{"id":48440711,"url":"https://github.com/omercnet/dbot","last_synced_at":"2026-04-06T15:04:26.906Z","repository":{"id":346119529,"uuid":"1188543599","full_name":"omercnet/dbot","owner":"omercnet","description":"Run 1,100+ XSOAR security integrations as MCP tools. No XSOAR required.","archived":false,"fork":false,"pushed_at":"2026-03-22T20:18:49.000Z","size":263,"stargazers_count":0,"open_issues_count":2,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-23T00:40:02.692Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/omercnet.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-22T08:23:01.000Z","updated_at":"2026-03-22T19:18:44.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/omercnet/dbot","commit_stats":null,"previous_names":["omercnet/dbot"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/omercnet/dbot","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/omercnet%2Fdbot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/omercnet%2Fdbot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/omercnet%2Fdbot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/omercnet%2Fdbot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/omercnet","download_url":"https://codeload.github.com/omercnet/dbot/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/omercnet%2Fdbot/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31477014,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-06T14:34:32.243Z","status":"ssl_error","status_checked_at":"2026-04-06T14:34:31.723Z","response_time":112,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-04-06T15:03:58.105Z","updated_at":"2026-04-06T15:04:26.897Z","avatar_url":"https://github.com/omercnet.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# dbot\n\n\u003e Run 1,000+ XSOAR security integrations as MCP tools. No XSOAR required.\n\ndbot is an open-source IR agent and MCP server that takes the entire\n[demisto/content](https://github.com/demisto/content) integration library\n(~1,100 security tool integrations) and runs them standalone -- no XSOAR,\nno Cortex, no license.\n\nIt ships as both an **MCP server** (for Claude Desktop, PydanticAI, or any\nMCP client) and a **standalone IR agent** with chat, autonomous responder,\nand web UI.\n\n---\n\n## Quickstart\n\n```bash\n# Clone + setup\ngit clone https://github.com/omercnet/dbot.git \u0026\u0026 cd dbot\ngit submodule update --init\nhatch env create\n\n# Launch web UI\nhatch run dbot-web\n# -\u003e http://127.0.0.1:7932 (chat UI, needs LLM API key)\n# -\u003e http://127.0.0.1:7932/settings (configure everything via browser)\n```\n\nSee [docs/quickstart.md](docs/quickstart.md) for the full setup guide.\n\n---\n\n## Four Ways to Use dbot\n\n### 1. Web UI (recommended for getting started)\n\n```bash\nOPENAI_API_KEY=sk-... hatch run dbot-web\n```\n\nOpens a React SPA at `http://127.0.0.1:7932` with:\n- Chat with tool call visualization (collapsible input/output)\n- Model selector dropdown\n- Streaming responses\n- Settings page at `/settings` (LLM config, guardrails, credentials, packs)\n\n### 2. Interactive Chat (terminal)\n\n```bash\nOPENAI_API_KEY=sk-... hatch run dbot-chat\n```\n\nTerminal REPL for IR investigations. Multi-turn conversation with history.\n\n### 3. Autonomous Responder\n\n```bash\nhatch run dbot-respond alert.json --output markdown\n```\n\nFeeds an alert JSON file to the agent. It autonomously investigates using\navailable tools and produces a structured IR report (markdown, JSON, or JSONL).\n\n### 4. MCP Server (for external clients)\n\n```bash\nhatch run python -m dbot.server\n```\n\nStdio MCP server exposing 3 tools (`search_tools`, `get_tool_schema`,\n`invoke_tool`) for Claude Desktop, PydanticAI, or any MCP client.\n\n---\n\n## Architecture\n\n```\n User / Alert Source\n |\n +----------+----------+\n | |\n dbot-web/chat dbot-respond\n (interactive) (autonomous)\n | |\n ChatAgent ResponderAgent\n | |\n +----------+----------+\n |\n FunctionToolset (native)\n +-- search_tools()\n +-- get_tool_schema()\n +-- invoke_tool()\n |\n +--------+--------+\n | |\n Catalog Executor\n (YAML index) (subprocess)\n | |\n demisto/content demistomock\n```\n\nThe agent uses **native PydanticAI tools** (not MCP) for zero-overhead\ndirect Python calls. The MCP server exists separately for external clients.\n\n---\n\n## Project Structure\n\n```\ndbot/\n+-- dbot/\n| +-- server.py # FastMCP entrypoint (external clients)\n| +-- audit.py # JSON-lines audit logger\n| +-- agent/\n| | +-- chat.py # ChatAgent (interactive + streaming)\n| | +-- responder.py # ResponderAgent (autonomous + HITL)\n| | +-- guardrails.py # FunctionToolset + FilteredToolset\n| | +-- models.py # Alert, IRReport, Verdict, Severity\n| | +-- deps.py # IRDeps (RunContext dependencies)\n| | +-- report.py # Markdown/JSON/JSONL report renderer\n| | +-- web.py # Web UI (Starlette + React SPA + settings)\n| | +-- cli.py # CLI: dbot-chat, dbot-respond, dbot-watch, dbot-web\n| | +-- ingestion/ # Alert loaders (file, stdin, watchdog)\n| +-- config/\n| | +-- db.py # SQLite config store\n| | +-- encryption.py # Fernet credential encryption\n| | +-- api.py # Settings REST API (10 routes)\n| | +-- settings.html # Settings UI (self-contained)\n| | +-- models.py # Config section Pydantic models\n| +-- runtime/ # demistomock shim, CSP loader, executor\n| +-- registry/ # YAML indexer, search catalog\n| +-- credentials/ # Credential store\n+-- content/ # git submodule -\u003e demisto/content\n+-- config/ # dbot.db, .dbot-key, credentials.yaml\n-- tests/ # 307 tests\n+-- docs/\n-- dbot/ui/ # React SPA (Vite + TypeScript)\n| +-- src/ # App.tsx, main.tsx\n| +-- package.json # @ai-sdk/react, react 19, vite, biome\n| +-- vite.config.ts\n| +-- tsconfig.json\n| +-- PROTOCOL.md # Vercel AI DSP wire format\n-- biome.json # JS/TS lint + format config\n-- .editorconfig # Cross-editor settings\n-- .pre-commit-config.yaml # 11 pre-commit hooks\n-- .github/workflows/ci.yml # GitHub Actions CI\n+-- pyproject.toml\n```\n\n---\n\n## Development\n\ndbot uses [hatch](https://hatch.pypa.io/) for Python and npm for the React frontend.\n\n### Quick start\n\n```bash\nhatch env create # set up Python env\ncd dbot/ui \u0026\u0026 npm install \u0026\u0026 cd .. # install frontend deps\nhatch run hooks # install pre-commit hooks\nhatch run check # verify everything works\n```\n\n### Running locally\n\n**Production-like** (static UI build + server):\n\n```bash\nhatch run dev # builds UI, starts server at http://127.0.0.1:7932\n```\n\n**Frontend development** (hot reload — two terminals):\n\n```bash\n# Terminal 1: Python API server\nhatch run dev-api # starts backend at :7932\n\n# Terminal 2: Vite dev server with HMR\ncd dbot/ui \u0026\u0026 npm run dev # starts at :5173, proxies /api/* to :7932\n```\n\nOpen `http://localhost:5173` for live-reloading frontend development.\nOpen `http://localhost:7932` for the production build (after `hatch run build-ui`).\n\n### Commands\n\n| Command | What it does |\n|---|---|\n| `hatch run dev` | Build UI + start server (production-like) |\n| `hatch run dev-api` | Start Python server only (pair with `npm run dev`) |\n| `hatch run test` | Full Python test suite (307 tests) |\n| `hatch run test-quick` | Skip integration tests |\n| `hatch run test-ui` | Frontend tests (vitest) |\n| `hatch run lint` | ruff check + format |\n| `hatch run lint-ui` | biome ci + tsc |\n| `hatch run fmt` | Autofix Python |\n| `hatch run fmt-ui` | Autofix frontend |\n| `hatch run build-ui` | npm run build |\n| `hatch run typecheck` | mypy |\n| `hatch run check` | Dev gate: ruff + biome + tsc + tests |\n| `hatch run check-strict` | Dev gate + mypy |\n| `hatch run ci` | Full CI pipeline |\n| `hatch run hooks` | Install pre-commit hooks |\n\n### Frontend (dbot/ui/)\n\n```bash\nnpm run dev # vite dev server with HMR, proxies /api to :7932\nnpm run build # tsc + vite production build\nnpm run test # vitest\nnpm run lint # biome check\nnpm run check # biome ci + tsc\nnpm run format # biome format\n```\n\n---\n\n## Stack\n\n| Concern | Choice |\n|---------|--------|\n| Agent framework | [PydanticAI](https://github.com/pydantic/pydantic-ai) |\n| MCP server | [FastMCP](https://github.com/jlowin/fastmcp) |\n| Integration source | [demisto/content](https://github.com/demisto/content) (MIT) |\n| Config/credentials | SQLite + Fernet encryption |\n| Web UI | React SPA (Vite + TypeScript) + `@ai-sdk/react` + custom settings page |\n| Execution model | Subprocess per invocation (in-process for dev) |\n| Python | 3.13+ |\n| Frontend | React 19, Vite 6, TypeScript 5.9, @ai-sdk/react |\n| JS/TS linting | [Biome](https://biomejs.dev/) 2.4 |\n| Code quality | Ruff (20 rule sets), Mypy, pre-commit (11 hooks) |\n| CI | GitHub Actions (lint, mypy, test matrix, UI build) |\n| Packaging | hatch + uv + pyproject.toml |\n\n---\n\n## CI / Quality\n\nFour GitHub Actions jobs run on every push and PR:\n\n| Job | What it runs |\n|-----|--------------|\n| lint | ruff, biome, tsc |\n| mypy | strict type-checking |\n| test | pytest matrix (Python 3.13 + 3.14) |\n| ui-build | npm run build |\n\nPre-commit hooks (install with `hatch run hooks`) enforce ruff, biome,\ntrailing whitespace, merge conflict markers, large files, private keys,\ndebug statements, and YAML/TOML validity before every commit.\n\n---\n\n## Contributing\n\n```bash\ngit clone https://github.com/omercnet/dbot.git \u0026\u0026 cd dbot\ngit submodule update --init\nhatch env create\ncd dbot/ui \u0026\u0026 npm install \u0026\u0026 cd ../..\nhatch run hooks # install pre-commit hooks\nhatch run check # must stay green before opening a PR\n```\n\n---\n\n\n## Documentation\n\n- [Quickstart](docs/quickstart.md) -- full setup guide\n- [Architecture](docs/architecture.md) -- how dbot works internally\n- [Credentials](docs/credentials.md) -- configuring API keys and secrets\n- [Integrations](docs/integrations.md) -- adding and validating integrations\n\n---\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fomercnet%2Fdbot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fomercnet%2Fdbot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fomercnet%2Fdbot/lists"}