lintbase-mcp 0.1.0 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +201 -0
- package/package.json +3 -2
package/README.md
ADDED
|
@@ -0,0 +1,201 @@
|
|
|
1
|
+
# lintbase-mcp
|
|
2
|
+
|
|
3
|
+
> **Give your AI coding agent real-time Firestore schema context — so it stops hallucinating field names.**
|
|
4
|
+
|
|
5
|
+
[](https://www.npmjs.com/package/lintbase-mcp)
|
|
6
|
+
[](https://www.npmjs.com/package/lintbase-mcp)
|
|
7
|
+
[](https://opensource.org/licenses/MIT)
|
|
8
|
+
[](https://modelcontextprotocol.io)
|
|
9
|
+
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
## The Problem
|
|
13
|
+
|
|
14
|
+
When you ask Cursor, Claude, or Windsurf to write Firestore code, it **guesses** your schema.
|
|
15
|
+
|
|
16
|
+
```
|
|
17
|
+
// What your AI writes:
|
|
18
|
+
await db.collection('users').doc(id).update({ name: value });
|
|
19
|
+
|
|
20
|
+
// What's actually in your DB:
|
|
21
|
+
{ displayName, uid, email, createdAt, plan } ← no "name" field
|
|
22
|
+
```
|
|
23
|
+
|
|
24
|
+
The result: silent bugs, runtime crashes, and schema drift baked in by your AI assistant.
|
|
25
|
+
|
|
26
|
+
## The Fix
|
|
27
|
+
|
|
28
|
+
`lintbase-mcp` is a [Model Context Protocol](https://modelcontextprotocol.io) server that connects your AI agent directly to your Firestore database. Before writing any code, the agent **checks what's actually there**.
|
|
29
|
+
|
|
30
|
+
```
|
|
31
|
+
You: "Add a subscription status field to users"
|
|
32
|
+
|
|
33
|
+
Agent → lintbase_get_schema({ collection: "users" })
|
|
34
|
+
← { uid, email, createdAt, plan, displayName }
|
|
35
|
+
|
|
36
|
+
Agent: "I can see users has uid, email, createdAt, plan, displayName.
|
|
37
|
+
I'll add subscriptionStatus as a string field alongside plan..."
|
|
38
|
+
```
|
|
39
|
+
|
|
40
|
+
No hallucinations. No drift. Ground-truth schema, every time.
|
|
41
|
+
|
|
42
|
+
---
|
|
43
|
+
|
|
44
|
+
## Tools
|
|
45
|
+
|
|
46
|
+
| Tool | What it does |
|
|
47
|
+
|------|-------------|
|
|
48
|
+
| `lintbase_scan` | Full database audit — schema drift, security issues, performance problems, cost leaks. Returns a structured report with a 0–100 risk score. |
|
|
49
|
+
| `lintbase_get_schema` | Returns real field names, types, and presence rates for one or all collections. Use before writing any DB code. |
|
|
50
|
+
| `lintbase_get_issues` | Returns filtered issues. Ask targeted questions: *"any errors in users?"*, *"all security issues?"*, *"schema drift only?"* |
|
|
51
|
+
|
|
52
|
+
---
|
|
53
|
+
|
|
54
|
+
## Setup
|
|
55
|
+
|
|
56
|
+
You'll need a [Firebase service account JSON key](https://firebase.google.com/docs/admin/setup#initialize_the_sdk_in_non-google_environments) for your project.
|
|
57
|
+
|
|
58
|
+
### Cursor
|
|
59
|
+
|
|
60
|
+
Add to `.cursor/mcp.json` in your project root:
|
|
61
|
+
|
|
62
|
+
```json
|
|
63
|
+
{
|
|
64
|
+
"mcpServers": {
|
|
65
|
+
"lintbase": {
|
|
66
|
+
"command": "npx",
|
|
67
|
+
"args": ["-y", "lintbase-mcp"]
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
```
|
|
72
|
+
|
|
73
|
+
Then in your conversation:
|
|
74
|
+
```
|
|
75
|
+
"Check my Firestore schema before writing this code. Key is at ./service-account.json"
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
### Claude Desktop
|
|
79
|
+
|
|
80
|
+
Add to `~/Library/Application Support/Claude/claude_desktop_config.json`:
|
|
81
|
+
|
|
82
|
+
```json
|
|
83
|
+
{
|
|
84
|
+
"mcpServers": {
|
|
85
|
+
"lintbase": {
|
|
86
|
+
"command": "npx",
|
|
87
|
+
"args": ["-y", "lintbase-mcp"]
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
```
|
|
92
|
+
|
|
93
|
+
Restart Claude Desktop and start a new conversation.
|
|
94
|
+
|
|
95
|
+
### Windsurf
|
|
96
|
+
|
|
97
|
+
Add to your Windsurf MCP config:
|
|
98
|
+
|
|
99
|
+
```json
|
|
100
|
+
{
|
|
101
|
+
"mcpServers": {
|
|
102
|
+
"lintbase": {
|
|
103
|
+
"command": "npx",
|
|
104
|
+
"args": ["-y", "lintbase-mcp"]
|
|
105
|
+
}
|
|
106
|
+
}
|
|
107
|
+
}
|
|
108
|
+
```
|
|
109
|
+
|
|
110
|
+
---
|
|
111
|
+
|
|
112
|
+
## Usage Examples
|
|
113
|
+
|
|
114
|
+
Once connected, your AI agent has three tools available. You can trigger them naturally in conversation or the agent will use them automatically when relevant.
|
|
115
|
+
|
|
116
|
+
### Get the schema of a collection
|
|
117
|
+
```
|
|
118
|
+
"What fields are in the users collection?"
