Skip to main content
AI Integrations·mcp.vibgrate.com

Your codebase health,
inside every AI assistant

Vibgrate MCP is the hosted MCP server over your Vibgrate Cloud workspace data. Connect Cursor, Claude, or ChatGPT with one-click OAuth — the same sign-in as Vibgrate Cloud.103 tools for DriftScores, vulnerabilities, upgrade paths, migration status, and organization catalog management. Scoped, revocable tokens; your ingest DSN stays on the CLI and CI path only.

What is the MCP Server?

MCP (Model Context Protocol) is an open standard for connecting AI assistants to external data sources and tools. The Vibgrate MCP Server is the hosted server at mcp.vibgrate.com. It gives your AI assistant secure access to the scan data and organization catalog in your Vibgrate Cloud workspace — query DriftScores, vulnerabilities, and upgrade guidance, or manage business units, environments, and applications with write scope. You need a Vibgrate Cloud workspace and an OAuth sign-in or access token to connect.

Your source code never leaves your environment. The server only exposes metadata collected by the Vibgrate CLI: scores, versions, package names, CVE identifiers, and project structure.

Looking for the local, offline server instead? Vibgrate AI Context (vg serve) serves version-correct library docs plus your code map and offline drift to your AI — no account, nothing uploaded. Vibgrate Skills wire it into Claude Code, Cursor, Copilot, and 18 more assistants with one command.

Quick connection

Recommended

Add https://mcp.vibgrate.com in your MCP client and complete OAuth — sign in at the dashboard, pick workspaces and scopes.

MCP endpoint
url
https://mcp.vibgrate.com
Manual token (optional)
header
Authorization: Bearer vtm_YOUR_TOKEN_HERE

Create tokens and copy mcp.json at Settings → Access Tokens

What you can ask your AI assistant

"Which of our repos have the highest DriftScores right now?"
"Show me all high-severity CVEs detected in the last two weeks."
"How has our main branch drift changed over the last 90 days?"
"Which services are still running on Node 16 or earlier?"
"Give me a list of dependencies we should upgrade this sprint."
"Summarize our current codebase health for a board update."
"Which remediation projects are overdue?"
"What's the safest upgrade path from React 17 to React 19?"
"Compare our frontend and backend DriftScores."
"What's the average DriftScore for everything in the Payments business unit?"
"List all applications in Production and their linked repos."
"Show high-risk scans for the Retail division including sub-units."

Authentication

OAuth for MCP clients, dashboard tokens for manual config. Ingest DSNs are for CLI and CI only.

MethodUse caseCredential
OAuth 2.1 + PKCERecommendedCursor, Claude Desktop, ChatGPT, and other MCP clientsSign in at the dashboard (email, social, or enterprise SSO via Clerk)
Vibgrate Cloud access tokenManual mcp.json or HTTP clientsvtm_* Bearer token (max 7 days)
Ingest DSNCLI vg push and CI uploads onlyvibgrate+https://… — not accepted on MCP

OAuth flow

  1. Your MCP client discovers metadata at mcp.vibgrate.com and registers via dynamic client registration.
  2. The client opens the OAuth authorize endpoint with PKCE (S256).
  3. You sign in at the dashboard consent screen — same Clerk account as Vibgrate Cloud (email/password, Google, GitHub, or SAML/OIDC enterprise SSO).
  4. You select one or more workspaces and choose vibgrate:read and/or vibgrate:write per workspace.
  5. The client receives an authorization code and exchanges it for access (vtm_*) and refresh (vtr_*) tokens.

Supported redirects: registered https://, ChatGPT allowlist URLs, cursor://, and local http://127.0.0.1:* / http://localhost:*.

Scopes (per workspace)

  • vibgrate:read

    All read-only MCP tools — repos, scans, drift, vulnerabilities, organization catalog list/get, catalog scans and drift summaries, and more

  • vibgrate:write

    submit_feedback, organization catalog create/update/delete and assign/unassign operations, and other write operations

Enterprise SSO is supported on the consent screen via Clerk (SAML/OIDC).

Manual mcp.json

json
{
  "mcpServers": {
    "vibgrate": {
      "type": "http",
      "url": "https://mcp.vibgrate.com",
      "headers": {
        "Authorization": "Bearer vtm_YOUR_TOKEN_HERE"
      }
    }
  }
}

Generate from Settings → Access Tokens — select workspaces and scopes, then copy the snippet for Cursor or Claude Desktop.

MCP endpoints

  • MCP JSON-RPC
    https://mcp.vibgrate.com
  • OAuth authorization server
    https://mcp.vibgrate.com
  • Protected resource metadata
    https://mcp.vibgrate.com/.well-known/oauth-protected-resource
  • Authorization server metadata
    https://mcp.vibgrate.com/.well-known/oauth-authorization-server

Do not use your ingest DSN for MCP

  • Do not put vibgrate+https://… in Authorization: Bearer — requests return auth/dsn-not-allowed-use-mcp-token.
  • Do not paste a DSN on the MCP OAuth screen (removed).
  • CLI ingest DSNs remain under Settings → Workspaces for vg push only.

103 tools across 13 groups

The cards below highlight 49 representative tools; the server exposes all 103 over the same endpoint. Scan and analysis tools use data collected by the Vibgrate CLI. Organization catalog tools manage business units, environments, applications, and portfolio structure — catalog writes require vibgrate:write per workspace.

list_workspaces

Lists all workspaces you have access to with aggregate DriftScores and risk distribution.

Ask "show me all my workspaces and their health scores" — get a full portfolio view in one response.
list_repositories

Lists repositories with optional filtering by risk level, sort order, and fuzzy name search.

Ask "show me all high-risk repositories" or "find repos named checkout" without knowing exact IDs.
get_repository_detail

Returns full details for a single repository — latest scan breakdown, project list, and scan metadata.

Ask "give me the full drift breakdown for the payments service" and get everything in one place.

Integration guides

Step-by-step setup for all major AI platforms.

Claude Desktop Adding Vibgrate to Claude Desktop

  1. 1
    Open Claude Desktop config

    Settings → Developer → Edit Config, or edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS).

  2. 2
    Connect with OAuth (recommended)

    Add an HTTP MCP server pointing at https://mcp.vibgrate.com. Claude Desktop will complete OAuth 2.1 + PKCE and send you to the dashboard consent screen to pick workspaces and scopes.

  3. 3
    Or use a dashboard access token

    Create a token under Settings → Access Tokens at dash.vibgrate.com — choose workspaces, vibgrate:read / vibgrate:write per workspace, then copy the mcp.json snippet.

  4. 4
    Manual HTTP config
    json
    {
      "mcpServers": {
        "vibgrate": {
          "type": "http",
          "url": "https://mcp.vibgrate.com",
          "headers": {
            "Authorization": "Bearer vtm_YOUR_TOKEN_HERE"
          }
        }
      }
    }
  5. 5
    Restart Claude Desktop

    Quit and relaunch. The Vibgrate tools appear in the input bar when the connection is healthy.

Frequently asked questions

21 questions covering setup, security, access, and usage.

Still have questions?

Our support team is ready to help with setup, security questions, and enterprise options.