prowler-cloud
feat: Integrate Prowler MCP to Lighthouse AI
Context
- Lighthouse AI previously used hardcoded tools implemented directly in the NextJS application
- Prowler MCP server was released containing most of these tools
- This PR refactors Lighthouse to consume tools from the MCP server instead of maintaining hardcoded implementations
Description
Tool Integration:
- Removed all hardcoded tool implementations from Lighthouse
- Removed getLighthouse-prefixed functions in the actions directory that were created specifically for tool calling
- Created a singleton MCP client to connect to Prowler MCP server
Dependency Upgrades:
- Added langgraph/mcp-adapters to v1.0 to support passing custom headers (authentication) to MCP client
- Updated related dependencies: langchain-core, openai, and AWS SDK libraries to v1
Architecture Simplification:
- Replaced langgraph-supervisor with a simple LangChain agent
- Implemented two meta tools for MCP interaction:
- describe_tool: Retrieves tool schema from MCP server
- execute_tool: Executes tools via MCP server
- Simplified overall architecture by removing complexity and better separating responsibilities
Note: MCP Server is now a critical dependency for Lighthouse. If the MCP server is unavailable or Lighthouse cannot connect to it, Lighthouse will lose the ability to retrieve tenant data and execute core functionality.
Steps to review
TODO
Checklist
- Are there new checks included in this PR? Yes / No
- If so, do we need to update permissions for the provider? Please review this carefully.
- [ ] Review if the code is being covered by tests.
- [ ] Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
- [ ] Review if backport is needed.
- [ ] Review if is needed to change the Readme.md
- [ ] Ensure new entries are added to CHANGELOG.md, if applicable.
UI
- [ ] All issue/task requirements work as expected on the UI
- [ ] Screenshots/Video of the functionality flow (if applicable) - Mobile (X < 640px)
- [ ] Screenshots/Video of the functionality flow (if applicable) - Table (640px > X < 1024px)
- [ ] Screenshots/Video of the functionality flow (if applicable) - Desktop (X > 1024px)
- [ ] Ensure new entries are added to CHANGELOG.md, if applicable.
API
- [ ] Verify if API specs need to be regenerated.
- [ ] Check if version updates are required (e.g., specs, Poetry, etc.).
- [ ] Ensure new entries are added to CHANGELOG.md, if applicable.
License
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
✅ Conflict Markers Resolved
All conflict markers have been successfully resolved in this pull request.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
🔒 Container Security Scan
Image: prowler-ui:a870e86
Last scan: 2025-12-16 18:42:18 UTC
✅ No Vulnerabilities Detected
The container image passed all security checks. No known CVEs were found.
📋 Resources:
- Download full report (see artifacts)
- View in Security tab
- Scanned with Trivy
🔒 Container Security Scan
Image: prowler:a870e86
Last scan: 2025-12-16 18:42:06 UTC
📊 Vulnerability Summary
| Severity | Count |
|---|---|
| 🔴 Critical | 3 |
| Total | 3 |
3 package(s) affected
⚠️ Action Required
Critical severity vulnerabilities detected. These should be addressed before merging:
- Review the detailed scan results
- Update affected packages to patched versions
- Consider using a different base image if updates are unavailable
📋 Resources:
- Download full report (see artifacts)
- View in Security tab
- Scanned with Trivy