From 309f5607bbbcc4026602c8d5b202063b97fdf981 Mon Sep 17 00:00:00 2001
From: Wegz <mohamedsaad@Wegzs-MacBook-Pro.local>
Date: Sun, 22 Feb 2026 19:58:55 -0500
Subject: [PATCH 1/2] feat: add agent-bom MCP server

AI supply chain security scanner for MCP servers and AI agents.
Provides CVE scanning, blast radius analysis, policy enforcement,
SBOM generation (CycloneDX/SPDX/SARIF), and remediation planning.

Signed-off-by: Mohamed Saad <msaad00@users.noreply.github.com>
Signed-off-by: Wegz <mohamedsaad@Wegzs-MacBook-Pro.local>
---
 .../toolhive/servers/agent-bom/server.json    | 77 +++++++++++++++++++
 1 file changed, 77 insertions(+)
 create mode 100644 registries/toolhive/servers/agent-bom/server.json

diff --git a/registries/toolhive/servers/agent-bom/server.json b/registries/toolhive/servers/agent-bom/server.json
new file mode 100644
index 00000000..fa76dc34
--- /dev/null
+++ b/registries/toolhive/servers/agent-bom/server.json
@@ -0,0 +1,77 @@
+{
+  "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
+  "name": "io.github.stacklok/agent-bom",
+  "description": "AI supply chain security scanner — CVE scanning, blast radius analysis, policy enforcement, and SBOM generation for MCP servers and AI agents",
+  "title": "agent-bom",
+  "repository": {
+    "url": "https://github.com/msaad00/agent-bom",
+    "source": "github"
+  },
+  "version": "1.0.0",
+  "packages": [
+    {
+      "registryType": "oci",
+      "identifier": "docker.io/agentbom/agent-bom:0.28.1",
+      "transport": {
+        "type": "stdio"
+      },
+      "environmentVariables": [
+        {
+          "name": "NVD_API_KEY",
+          "description": "NVD API key for higher rate limits on CVSS enrichment (optional)",
+          "isRequired": false,
+          "isSecret": true
+        }
+      ]
+    }
+  ],
+  "_meta": {
+    "io.modelcontextprotocol.registry/publisher-provided": {
+      "io.github.stacklok": {
+        "docker.io/agentbom/agent-bom:0.28.1": {
+          "tier": "Community",
+          "status": "Active",
+          "tags": [
+            "security",
+            "vulnerability-scanning",
+            "sbom",
+            "supply-chain",
+            "cve",
+            "blast-radius",
+            "mcp",
+            "ai-agents"
+          ],
+          "tools": [
+            "scan",
+            "blast_radius",
+            "policy_check",
+            "registry_lookup",
+            "generate_sbom",
+            "compliance",
+            "remediate"
+          ],
+          "permissions": {
+            "network": {
+              "outbound": {
+                "allow_host": [
+                  "api.osv.dev",
+                  "services.nvd.nist.gov",
+                  "api.first.org",
+                  "www.cisa.gov"
+                ],
+                "allow_port": [
+                  443
+                ]
+              }
+            }
+          },
+          "custom_metadata": {
+            "author": "Mohamed Saad",
+            "homepage": "https://github.com/msaad00/agent-bom",
+            "license": "Apache-2.0"
+          }
+        }
+      }
+    }
+  }
+}

From 80cb5b9d8e36e28af12443a382b6a49cdf94a87b Mon Sep 17 00:00:00 2001
From: Wegz <mohamedsaad@mac.mynetworksettings.com>
Date: Tue, 24 Feb 2026 01:47:07 -0500
Subject: [PATCH 2/2] feat: update agent-bom to v0.31.1 with GHCR image

- Update image from docker.io/agentbom/agent-bom:0.28.1 to
  ghcr.io/msaad00/agent-bom:v0.31.1
- Fix namespace from io.github.stacklok to io.github.msaad00
- Update version from 1.0.0 to 0.31.1
- Add check tool and npm/PyPI to allowed network hosts
---
 .../toolhive/servers/agent-bom/server.json      | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/registries/toolhive/servers/agent-bom/server.json b/registries/toolhive/servers/agent-bom/server.json
index fa76dc34..e0b448bf 100644
--- a/registries/toolhive/servers/agent-bom/server.json
+++ b/registries/toolhive/servers/agent-bom/server.json
@@ -1,17 +1,17 @@
 {
   "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
-  "name": "io.github.stacklok/agent-bom",
+  "name": "io.github.msaad00/agent-bom",
   "description": "AI supply chain security scanner — CVE scanning, blast radius analysis, policy enforcement, and SBOM generation for MCP servers and AI agents",
   "title": "agent-bom",
   "repository": {
     "url": "https://github.com/msaad00/agent-bom",
     "source": "github"
   },
-  "version": "1.0.0",
+  "version": "0.31.1",
   "packages": [
     {
       "registryType": "oci",
-      "identifier": "docker.io/agentbom/agent-bom:0.28.1",
+      "identifier": "ghcr.io/msaad00/agent-bom:v0.31.1",
       "transport": {
         "type": "stdio"
       },
@@ -27,8 +27,8 @@
   ],
   "_meta": {
     "io.modelcontextprotocol.registry/publisher-provided": {
-      "io.github.stacklok": {
-        "docker.io/agentbom/agent-bom:0.28.1": {
+      "io.github.msaad00": {
+        "ghcr.io/msaad00/agent-bom:v0.31.1": {
           "tier": "Community",
           "status": "Active",
           "tags": [
@@ -43,6 +43,7 @@
           ],
           "tools": [
             "scan",
+            "check",
             "blast_radius",
             "policy_check",
             "registry_lookup",
@@ -57,7 +58,9 @@
                   "api.osv.dev",
                   "services.nvd.nist.gov",
                   "api.first.org",
-                  "www.cisa.gov"
+                  "www.cisa.gov",
+                  "registry.npmjs.org",
+                  "pypi.org"
                 ],
                 "allow_port": [
                   443
@@ -66,7 +69,7 @@
             }
           },
           "custom_metadata": {
-            "author": "Mohamed Saad",
+            "author": "W S",
             "homepage": "https://github.com/msaad00/agent-bom",
             "license": "Apache-2.0"
           }