FixVibe

// docs / mcp

Seva MCP

Fakahu FixVibe ki Claude Desktop, Cursor, pe ha client pe 'oku lea 'aki e Model Context Protocol. 'Oku ma'u 'e ho'o AI agent ha typed access ki ho'o scans, findings, mo e templated fix prompts tatau 'oku fakaivia e dashboard Copy fix prompt button.

01

Fa'u ha API token

A'ahi ki /account/api-tokens pea create ha token named, e.g., claude-desktop. Copy e plaintext value — it's shown once.

Tokens ko bearer credentials: anyone with the string can read your scans and start new ones. Store it like a password.

02

Fakahinohino ho'o MCP client ki /api/mcp

Claude Desktop / Cursor / Continue / Zed:

{
  "mcpServers": {
    "fixvibe": {
      "transport": "streamable-http",
      "url": "https://fixvibe.app/api/mcp",
      "headers": {
        "Authorization": "Bearer fxv_YOUR_TOKEN_HERE"
      }
    }
  }
}

Restart e client. The fixvibe server should appear in its MCP server list.

03

Sivi'i

Ask ho'o agent things like:

  • “List 'eku FixVibe scans fakamuimui 'e 10.”
  • “Faka'ali mai e critical findings 'i he scan fakamuimui taha.”
  • “Kamata ha passive scan ki https://staging.example.com.”
  • “Ma'a e high-severity finding takitaha 'i scan X, tohi ha fix.”
  • “'Oku 'i ai ha open live-threat alerts 'i he'eku domains?”
  • Type /fixvibe-fix mo ha finding id ke drop hangatonu e templated remediation prompt ki he chat.

Ngaahi tools

list_scanslau
Returns up to 100 most-recent scans with status + finding counts. Args: limit?: 1..100.
get_scanlau
Scan envelope + per-category severity summary by default. Set include_findings=true for the full report (large for noisy scans — prefer list_findings + filters). Args: scan_id (uuid), include_findings?: boolean.
list_findingslau
Paginated findings across all your scans. Args: severity?: list, check_id?, since? (ISO 8601), limit?: 1..200.
start_scantohi
Enqueues a scan and returns an id with status queued; poll get_scan to await completion. Passive mode is always available through MCP. Active mode requires a paid plan plus verified-domain authorization from the dashboard. Args: target (URL or hostname), mode? (passive|active).
list_alertslau
Ngaahi fakatokanga fakatuʻutāmaki moʻui (CT log eseesega, DNS suiga, threat intel ngaahi lisi). ʻOku maʻu pē ʻi he palani Unlimited; ko e ngaahi palani Hobby mo Pro ʻoku nau toe fakafoki mai ha lisi maha. Args: domain_id?, active_only?, limit?: 1..200.
get_alertlau
Single alert with the relevant domain, severity, type, and event details. Args: alert_id (uuid).
dismiss_alerttohi · idempotent
Mark an alert dismissed. Idempotent — re-dismissing is a no-op. Args: alert_id (uuid).

Ngaahi resources

Resources 'oku allow ho'o client ke attach FixVibe data into the conversation directly, instead of the agent re-fetching it on every turn. In Claude Desktop, click the @ menu → fixvibe.

fixvibe://scan/{scan_id}/reportjson
Full FixVibe scan report 'oku kau ai e check kotoa mo e finding kotoa.
fixvibe://finding/{finding_id}json
Finding 'e taha (severity, title, description, evidence, remediation, CWE).

Ngaahi slash commands

/fixvibe-fixprompt
Renders a server-side remediation prompt for a finding, using scan context when available and falling back to generic guidance otherwise. Args: finding_id (uuid). No third-party LLM API call is made by FixVibe.

→ Quotas, RLS, and severity gating apply identically to MCP and REST calls.

Seva MCP — Docs · FixVibe