts","label":"Orca Security alerts","runtime_support":"planned","status":"template"},{"auth_modes":["api_key"],"category":"Scanner findings","config":{"base_url":"https://api.lacework.net","filters":{"severity":["High","Critical"],"status":["Open"]},"resource":"/api/v2/Alerts/Search","type":"lacework_alerts"},"description":"Starter config for pulling open high-severity Lacework alerts into browser-side remediation and escalation planning.","id":"lacework-alerts","label":"Lacework alerts","runtime_support":"planned","status":"template"},{"auth_modes":["api_token","oauth"],"category":"Knowledge sources","config":{"base_url":"https://example.atlassian.net/wiki","max_pages":10,"spaces":["SEC","ENG"],"type":"confluence_search"},"description":"Searches Confluence Cloud pages in the browser to bring internal runbooks, exception notes, and operational context into a scoped agent session.","id":"confluence-knowledge","label":"Confluence runbook context","runtime_support":"live","status":"native"}]}