MCP Integration

Let your AI assistant read issues, fix code, and verify fixes, without leaving your editor.

What Is MCP?

MCP (Model Context Protocol) is a standard that lets AI tools call functions on external servers. Think of it like an API, but designed for AI assistants instead of browsers. When brakit is running, your AI assistant can ask “what security issues exist?” and get back structured data it can act on.

Setup

Add this to your editor's MCP configuration. The exact file depends on your editor:

Claude Code and Cursor both use .mcp.json in your project root:

.mcp.json

{
  "mcpServers": {
    "brakit": {
      "command": "npx",
      "args": ["brakit", "mcp"]
    }
  }
}

Auto-configured: Running npx brakit install automatically creates this .mcp.json file. You may not need to do this manually.

How It Works

The MCP server runs as a separate process alongside your app. It discovers your running brakit instance by reading the port file at .brakit/port, then calls the same dashboard API that powers the browser UI. The AI assistant gets structured data back, not HTML, not screenshots, but actual issues and metrics it can reason about.

Your app (with brakit) → writes .brakit/port

MCP server → reads port → calls dashboard API

AI assistant → calls MCP tool → gets structured issues

Available Tools

The MCP server exposes 8 tools. Each is a function your AI assistant can call:

get_findings

Lists all open issues (security and performance) brakit has detected. Filter by severity or state.

get_endpoints

Shows every API endpoint your app has served, with p95 latency, error rate, and query count.

get_request_detail

Deep-dives into a specific request: every query, fetch call, and timeline event.

verify_fix

Checks whether a previously reported issue is resolved. The AI calls this after making a fix.

get_report

Full status report: open vs. resolved counts, top issues, and endpoint health at a glance.

clear_findings

Resets all stored issues for a fresh start. Useful when you want to re-baseline.

report_fix

Records the result of an AI fix attempt. Call this after attempting to fix an issue to update the dashboard with what was done.

report_fixes

Records multiple fix results in a single call. Use when the AI has fixed several issues at once to update the dashboard in batch.

The Fix Loop

Here's what a typical AI-assisted fix looks like:

AI calls get_findings , sees 3 open issues
AI calls get_request_detail on the worst one, sees the exact SQL query
AI reads your source code and fixes it
AI calls report_fix to record what was done and mark the issue as fixing
You re-trigger the endpoint (reload the page, resubmit the form)
AI calls verify_fix , confirms the issue is gone

Brakit tracks issues across the open → fixing → resolved lifecycle automatically. If a fix doesn't stick and the issue reappears, it moves to regressed. Endpoints that haven't been hit in a while move to stale.

Issue Lifecycle

Every issue brakit detects goes through a lifecycle:

Open

Issue detected in live traffic

Fixing

An AI assistant is working on it

Resolved

No longer detected. Fix confirmed

Stale

Endpoint not hit recently. No evidence yet

Regressed

Was resolved, but the issue came back

Issues persist across app restarts in .brakit/issues.json. Each issue gets a stable ID (SHA-256 hash of the rule, endpoint, and description) so the AI can refer to it consistently.

Previous← Performance NextTelemetry →