Devin.ai

This guide describes how to configure Mobb Vibe Shield (MVS) as an MCP (Model Context Protocol) server in Devin.ai.

Prerequisites

Before setting up MVS, ensure the following:

Devin.ai account with access to the MCP Marketplace.
Node.js v18.20 or later is installed. (Check with node --version)

Modes Supported

Mobb Vibe Shield supports three primary modes in Devin.ai:

scan_and_fix_vulnerabilities: Scans and fixes vulnerabilities in recently modified files.
fetch_available_fixes: Applies fixes from the Mobb platform if a matching fix report exists.
check_for_new_available_fixes: Triggers a background scan for new available fixes. The first call starts the scan, and MVS will continue to scan for new fixes every 15 minutes.

Setup Instructions

1. Open the MCP Marketplace

Navigate to Settings → MCP Marketplace in Devin.ai. Select Add Your Own to configure a custom MCP server.

2. Configure the MCP Server

Enter the following details:

Server Name: Mobb Automatic Code Remediation Service
Transport Type: STDIO

3. Add Your API Key as a Secret

Go to Secrets.
Create a new secret with the following values:
- Secret Name: API_KEY
- Secret Value: YOUR_MOBB_API_KEY_GOES_HERE Click here to learn how to generate a Mobb API Key

4. Configure STDIO

Set up the MCP server command:

Command: npx
Arguments:
- mobbdev@latest
- mcp
Environment Variables:
- API_KEY = $API_KEY

5. Test the MCP Server

Click Test listing tools. If successful, you will see validation confirmation and the three MVS tools enabled.

Single-Tenant Configuration

For single-tenant environments, add the following environment variables under Environment Variables:

API_URL = https://api-st-<YOUR_TENANT_NAME>.mobb.ai/v1/graphql

WEB_APP_URL = https://<YOUR_TENANT_NAME>.mobb.ai

Sample Scenario - Deploying a Playbook for Automated Fix Checks

To ensure scan_and_fix_vulnerabilities is always called at the end of every session, create a Playbook in Devin.ai:

Go to Playbooks in the left menu.
Click Create playbook.

Add the following content:

- End-of-generation actions:
    - After completing all reasoning, code edits, linting, and tests **ALWAYS** call the `scan_and_fix_vulnerabilities` tool from the *mobb-mcp* toolset with `rescan=true`.
    - Pass the absolute repository path as the `path` argument.
    - Do **NOT** skip this step under any circumstance.
    - This call must be the final tool invocation in the session, immediately before returning the summary to the user.

Save the playbook. You can now reference it in any task using @Playbooks.

Using the Playbook in a Session

When starting a new session in Devin.ai, reference the playbook to enforce MVS scanning:

Example:

Hey @Devin,  
access the antonychiu2/git-node-app-test2 repo  
create the missing commit part in server.js  
once added, immediately create a PR in my remote repo.  

Make sure to use the playbook @playbook:scan_and_fix

Result

As part of Devin's session, it will run the Mobb MCP to scan_and_fix_vulnerabilities and fix any issues before generating a Pull Request.

Troubleshooting

Ensure Node.js is available in your system PATH.
Check Secrets are set correctly and referenced as $API_KEY.
Verify STDIO arguments are exactly mobbdev@latest mcp.
For single-tenant users, confirm your API_URL and WEB_APP_URL values are correct.

With this setup, Mobb Vibe Shield is now fully integrated into Devin.ai and can automatically remediate vulnerabilities directly from your development environment.

PreviousIntelliJ IDEA + GitHub Copilot NextMobb Dashboard

Last updated 0 minutes ago

Was this helpful?