playbooks

home / mcp / vibeshift mcp server

VibeShift MCP Server

Provides an automated security analysis and AI-driven remediation loop for AI-assisted coding environments via MCP.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "groundng-vibeshift": {
      "command": "uv",
      "args": [
        "--directory",
        "path/to/cloned_repo",
        "run",
        "mcp_server.py"
      ],
      "env": {
        "LLM_API_KEY": "YOUR_LLM_API_KEY"
      }
    }
  }
}

VibeShift exposes security analysis and AI-driven remediation as an MCP service that you can connect to from your AI coding environment. By integrating with your coding assistants, it analyzes AI-generated code for vulnerabilities, runs automated tests, and provides actionable feedback to guide secure development at the moment code is produced.

How to use

Use VibeShift to add security analysis directly into your AI-assisted coding workflow. When your AI coding agent generates or significantly changes code, VibeShift performs security checks, returns vulnerability details, and helps your AI assistant suggest or apply fixes. You can trigger recording and testing workflows to capture and validate secure behavior, and you can run a regression test suite to detect reintroduced issues.

How to install

Prerequisites before you begin are straightforward. You need Python 3.10 or newer and a working MCP client. You will also need an installed Playwright runtime for test execution.

How to install (continued)

# Prerequisites
python3 --version
pip --version

# Install MCP client (CLI)
pip install -U mcp[cli]

# Ensure Playwright browsers are installed (for test execution)
pip install -r requirements.txt
patchright install --with-deps

Configuration

Set up your environment and MCP server so your AI coding assistant can communicate with VibeShift.

Configuration (continued)

# .env
LLM_API_KEY="YOUR_LLM_API_KEY"

Adding the MCP Server

Add the MCP server configuration to enable your MCP client to connect to VibeShift. The server runs as a local process and is controlled via the MCP interface.

Adding the MCP Server (exact command)

{
  "mcpServers": {
    "vibeshift": {
      "command": "uv",
      "args": ["--directory","path/to/cloned_repo", "run", "mcp_server.py"]
    }
  }
}

Usage notes

Keep the MCP server running as you interact with your AI coding assistant. You will issue natural language prompts to your AI agent and expect VibeShift to respond with security reports, test artifacts, or remediation guidance.

Troubleshooting

If you encounter connection issues, verify that the MCP server is running in the expected directory and that the directory path in the configuration matches where your mcp_server.py script resides.

Available tools

semgrep

Static code analysis to find vulnerabilities and insecure patterns in source code.

nuclei

Dynamic scanning for template-based vulnerabilities and exposure checks.

zap

Dynamic analysis for running components to detect runtime security issues.

playwright

Automates browser interactions for UI tests and test recordings.

browser_controller

Controls the browser during automated test recording and playback.

test_executor

Executes recorded test flows and captures results, screenshots, and logs.

crawler_agent

Crawls websites to discover pages and generate test step suggestions.

llm_client

Interacts with the language model to plan steps and interpret results.

web_agent

Coordinates web interactions and HTML/vision processing for test planning.

mcp_server

Core MCP integration that routes requests, invokes analyzers, records tests, and reports results.