FixVibe

// docs / mcp

MCP servidor

Plug FixVibe into Claude Desktop, Cursor, térã any client that speaks pe Model Context Protocol. Your AI agent gets typed access pe ne scan-kuéra, jejuhu-kuéra, ha pe same templated fix prompts that power pe dashboard's Mbohasaha fix prompt button.

01

Mint an API token

Visit /cuenta/api-tokens ha create a token named, e.g., claude-desktop. Mbohasaha pe plaintext value — it's shown once.

Tokens hína bearer credentials: anyone ndive pe string ikatu read ne scan-kuéra ha start pyahu ones. Store it like a password.

02

Point ne MCP client at /api/mcp

Claude Desktop / Cursor / Continue / Zed:

{
  "mcpServers": {
    "fixvibe": {
      "transport": "streamable-http",
      "url": "https://fixvibe.app/api/mcp",
      "headers": {
        "Authorization": "Bearer fxv_YOUR_TOKEN_HERE"
      }
    }
  }
}

Restart pe client. The fixvibe server should appear in its MCP servidor list.

03

Try it out

Ask ne agent things like:

  • “List my last 10 FixVibe scan-kuéra.”
  • “Show me pe critical jejuhu-kuéra on pe most recent scan.”
  • “Start a passive scan against https://staging.example.com.”
  • “For each high-severity jejuhu on scan X, write a fix.”
  • “Are there any open live-threat alerta-kuéra on my dominio-kuéra?”
  • Type /fixvibe-fix ndive a jejuhu id pe drop pe templated remediation prompt straight into pe chat.

Tembiporu

list_scansread
Returns up pe 100 most-recent scan-kuéra ndive status + jejuhu counts. Args: limit?: 1..100.
get_scanread
Scan envelope + per-category severity summary by default. Set include_findings=true guarã pe full informe (large guarã noisy scan-kuéra — prefer list_findings + filters). Args: scan_id (uuid), include_findings?: boolean.
list_findingsread
Paginated jejuhu-kuéra across all ne scan-kuéra. Args: severity?: list, check_id?, since? (ISO 8601), limit?: 1..200.
start_scanwrite
Enqueues a scan and returns an id with status queued; poll get_scan to await completion. Passive mode is always available through MCP. Active mode requires a paid plan plus verified-domain authorization from the dashboard. Args: target (URL or hostname), mode? (passive|active).
list_alertsread
Aviso amenaza ára añópe (CT log iñambue, DNS ojeguero'ã, threat intel ñepehẽ). Oĩ plan Unlimited-pe año; plan Hobby ha Pro omyengoviave lista nandi. Args: domain_id?, active_only?, limit?: 1..200.
get_alertread
Single alert with the relevant domain, severity, type, and event details. Args: alert_id (uuid).
dismiss_alertwrite · idempotent
Mark an alerta dismissed. Idempotent — re-dismissing ha'e a nahániri-op. Args: alert_id (uuid).

Recurso-kuéra

Recurso-kuéra let ne client attach FixVibe dato into pe conversation directly, instead of pe agent re-fetching it on peteĩteĩ turn. In Claude Desktop, click pe @ menu → fixvibe.

fixvibe://scan/{scan_id}/reportjson
Full FixVibe scan informe including peteĩteĩ check ha peteĩteĩ jejuhu.
fixvibe://finding/{finding_id}json
A single jejuhu (severity, title, description, evidence, remediation, CWE).

Slash commands

/fixvibe-fixprompt
Renders a server-side remediation prompt for a finding, using scan context when available and falling back to generic guidance otherwise. Args: finding_id (uuid). No third-party LLM API call is made by FixVibe.

→ Quotas, RLS, ha severity gating apply identically pe MCP ha REST calls.

MCP servidor — Docs · FixVibe