|
|
119
|
+
→ lintbase_get_schema({ keyPath: "./sa.json", collection: "users" })
|
|
120
|
+
```
|
|
121
|
+
|
|
122
|
+
**Returns:**
|
|
123
|
+
```markdown
|
|
124
|
+
## users (50 docs sampled)
|
|
125
|
+
| Field | Type | Presence | Stable |
|
|
126
|
+
|-------------|-----------|----------|--------|
|
|
127
|
+
| uid | string | 100% | ✅ |
|
|
128
|
+
| email | string | 100% | ✅ |
|
|
129
|
+
| createdAt | timestamp | 100% | ✅ |
|
|
130
|
+
| plan | string | 95% | ✅ |
|
|
131
|
+
| displayName | string | 62% | ⚠️ ← mark as optional |
|
|
132
|
+
```
|
|
133
|
+
|
|
134
|
+
### Run a full audit
|
|
135
|
+
```
|
|
136
|
+
"Run a full LintBase scan before I start this refactor"
|
|
137
|
+
→ lintbase_scan({ keyPath: "./sa.json", sampleSize: 100 })
|
|
138
|
+
```
|
|
139
|
+
|
|
140
|
+
**Returns:** Complete report with risk score, all issues across 4 analyzers (schema drift, security, performance, cost).
|
|
141
|
+
|
|
142
|
+
### Check for errors before deploying
|
|
143
|
+
```
|
|
144
|
+
"Any blocking errors I should know about?"
|
|
145
|
+
→ lintbase_get_issues({ keyPath: "./sa.json", severity: "error" })
|
|
146
|
+
```
|
|
147
|
+
|
|
148
|
+
### Check security issues only
|
|
149
|
+
```
|
|
150
|
+
"Are there any security problems with my database?"
|
|
151
|
+
→ lintbase_get_issues({ keyPath: "./sa.json", rule: "security/" })
|
|
152
|
+
```
|
|
153
|
+
|
|
154
|
+
---
|
|
155
|
+
|
|
156
|
+
## Security
|
|
157
|
+
|
|
158
|
+
- **Runs 100% locally** — your service account key and Firestore data never leave your machine
|
|
159
|
+
- The MCP server runs as a local `stdio` process spawned by your IDE
|
|
160
|
+
- No data is sent to any LintBase servers during schema inspection
|
|
161
|
+
- The server only performs **read operations** on your Firestore database
|
|
162
|
+
|
|
163
|
+
---
|
|
164
|
+
|
|
165
|
+
## Available Filters for `lintbase_get_issues`
|
|
166
|
+
|
|
167
|
+
| Filter | Values | Example |
|
|
168
|
+
|--------|--------|---------|
|
|
169
|
+
| `severity` | `error`, `warning`, `info` | Only blocking errors |
|
|
170
|
+
| `collection` | any collection name | Only issues in `users` |
|
|
171
|
+
| `rule` | rule prefix | `schema/`, `security/`, `perf/`, `cost/` |
|
|
172
|
+
|
|
173
|
+
---
|
|
174
|
+
|
|
175
|
+
## Rule Reference
|
|
176
|
+
|
|
177
|
+
| Rule | Analyzer | What it catches |
|
|
178
|
+
|------|----------|----------------|
|
|
179
|
+
| `schema/field-type-mismatch` | Schema | Same field holds multiple types across documents |
|
|
180
|
+
| `schema/sparse-field` | Schema | Field missing from >40% of documents |
|
|
181
|
+
| `schema/high-field-variance` | Schema | Wildly different field counts between documents |
|
|
182
|
+
| `security/sensitive-collection` | Security | Collection name suggests unprotected PII |
|
|
183
|
+
| `security/field-contains-secret` | Security | Field name suggests stored secrets/tokens |
|
|
184
|
+
| `security/debug-data-in-production` | Security | Debug/test collections left in production |
|
|
185
|
+
| `perf/excessive-nesting` | Performance | Documents nested >5 levels deep |
|
|
186
|
+
| `perf/document-too-large` | Performance | Documents approaching Firestore's 1MB limit |
|
|
187
|
+
| `cost/large-avg-document` | Cost | Average document size driving up bandwidth costs |
|
|
188
|
+
| `cost/logging-sink` | Cost | Collection used as an unbounded write sink |
|
|
189
|
+
|
|
190
|
+
---
|
|
191
|
+
|
|
192
|
+
## Related
|
|
193
|
+
|
|
194
|
+
- **[lintbase](https://www.npmjs.com/package/lintbase)** — The CLI tool. Run `npx lintbase scan firestore --key ./sa.json` for a full terminal report.
|
|
195
|
+
- **[lintbase.com](https://lintbase.com)** — Dashboard for teams: save scan history, track risk score over time, share reports.
|
|
196
|
+
|
|
197
|
+
---
|
|
198
|
+
|
|
199
|
+
## License
|
|
200
|
+
|
|
201
|
+
MIT © [Mamadou Dia](https://github.com/mamadoudia)
|
package/package.json
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "lintbase-mcp",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.2",
|
|
4
|
+
"mcpName": "io.github.Madia333/lintbase-mcp",
|
|
4
5
|
"description": "MCP server for LintBase — give AI coding agents real-time database schema context.",
|
|
5
6
|
"main": "dist/server.js",
|
|
6
7
|
"bin": {
|
|
@@ -50,4 +51,4 @@
|
|
|
50
51
|
"tsx": "^4.7.0",
|
|
51
52
|
"typescript": "^5.3.0"
|
|
52
53
|
}
|
|
53
|
-
}
|
|
54
|
+
}
|