// docs / mcp

MCP server

FixVibe’ni Claude Desktop, Cursor yoki Model Context Protocol gapiradigan istalgan clientga ulang. AI agent skanlaringiz, findings va dashboard’dagi Copy fix prompt tugmasini quvvatlaydigan o‘sha templated fix promptlarga typed access oladi.

API token yarating

/account/api-tokens ga kiring va masalan claude-desktop nomli token yarating. Plaintext value’ni ko‘chiring — u bir marta ko‘rsatiladi.

Tokens bearer credentials: string kimda bo‘lsa, scans o‘qishi va new ones start qilishi mumkin. Password kabi saqlang.

MCP clientni /api/mcp ga yo‘naltiring

Claude Desktop / Cursor / Continue / Zed:

{
  "mcpServers": {
    "fixvibe": {
      "transport": "streamable-http",
      "url": "https://fixvibe.app/api/mcp",
      "headers": {
        "Authorization": "Bearer fxv_YOUR_TOKEN_HERE"
      }
    }
  }
}

Client’ni restart qiling. fixvibe server uning MCP server list’ida ko‘rinishi kerak.

Sinab ko‘ring

Agentingizdan shunday narsalarni so‘rang:

“Oxirgi 10 ta FixVibe scan’imni ko‘rsat.”
“Eng so‘nggi scan’dagi critical findings’ni ko‘rsat.”
“https://staging.example.com ga passive scan boshlang.”
“Scan X’dagi har high-severity finding uchun fix yoz.”
“Domenlarimda open live-threat alerts bormi?”
Templated remediation prompt’ni to‘g‘ridan-to‘g‘ri chat’ga drop qilish uchun finding id bilan /fixvibe-fix yozing.

Tools

list_scansread: Status + finding counts bilan eng so‘nggi 100 scan’gacha qaytaradi. Args: limit?: 1..100.
get_scanread: Default’da scan envelope + per-category severity summary. Full report uchun include_findings=true qo‘ying (noisy scans uchun large — list_findings + filters prefer). Args: scan_id (uuid), include_findings?: boolean.
list_findingsread: Barcha scanlaringiz bo‘yicha paginated findings. Args: severity?: list, check_id?, since? (ISO 8601), limit?: 1..200.
start_scanwrite: Enqueues a scan and returns an id with status queued; poll get_scan to await completion. Passive mode is always available through MCP. Active mode requires a paid plan plus verified-domain authorization from the dashboard. Args: target (URL or hostname), mode? (passive|active).
list_alertsread: Jonli tahdid xabarnomalari (CT log farqlari, DNS o'zgarishlari, threat intel ro'yxatlari). Faqat Unlimited rejasida mavjud; Hobby va Pro rejalari bo'sh ro'yxat qaytaradi. Args: domain_id?, active_only?, limit?: 1..200.
get_alertread: Single alert with the relevant domain, severity, type, and event details. Args: alert_id (uuid).
dismiss_alertwrite · idempotent: Alert’ni dismissed deb belgilang. Idempotent — qayta dismiss qilish no-op. Args: alert_id (uuid).

Resources

Resources client’ga FixVibe data’ni conversation’ga direct attach qilishga imkon beradi, agent har turn’da re-fetch qilmasligi uchun. Claude Desktop’da @ menu → fixvibe bosing.

fixvibe://scan/{scan_id}/reportjson: Har bir check va har bir finding kirgan to‘liq FixVibe scan report.
fixvibe://finding/{finding_id}json: Single finding (severity, title, description, evidence, remediation, CWE).

Slash commands

/fixvibe-fixprompt: Renders a server-side remediation prompt for a finding, using scan context when available and falling back to generic guidance otherwise. Args: finding_id (uuid). No third-party LLM API call is made by FixVibe.

→ Quotas, RLS va severity gating MCP hamda REST calls uchun bir xil qo‘llanadi.