Skip to content

1.3.4

Choose a tag to compare

View all tags
@oscarvalenzuelab oscarvalenzuelab released this 09 Nov 00:52
· 72 commits to main since this release
v1.3.4
b38cb3c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

v1.3.4 - SBOM and Legal Notices Generation

Release Date: 2025-11-08

This release adds comprehensive SBOM and legal notices generation capabilities, enabling complete end-to-end compliance workflows for LLM clients.

New Features

generate_legal_notices - New MCP Tool

Generate comprehensive legal attribution documentation using purl2notices.

Key Features:

  • Takes a list of Package URLs (PURLs) and generates complete attribution documentation
  • Supports multiple output formats: text, HTML, and markdown
  • Includes copyright notices, license attributions, and full license texts
  • Essential for creating NOTICE files for software distribution
  • Detailed docstring with usage instructions for autonomous LLM usage

Example Usage:

Generate legal notices for analyzed packages

generate_legal_notices(
purls=["pkg:npm/express@4.0.0", "pkg:pypi/django@4.2.0"],
output_format="text",
output_file="NOTICE.txt"
)

Strands Agent: Batch Processing

Enhanced directory analysis with intelligent batch processing for package collections.

Capabilities:

  • Automatic detection of directories containing package archives
  • Analyzes each package individually for accurate results
  • Aggregates license information across all packages
  • Generates comprehensive compliance reports
  • Handles 15+ package formats across multiple ecosystems (JAR, WHL, GEM, NPM, etc.)

Example:

Analyze entire directory of packages

python agent.py /path/to/packages/

Enhanced Features

generate_sbom - Dual Input Modes

Significantly enhanced SBOM generation with flexible input options.

What's New:

  • Dual input modes: Now accepts either purls (list of Package URLs) OR path (directory scan)
  • Better format support: CycloneDX-JSON, CycloneDX-XML, SPDX-JSON, SPDX
  • Improved documentation: Clear examples for both usage modes
  • Enhanced LLM instructions: Comprehensive docstrings enable better autonomous usage

Example - From PURLs:
generate_sbom(
purls=["pkg:npm/express@4.0.0", "pkg:maven/commons-io/commons-io@2.11.0"],
output_format="cyclonedx-json",
output_file="sbom.json"
)

Example - From Directory:
generate_sbom(
path="/path/to/project",
output_format="spdx-json"
)

Benefits

  • Complete compliance workflow: Scan packages → Generate SBOM → Generate legal notices
  • Better multi-package support: Batch analysis for directory-based workflows
  • LLM-ready: Comprehensive docstrings enable autonomous tool usage by any LLM client
  • Clear differentiation: generate_legal_notices (complete attribution) vs generate_mobile_legal_notice (simplified mobile UI)

Complete Workflow Example

1. Batch analyze packages in directory

results = analyze_directory("/path/to/packages")

2. Generate SBOM from discovered packages

generate_sbom(
purls=collected_purls,
output_format="cyclonedx-json",
output_file="project-sbom.json"
)

3. Generate legal notices

generate_legal_notices(
purls=collected_purls,
output_format="html",
output_file="NOTICE.html"
)

Technical Details

Files Changed:

  • mcp_semclone/server.py - Added generate_legal_notices tool, enhanced generate_sbom
  • examples/strands-agent-ollama/agent.py - Added batch processing capabilities
  • tests/test_server.py - Updated tests for new API
  • pyproject.toml - Version bump to 1.3.4

Backward Compatibility:
All changes maintain full backward compatibility. Existing code using generate_sbom with path parameter continues to work as expected.

Installation

pip install --upgrade mcp-semclone

Resources

Full Changelog: v1.3.3...v1.3.4

Assets 2
Loading