feat: Add Snyk MCP integration for security scanning in coding loops #85
Description
Summary
Add support for running ralph-starter with Snyk MCP server to enable automated security scanning during autonomous coding loops.
Motivation
When AI agents generate code autonomously, security vulnerabilities can be introduced without detection. Integrating Snyk's MCP server would allow ralph-starter to:
- Scan dependencies for known vulnerabilities during the loop
- Detect insecure code patterns as code is being generated
- Provide real-time security feedback to the coding agent
- Block merges or flag issues before code reaches production
Proposed Behavior
- User configures Snyk MCP server in their ralph-starter setup (e.g. via
ralph.config) - During autonomous coding loops, ralph-starter connects to the Snyk MCP server
- The coding agent can use Snyk tools (vulnerability scanning, code analysis) as part of its workflow
- Security findings are surfaced in the loop output and can optionally halt the loop on critical findings
Example Configuration
mcp:
servers:
- name: snyk
command: npx
args: ["@snyk/mcp-server"]
env:
SNYK_TOKEN: "${SNYK_TOKEN}"