MCP Server

The Precogs MCP Server enables AI coding assistants like Claude, Cursor, and GitHub Copilot to access Precogs security features directly during development.

What is MCP?

Model Context Protocol (MCP) is an open standard that lets AI assistants interact with external tools and services. With the Precogs MCP Server, your AI can:

Scan projects for vulnerabilities
List and analyze security findings
Get AI-generated fix suggestions
Access security dashboard metrics

Installation

npm (recommended)

npm install -g precogs-mcp-server

From Source

git clone https://github.com/precogsai/precogs-mcp-server
cd precogs-mcp-server
npm install
npm run build

Configuration

Claude Desktop

Add to your Claude Desktop config file:

macOS: ~/.config/claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "precogs": {
      "command": "precogs-mcp-server",
      "env": {
        "PRECOGS_API_KEY": "pk_live_xxxxxxxxxxxx"
      }
    }
  }
}

Cursor

Add to Cursor settings:

{
  "mcp.servers": {
    "precogs": {
      "command": "precogs-mcp-server",
      "env": {
        "PRECOGS_API_KEY": "pk_live_xxxxxxxxxxxx"
      }
    }
  }
}

Available Tools

The MCP server exposes 10 tools to AI assistants:

Project Management

Tool	Description
`precogs_list_projects`	List all configured projects
`precogs_get_project`	Get details of a specific project

Security Scanning

Tool	Description
`precogs_scan_code`	Trigger SAST code security scan
`precogs_scan_dependencies`	Trigger SCA dependency scan
`precogs_scan_iac`	Trigger IaC configuration scan
`precogs_get_scan_results`	Get results from a scan

Vulnerability Management

Tool	Description
`precogs_list_vulnerabilities`	List vulnerabilities with filters
`precogs_get_vulnerability`	Get vulnerability details
`precogs_get_ai_fix`	Get AI-generated fix suggestion

Analytics

Tool	Description
`precogs_dashboard`	Get security dashboard overview

Example Conversations

Scanning for Vulnerabilities

User: Scan my main project for security issues

Claude: I'll scan your project using Precogs AI.
        [Uses precogs_list_projects to find the project]
        [Uses precogs_scan_code with projectId]
        
        I've initiated a security scan on "my-app". The scan ID is 
        scan_abc123. Let me check for any critical findings...
        
        [Uses precogs_list_vulnerabilities with severity="critical"]
        
        Found 2 critical vulnerabilities:
        1. SQL Injection in api/users.py:45
        2. Hardcoded secret in config.py:12

Getting Fix Suggestions

User: How do I fix that SQL injection?

Claude: [Uses precogs_get_ai_fix with vulnId]
        
        Here's the recommended fix for the SQL injection:
        
        Replace the raw query with a parameterized version:
        
        ```python
        # Before (vulnerable)
        cursor.execute(f"SELECT * FROM users WHERE id = {user_id}")
        
        # After (secure)
        cursor.execute("SELECT * FROM users WHERE id = ?", (user_id,))
        ```

Environment Variables

Variable	Description	Required
`PRECOGS_API_KEY`	Your project API key (`pk_live_...`)	Yes
`PRECOGS_BASE_URL`	Override API endpoint (for local development)	No

Development

# Clone and install
git clone https://github.com/precogsai/precogs-mcp-server
cd precogs-mcp-server
npm install

# Run in development mode
PRECOGS_API_KEY=pk_live_xxx npm run dev

# Build for production
npm run build

Next Steps

Python SDK — Programmatic access
CLI — Command-line scanning

What is MCP?​

Installation​

npm (recommended)​

From Source​

Configuration​

Claude Desktop​

Cursor​

Available Tools​

Project Management​

Security Scanning​

Vulnerability Management​

Analytics​

Example Conversations​

Scanning for Vulnerabilities​

Getting Fix Suggestions​

Environment Variables​

Development​

Next Steps​