// docs / mcp

Servitore MCP

Plug FixVibe into Claude Desktop, Cursor, o any client that speaks u Model Context Protocol. Your AI agent gets typed access à u vostru scansioni, risultati, è u same templated fix prompts that power u dashboard's Cupià fix prompt button.

Mint an API token

Visit /contu/api-tokens è create a token named, e.g., claude-desktop. Cupià u plaintext value — it's shown once.

Tokens sò bearer credentials: anyone cù u string pò read u vostru scansioni è start novu ones. Store it like a password.

Point u vostru MCP client at /api/mcp

Claude Desktop / Cursor / Continue / Zed:

{
  "mcpServers": {
    "fixvibe": {
      "transport": "streamable-http",
      "url": "https://fixvibe.app/api/mcp",
      "headers": {
        "Authorization": "Bearer fxv_YOUR_TOKEN_HERE"
      }
    }
  }
}

Restart u client. The fixvibe server should appear in its Servitore MCP list.

Try it out

Ask u vostru agent things like:

“List my last 10 FixVibe scansioni.”
“Show me u critical risultati on u most recent scansione.”
“Start a passive scansione against https://staging.example.com.”
“For each high-severity risultatu on scansione X, write a fix.”
“Are there any open live-threat allarmi on my duminii?”
Type /fixvibe-fix cù a risultatu id à drop u templated remediation prompt straight into u chat.

Strumenti

list_scansread: Returns up à 100 most-recent scansioni cù status + risultatu counts. Args: limit?: 1..100.
get_scanread: Scan envelope + per-category severity summary by default. Set include_findings=true per u full raportu (large per noisy scansioni — prefer list_findings + filters). Args: scan_id (uuid), include_findings?: boolean.
list_findingsread: Paginated risultati across all u vostru scansioni. Args: severity?: list, check_id?, since? (ISO 8601), limit?: 1..200.
start_scanwrite: Enqueues a scan and returns an id with status queued; poll get_scan to await completion. Passive mode is always available through MCP. Active mode requires a paid plan plus verified-domain authorization from the dashboard. Args: target (URL or hostname), mode? (passive|active).
list_alertsread: Allarmi di minaccia in diretta (differenze CT log, cambiamenti DNS, listazioni threat intel). Dispunibile solu nant'à u pianu Unlimited; i piani Hobby è Pro restituiscenu una lista viota. Args: domain_id?, active_only?, limit?: 1..200.
get_alertread: Single alert with the relevant domain, severity, type, and event details. Args: alert_id (uuid).
dismiss_alertwrite · idempotent: Mark an allarme dismissed. Idempotent — re-dismissing hè a nò-op. Args: alert_id (uuid).

Risorse

Risorse let u vostru client attach FixVibe dati into u conversation directly, instead of u agent re-fetching it on ogni turn. In Claude Desktop, click u @ menu → fixvibe.

fixvibe://scan/{scan_id}/reportjson: Full FixVibe scansione raportu including ogni check è ogni risultatu.
fixvibe://finding/{finding_id}json: A single risultatu (severity, title, description, evidence, remediation, CWE).

Slash commands

/fixvibe-fixprompt: Renders a server-side remediation prompt for a finding, using scan context when available and falling back to generic guidance otherwise. Args: finding_id (uuid). No third-party LLM API call is made by FixVibe.

→ Quotas, RLS, è severity gating apply identically à MCP è REST calls.