// docs / mcp

MCP server

Faapipi'i FixVibe i Claude Desktop, Cursor, po o so o se client e tautala i le Model Context Protocol. E maua e lau AI agent typed access i au scans, findings, ma templated fix prompts lava e tasi e faaaoga e le dashboard Copy fix prompt button.

Fausia se API token

Asiasi i /account/api-tokens ma create se token e igoa, e.g., claude-desktop. Kopi le plaintext value — e faaalia faatasi.

Tokens o bearer credentials: so o se tasi e iai le string e mafai ona read au scans ma start new ones. Teu pei o se password.

Faasino lau MCP client i /api/mcp

Claude Desktop / Cursor / Continue / Zed:

{
  "mcpServers": {
    "fixvibe": {
      "transport": "streamable-http",
      "url": "https://fixvibe.app/api/mcp",
      "headers": {
        "Authorization": "Bearer fxv_YOUR_TOKEN_HERE"
      }
    }
  }
}

Restart le client. E tatau ona aliali le fixvibe server i lana MCP server list.

Faataitai

Fesili i lau agent mea pei o:

“Lisi mai a'u FixVibe scans mulimuli e 10.”
“Faaali mai critical findings i le scan sili ona lata mai.”
“Start se passive scan faasaga i https://staging.example.com.”
“Mo finding taitasi high-severity i scan X, tusia se fix.”
“E iai ni open live-threat alerts i a'u domains?”
Type /fixvibe-fix ma se finding id e drop sa'o ai le templated remediation prompt i le chat.

Tools

list_scansfaitau: Returns up to 100 most-recent scans ma status + finding counts. Args: limit?: 1..100.
get_scanfaitau: Scan envelope + per-category severity summary by default. Set include_findings=true mo le full report (large for noisy scans — prefer list_findings + filters). Args: scan_id (uuid), include_findings?: boolean.
list_findingsfaitau: Paginated findings across all your scans. Args: severity?: list, check_id?, since? (ISO 8601), limit?: 1..200.
start_scantusi: Enqueues a scan and returns an id with status queued; poll get_scan to await completion. Passive mode is always available through MCP. Active mode requires a paid plan plus verified-domain authorization from the dashboard. Args: target (URL or hostname), mode? (passive|active).
list_alertsfaitau: Lapata'iga faamatatasi ola (CT log eseesega, DNS suiga, threat intel lisi). E maua i le polokalama Unlimited; o polokalama Hobby ma Pro e toe fa'afo'i mai se lisi gaogao. Args: domain_id?, active_only?, limit?: 1..200.
get_alertfaitau: Single alert with the relevant domain, severity, type, and event details. Args: alert_id (uuid).
dismiss_alerttusi · idempotent: Mark an alert dismissed. Idempotent — re-dismissing is a no-op. Args: alert_id (uuid).

Resources

Resources e mafai ai e lau client ona attach FixVibe data i le conversation directly, nai lo le re-fetch e le agent i turn taitasi. I Claude Desktop, click le @ menu → fixvibe.

fixvibe://scan/{scan_id}/reportjson: Full FixVibe scan report including every check and every finding.
fixvibe://finding/{finding_id}json: A single finding (severity, title, description, evidence, remediation, CWE).

Slash commands

/fixvibe-fixprompt: Renders a server-side remediation prompt for a finding, using scan context when available and falling back to generic guidance otherwise. Args: finding_id (uuid). No third-party LLM API call is made by FixVibe.

→ Quotas, RLS, ma severity gating e apply tutusa i MCP ma REST calls.