mobbdev 1.0.85 → 1.0.87

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +84 -0
  2. package/dist/index.mjs +1451 -47
  3. package/package.json +15 -7
package/README.md CHANGED
@@ -30,6 +30,8 @@ Bugsy does not detect any vulnerabilities in your code, it uses findings detecte
30
30
 
31
31
  ## Usage
32
32
 
33
+ ### Command Line Interface
34
+
33
35
  You can simply run Bugsy from the command line, using npx:
34
36
 
35
37
  ```shell
@@ -76,6 +78,88 @@ npx mobbdev scan -h
76
78
  npx mobbdev analyze -h
77
79
  ```
78
80
 
81
+ ### Model Context Protocol (MCP) Server
82
+
83
+ Bugsy can also be used as an MCP server, allowing AI assistants like Claude to automatically scan and fix vulnerabilities in your code repositories.
84
+
85
+ #### Prerequisites
86
+
87
+ 1. **API Key**: You need a Mobb API key to use the MCP server functionality
88
+ - Sign up at [mobb.ai](https://app.mobb.ai) to get your API key
89
+ - Set the `API_KEY` environment variable: `export API_KEY=your_api_key_here`
90
+
91
+ 2. **Local Git Repository**: The MCP server analyzes git repositories with uncommitted changes
92
+ - Make sure your code is in a local git repository
93
+ - Have some modified, added, or staged files to analyze
94
+
95
+ #### Installation
96
+
97
+ Run mobb-mcp from command line:
98
+
99
+ ```shell
100
+ npx mobbdev mcp
101
+ ```
102
+
103
+ #### Configuration
104
+
105
+ Add Mobb MCP to your Cursor MCP client configuration:
106
+ `API_URL` is only required if you are not using https://app.mobb.ai
107
+
108
+ ```json
109
+ {
110
+ "mcpServers": {
111
+ "mobb-mcp": {
112
+ "command": "npx",
113
+ "args": ["mobbdev", "mcp"],
114
+ "env": {
115
+ "API_KEY": "your_mobb_api_key_here",
116
+ "API_URL": "optional__your_mobb_api_url_here"
117
+ }
118
+ }
119
+ }
120
+ }
121
+ ```
122
+
123
+ #### Usage
124
+
125
+ Once configured, you can use the MCP server through your AI assistant:
126
+
127
+ 1. **Ask Claude to scan for vulnerabilities**:
128
+ ```
129
+ run a scan with mobb-mcp
130
+ ```
131
+ or
132
+ ```
133
+ run fix-vulnerabilities mcp tool
134
+ ```
135
+
136
+ 2. **The MCP server will**:
137
+ - Validate the repository path
138
+ - Check for git changes (modified, added, or staged files)
139
+ - Upload the changed files for analysis
140
+ - Generate automated fixes for detected vulnerabilities
141
+ - Return detailed fix recommendations
142
+
143
+ #### Available MCP Tools
144
+
145
+ - **`fix_vulnerabilities`**: Scans the current code changes and returns fixes for potential vulnerabilities
146
+ - **Parameter**: `path` (string) - The path to the local git repository
147
+ - **Returns**: Detailed vulnerability fixes with code patches and explanations
148
+
149
+ #### Example MCP Workflow
150
+
151
+ 1. Make changes to your code
152
+ 2. Stage or modify files in git
153
+ 3. Ask your AI assistant: "Can you check my code for security vulnerabilities?"
154
+ 4. The assistant will use the MCP server to analyze your changes
155
+ 5. Receive detailed fix recommendations with code patches
156
+
157
+ #### Troubleshooting
158
+
159
+ - **"API_KEY environment variable is not set"**: Make sure you've set your Mobb API key
160
+ - **"Path is not a valid git repository"**: Ensure you're pointing to a valid git repository
161
+ - **"No changed files found"**: Make sure you have modified, added, or staged files in your repository
162
+
79
163
  ## Using Bugsy as part of a CI/CD pipeline
80
164
 
81
165
  If you utilize SAST scans as part of the CI/CD pipeline, Bugsy can be easiy added and provide immediate fix for every issue detected.