// docs / mcp

Seva MCP

Vakacuruma FixVibe ki Claude Desktop, Cursor, se dua ga na client e kila na Model Context Protocol. E rawata na nomu AI agent na typed access ki nomu scans, findings, kei na templated fix prompts vata ga e vakayagataka na dashboard Copy fix prompt button.

Bulia e dua na API token

Sikova /account/api-tokens ka create e dua na token named, e.g., claude-desktop. Copy na plaintext value — e shown once.

Tokens era bearer credentials: anyone with the string can read your scans and start new ones. Store it like a password.

Vakadodonutaka nomu MCP client ki /api/mcp

Claude Desktop / Cursor / Continue / Zed:

{
  "mcpServers": {
    "fixvibe": {
      "transport": "streamable-http",
      "url": "https://fixvibe.app/api/mcp",
      "headers": {
        "Authorization": "Bearer fxv_YOUR_TOKEN_HERE"
      }
    }
  }
}

Restart na client. Na fixvibe server e dodonu me appear ena MCP server list.

Tovolea

Taroga nomu agent na veika vakaoqo:

“List mai noqu 10 na FixVibe scans e muri.”
“Vakaraitaka mai na critical findings ena scan e vou duadua.”
“Start e dua na passive scan ki https://staging.example.com.”
“Me baleta na high-severity finding yadua ena scan X, vola e dua na fix.”
“E tiko beka na open live-threat alerts ena noqu domains?”
Type /fixvibe-fix kei na finding id me drop vakadodonu na templated remediation prompt ki na chat.

Tools ni MCP

list_scanswilika: Returns up to 100 most-recent scans with status + finding counts. Args: limit?: 1..100.
get_scanwilika: Scan envelope + per-category severity summary by default. Set include_findings=true for the full report (large for noisy scans — prefer list_findings + filters). Args: scan_id (uuid), include_findings?: boolean.
list_findingswilika: Paginated findings across all your scans. Args: severity?: list, check_id?, since? (ISO 8601), limit?: 1..200.
start_scanvola: Enqueues a scan and returns an id with status queued; poll get_scan to await completion. Passive mode is always available through MCP. Active mode requires a paid plan plus verified-domain authorization from the dashboard. Args: target (URL or hostname), mode? (passive|active).
list_alertswilika: Na ivakatakila ni rerevaki ena gauna sara ga (CT log na duidui, DNS na veisau, threat intel na veimataqali). E tu ga ena palani Unlimited; na palani Hobby kei na Pro e ratou vakasuka mai e dua na lisi lala. Args: domain_id?, active_only?, limit?: 1..200.
get_alertwilika: Single alert with the relevant domain, severity, type, and event details. Args: alert_id (uuid).
dismiss_alertvola · idempotent: Mark an alert dismissed. Idempotent — re-dismissing is a no-op. Args: alert_id (uuid).

Resources ni MCP

Resources e rawa kina vua nomu client me attach FixVibe data into the conversation directly, instead of the agent re-fetching it on every turn. In Claude Desktop, click the @ menu → fixvibe.

fixvibe://scan/{scan_id}/reportjson: Full FixVibe scan report e okati kina na check kece kei na finding kece.
fixvibe://finding/{finding_id}json: E dua na finding ga (severity, title, description, evidence, remediation, CWE).

Slash commands ni MCP

/fixvibe-fixprompt: Renders a server-side remediation prompt for a finding, using scan context when available and falling back to generic guidance otherwise. Args: finding_id (uuid). No third-party LLM API call is made by FixVibe.

→ Quotas, RLS, and severity gating apply identically to MCP and REST calls.