FinishKit MCP Server

1

Add it to Claude Code

Run this in a terminal.

Run in terminal
claude mcp add -e "FINISHKIT_API_KEY=${FINISHKIT_API_KEY}" finishkit -- npx -y @finishkit/mcp
Required:FINISHKIT_API_KEY
README.md

Scan GitHub repositories for security, deployment, and code quality issues.

@finishkit/mcp

MCP server for FinishKit. Enables AI agents in Cursor, Claude Desktop, Windsurf, and VS Code Copilot to scan GitHub repositories for security vulnerabilities, deployment blockers, and code quality issues.

What AI Agents Can Do

Tool Description Primary Use Case
scan_repo Trigger a full scan and wait for completion Check if a repo is production-ready
get_scan_status Check progress of an in-flight scan Poll a previously triggered scan
get_findings Retrieve detailed findings filtered by category or severity Review security issues, blockers, etc.
get_patches Retrieve auto-generated code patches with unified diffs Apply FinishKit's suggested fixes
list_projects List all connected repositories and last scan dates Discover which repos are configured
create_project Get guided instructions to link a new GitHub repo Onboard a new repository

Quick Start

Get an API key at finishkit.app/dashboard/settings?tab=developer, then configure your MCP client.

Claude Desktop

Edit ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "finishkit": {
      "command": "npx",
      "args": ["-y", "@finishkit/mcp"],
      "env": {
        "FINISHKIT_API_KEY": "fk_live_..."
      }
    }
  }
}

Cursor

Add to .cursor/mcp.json in your project root (or ~/.cursor/mcp.json globally):

{
  "finishkit": {
    "command": "npx",
    "args": ["-y", "@finishkit/mcp"],
    "env": {
      "FINISHKIT_API_KEY": "fk_live_..."
    }
  }
}

Windsurf

Edit ~/.codeium/windsurf/mcp_config.json:

{
  "finishkit": {
    "command": "npx",
    "args": ["-y", "@finishkit/mcp"],
    "env": {
      "FINISHKIT_API_KEY": "fk_live_..."
    }
  }
}

VS Code Copilot Chat

Add to .vscode/mcp.json in your workspace (or user settings):

{
  "servers": {
    "finishkit": {
      "command": "npx",
      "args": ["-y", "@finishkit/mcp"],
      "env": {
        "FINISHKIT_API_KEY": "${env:FINISHKIT_API_KEY}"
      }
    }
  }
}

After configuring, restart your AI client and try: "Scan myorg/my-app for security issues"

Tools Reference

`scan_repo` (Primary Tool)

Scan a GitHub repository with FinishKit to detect security vulnerabilities, deployment blockers, stability issues, test coverage gaps, and UI problems. This is the primary tool - it handles the full scan lifecycle: finds the project, triggers a new scan run, polls until completion (typically 2-8 minutes), and returns a comprehensive summary of all findings.

Parameter Type Required Description
repo_owner string Yes GitHub org or username (e.g., myorg)
repo_name string Yes Repository name without owner (e.g., my-app)
run_type enum No baseline (default), pr, or manual_patch
commit_sha string No Specific commit to scan; defaults to latest

Returns: Finding counts by severity and category, human-readable summary, dashboard URL.

`get_scan_status`

Check the current status of an in-progress FinishKit scan. Returns the scan phase, progress percentage, and estimated time remaining. Use this to check a scan triggered in a previous session.

Parameter Type Required Description
run_id string Yes Run ID from scan_repo or the dashboard

`get_findings`

Retrieve detailed findings from a completed scan. Each finding includes file path, line numbers, severity, category, detailed explanation, and suggested fix.

Parameter Type Required Description
run_id string Yes Run ID of a completed scan
category enum No blockers, security, deploy, stability, tests, ui
severity enum No Minimum severity: critical, high, medium, low
limit number No Max findings to return (1-100, default 50)

`get_patches`

Retrieve automatically generated code patches from a completed scan. Each patch includes the unified diff, application status, and verification status.

Parameter Type Required Description
run_id string Yes Run ID of a completed scan

`list_projects`

List all FinishKit projects connected to your account, with their last scan date and repository details. No inputs required.

`create_project`

Get guided instructions for creating a new FinishKit project by linking a GitHub repository. Directs to the dashboard for GitHub App installation.

| Para

Tools (6)

scan_repoTrigger a full scan of a GitHub repository and wait for completion.
get_scan_statusCheck the progress of an in-flight scan.
get_findingsRetrieve detailed findings from a completed scan.
get_patchesRetrieve automatically generated code patches with unified diffs.
list_projectsList all connected repositories and last scan dates.
create_projectGet guided instructions to link a new GitHub repository.

Environment Variables

FINISHKIT_API_KEYrequiredAPI key for authenticating with FinishKit services.

Configuration

claude_desktop_config.json
{"mcpServers": {"finishkit": {"command": "npx", "args": ["-y", "@finishkit/mcp"], "env": {"FINISHKIT_API_KEY": "fk_live_..."}}}}

Try it

Scan myorg/my-app for security issues.
Check the status of my last repository scan with run ID 12345.
List all my connected GitHub projects and their last scan dates.
Get the code patches for the latest scan of my-app.
Show me all critical security findings for my-app.

Frequently Asked Questions

What are the key features of FinishKit?

Automated scanning for security vulnerabilities and deployment blockers. Code quality analysis including test coverage and stability checks. Auto-generated code patches with unified diffs for identified issues. Full scan lifecycle management from triggering to polling. Integration with major AI clients like Claude Desktop, Cursor, and Windsurf.

What can I use FinishKit for?

Ensuring a repository is production-ready before deployment. Reviewing security vulnerabilities in a codebase. Applying automated fixes for identified code quality issues. Monitoring repository health across multiple projects.

How do I install FinishKit?

Install FinishKit by running: npx -y @finishkit/mcp

What MCP clients work with FinishKit?

FinishKit works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep FinishKit docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.
Open Conare
View all monitoring servers →

Related MCP Servers

Skylos
Find dead code, secrets, and exploitable flows in Python, TypeScript, and Go.
monitoring344 stars
Linux MCP Server
Read-only Linux system administration and diagnostics on RHEL-based systems.
monitoring189 stars
Charles MCP Server
Integrates Charles Proxy with MCP clients for real-time network traffic analysis
monitoring118 stars
HomeButler
All-in-one homelab management MCP server.
monitoring64 stars
Wireshark MCP
Give your AI assistant a packet analyzer.
monitoring55 stars
RenderDoc MCP
Analyze GPU frame captures for graphics debugging and performance analysis.
monitoring42 stars