Cursor

This guide describes how to configure Mobb Vibe Shield (MVS) as an MCP (Model Context Protocol) server in Cursor.

Prerequisites

Before setting up MVS, ensure the following:

Cursor is installed and up to date.
Node.js v18.20 or later is installed. (Check with node --version)

Modes Supported

Mobb Vibe Shield supports three primary modes in Cursor:

scan_and_fix_vulnerabilities: Scans and fixes vulnerabilities in recently modified files.
fetch_available_fixes: Applies fixes from the Mobb platform if a matching fix report exists.
check_for_new_available_fixes: Triggers a background scan for new available fixes. The first call starts the scan, and MVS will continue to scan for new fixes every 15 minutes.

Setup Instructions

Create the MCP Configuration File

In your project root, create a file at .vscode/mcp.json (Cursor supports this path):

{
  "servers": {
    "mobb-mcp": {
      "type": "stdio",
      "command": "npx",
      "args": ["mobbdev@latest", "mcp"],
      "env": {
      }
    }
  }
}

For single-tenant users, add the variables API_URL and WEB_APP_URL in the env section. You can also specify which modes are enabled using TOOLS_ENABLED:

{
  "servers": {
    "mobb-mcp": {
      "type": "stdio",
      "command": "npx",
      "args": ["mobbdev@latest", "mcp"],
      "env": {
        "API_URL": "https://api-st-<YOUR_TENANT_NAME>.mobb.ai/v1/graphql",
        "WEB_APP_URL": "https://<YOUR_TENANT_NAME>.mobb.ai",
        "TOOLS_ENABLED": [ "fetch_available_fixes"]
      }
    }
  }
}

Start the MCP Server
Cursor will automatically detect the mcp.json file and start the server. You should see logs indicating the server is running and tools are available.
Using the Modes
- To scan and fix vulnerabilities, use the scan_and_fix_vulnerabilities tool.
  - Example prompt: Scan and fix vulnerabilities in my project using Mobb MCP.
- To fetch available fixes, use the fetch_available_fixes tool.
  - Example prompt: Check for available fixes using the Mobb MCP.
- To trigger the background scan for new fixes, use the check_for_new_available_fixes tool. The first call starts the scan, and MVS will continue to check every 15 minutes.
  - Example prompt: Check for new available fixes using the Mobb MCP.

Deploying a Rulebook for Automated Fix Checks

To ensure check_for_new_available_fixes is always called at the end of every session, you should deploy a rulebook in your repository. In Cursor, this is typically done by adding a file named mvs.mdc in the .cursor folder in your project.

Example .cursor/mvs.mdc rulebook:

---
description: 
globs: 
alwaysApply: true
---
- End-of-generation actions:
    - After completing all reasoning, code edits, linting, and tests **ALWAYS** call the `check_for_new_available_fixes` tool from the *mobb-mcp* toolset.
    - Pass the absolute repository path as the `path` argument.
    - Do **NOT** skip this step under any circumstance.
    - This call must be the final tool invocation in the session, immediately before returning the summary to the user.

This instructs Cursor to always invoke the tool at the end of each session. For more details see Cursor Rules documentation.

Troubleshooting

Ensure Node.js is available in your system PATH.
Check the MCP server logs in Cursor for errors.
Validate your mcp.json syntax and paths.
Restart Cursor if the MCP server fails to launch after edits.
For more information, refer to the VS Code guide for similar setup steps and troubleshooting tips.

PreviousVS Code + GitHub Copilot NextVisual Studio 2022 + GitHub Copilot

Last updated 3 days ago

Was this helpful?