Your codebase health,
inside every AI assistant
Vibgrate MCP is the hosted MCP server over your Vibgrate Cloud workspace data. Connect Cursor, Claude, or ChatGPT with one-click OAuth — the same sign-in as Vibgrate Cloud.103 tools for DriftScores, vulnerabilities, upgrade paths, migration status, and organization catalog management. Scoped, revocable tokens; your ingest DSN stays on the CLI and CI path only.
What is the MCP Server?
MCP (Model Context Protocol) is an open standard for connecting AI assistants to external data sources and tools. The Vibgrate MCP Server is the hosted server at mcp.vibgrate.com. It gives your AI assistant secure access to the scan data and organization catalog in your Vibgrate Cloud workspace — query DriftScores, vulnerabilities, and upgrade guidance, or manage business units, environments, and applications with write scope. You need a Vibgrate Cloud workspace and an OAuth sign-in or access token to connect.
Your source code never leaves your environment. The server only exposes metadata collected by the Vibgrate CLI: scores, versions, package names, CVE identifiers, and project structure.
Looking for the local, offline server instead? Vibgrate AI Context (vg serve) serves version-correct library docs plus your code map and offline drift to your AI — no account, nothing uploaded. Vibgrate Skills wire it into Claude Code, Cursor, Copilot, and 18 more assistants with one command.
Quick connection
Add https://mcp.vibgrate.com in your MCP client and complete OAuth — sign in at the dashboard, pick workspaces and scopes.
https://mcp.vibgrate.com
Authorization: Bearer vtm_YOUR_TOKEN_HERE
Create tokens and copy mcp.json at Settings → Access Tokens
What you can ask your AI assistant
Authentication
OAuth for MCP clients, dashboard tokens for manual config. Ingest DSNs are for CLI and CI only.
| Method | Use case | Credential |
|---|---|---|
| OAuth 2.1 + PKCERecommended | Cursor, Claude Desktop, ChatGPT, and other MCP clients | Sign in at the dashboard (email, social, or enterprise SSO via Clerk) |
| Vibgrate Cloud access token | Manual mcp.json or HTTP clients | vtm_* Bearer token (max 7 days) |
| Ingest DSN | CLI vg push and CI uploads only | vibgrate+https://… — not accepted on MCP |
OAuth flow
- Your MCP client discovers metadata at mcp.vibgrate.com and registers via dynamic client registration.
- The client opens the OAuth authorize endpoint with PKCE (S256).
- You sign in at the dashboard consent screen — same Clerk account as Vibgrate Cloud (email/password, Google, GitHub, or SAML/OIDC enterprise SSO).
- You select one or more workspaces and choose vibgrate:read and/or vibgrate:write per workspace.
- The client receives an authorization code and exchanges it for access (vtm_*) and refresh (vtr_*) tokens.
Supported redirects: registered https://, ChatGPT allowlist URLs, cursor://, and local http://127.0.0.1:* / http://localhost:*.
Scopes (per workspace)
vibgrate:readAll read-only MCP tools — repos, scans, drift, vulnerabilities, organization catalog list/get, catalog scans and drift summaries, and more
vibgrate:writesubmit_feedback, organization catalog create/update/delete and assign/unassign operations, and other write operations
Enterprise SSO is supported on the consent screen via Clerk (SAML/OIDC).
Manual mcp.json
{
"mcpServers": {
"vibgrate": {
"type": "http",
"url": "https://mcp.vibgrate.com",
"headers": {
"Authorization": "Bearer vtm_YOUR_TOKEN_HERE"
}
}
}
}Generate from Settings → Access Tokens — select workspaces and scopes, then copy the snippet for Cursor or Claude Desktop.
MCP endpoints
- MCP JSON-RPC
https://mcp.vibgrate.com - OAuth authorization server
https://mcp.vibgrate.com - Protected resource metadata
https://mcp.vibgrate.com/.well-known/oauth-protected-resource - Authorization server metadata
https://mcp.vibgrate.com/.well-known/oauth-authorization-server
Do not use your ingest DSN for MCP
- Do not put
vibgrate+https://…inAuthorization: Bearer— requests returnauth/dsn-not-allowed-use-mcp-token. - Do not paste a DSN on the MCP OAuth screen (removed).
- CLI ingest DSNs remain under Settings → Workspaces for
vg pushonly.
103 tools across 13 groups
The cards below highlight 49 representative tools; the server exposes all 103 over the same endpoint. Scan and analysis tools use data collected by the Vibgrate CLI. Organization catalog tools manage business units, environments, applications, and portfolio structure — catalog writes require vibgrate:write per workspace.
list_workspacesLists all workspaces you have access to with aggregate DriftScores and risk distribution.
list_repositoriesLists repositories with optional filtering by risk level, sort order, and fuzzy name search.
get_repository_detailReturns full details for a single repository — latest scan breakdown, project list, and scan metadata.
Integration guides
Step-by-step setup for all major AI platforms.
Adding Vibgrate to Claude Desktop
- 1Open Claude Desktop config
Settings → Developer → Edit Config, or edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS).
- 2Connect with OAuth (recommended)
Add an HTTP MCP server pointing at https://mcp.vibgrate.com. Claude Desktop will complete OAuth 2.1 + PKCE and send you to the dashboard consent screen to pick workspaces and scopes.
- 3Or use a dashboard access token
Create a token under Settings → Access Tokens at dash.vibgrate.com — choose workspaces, vibgrate:read / vibgrate:write per workspace, then copy the mcp.json snippet.
- 4Manual HTTP configjson
{ "mcpServers": { "vibgrate": { "type": "http", "url": "https://mcp.vibgrate.com", "headers": { "Authorization": "Bearer vtm_YOUR_TOKEN_HERE" } } } } - 5Restart Claude Desktop
Quit and relaunch. The Vibgrate tools appear in the input bar when the connection is healthy.
Frequently asked questions
21 questions covering setup, security, access, and usage.
Still have questions?
Our support team is ready to help with setup, security questions, and enterprise options.