semgrep · brandonspark · Sep 15, 2025 · Sep 12, 2025 · Sep 12, 2025 · Sep 12, 2025
diff --git a/README.md b/README.md
@@ -97,7 +97,7 @@ uvx semgrep-mcp # see --help for more options
 Or, run as a [Docker container](https://ghcr.io/semgrep/mcp):
 
 ```bash
-docker run -i --rm ghcr.io/semgrep/mcp -t stdio 
+docker run -i --rm ghcr.io/semgrep/mcp -t stdio
 ```
 
 ### Cursor
@@ -473,7 +473,7 @@ async def main():
                 {
                     "code_files": [
                         {
-                            "filename": "hello_world.py",
+                            "path": "hello_world.py",
                             "content": "def hello(): print('Hello, World!')",
                         }
                     ]

diff --git a/examples/sse_client.py b/examples/sse_client.py
@@ -18,7 +18,7 @@ async def main():
                 {
                     "code_files": [
                         {
-                            "filename": "hello_world.py",
+                            "path": "hello_world.py",
                             "content": "def hello(): print('Hello, World!')",
                         }
                     ]

diff --git a/examples/streamable_http_client.py b/examples/streamable_http_client.py
@@ -19,7 +19,7 @@ async def main():
                 {
                     "code_files": [
                         {
-                            "filename": "hello_world.py",
+                            "path": "hello_world.py",
                             "content": "def hello(): print('Hello, World!')",
                         }
                     ]

diff --git a/src/semgrep_mcp/models.py b/src/semgrep_mcp/models.py
@@ -4,12 +4,13 @@
 from pydantic import BaseModel, Field, HttpUrl
 
 
-class LocalCodeFile(BaseModel):
-    path: str = Field(description="Absolute path to be scanned locally by Semgrep.")
-
-
 class CodeFile(BaseModel):
-    filename: str = Field(description="Relative path to the code file")
+    # This "path" is mostly for bookkeeping purposes.
+    # Depending on whether the server is hosted or not, this path might
+    # not actually exist on the filesystem.
+    path: str = Field(description="Path of the code file")
+    # The `content` field will be filled in either by the LLM (in the remote scanning case)
+    # or gleaned from the filesystem (in the local scanning case).
     content: str = Field(description="Content of the code file")
 
 

diff --git a/src/semgrep_mcp/semgrep.py b/src/semgrep_mcp/semgrep.py
@@ -275,7 +275,9 @@ async def run_semgrep_via_rpc(context: SemgrepContext, data: list[CodeFile]) ->
         List of CliMatch objects
     """
 
-    files_json = [{"file": data.filename, "content": data.content} for data in data]
+    # TODO: to be honest it's silly for us to wire the contents of the files over RPC
+    # if they exist on the local filesystem, we could just pass the paths
+    files_json = [{"file": data.path, "content": data.content} for data in data]
 
     # ATD serialized value
     resp = await context.send_request("scanFiles", files=files_json)