VS Code + GitHub Copilot

This guide describes how to configure Mobb Vibe Shield (MVS) as an MCP (Model Context Protocol) server in Visual Studio Code.

Prerequisites

Before setting up MVS, ensure the following:

VS Code version

Version 1.99 or later is required (MCP support is in preview).
Download latest VS Code

GitHub Copilot permissions

If you are using GitHub Copilot through an organization account, confirm that your Copilot policies permit:

Copilot Chat (must be enabled)
Editor Preview Features (must be enabled)

These settings are configured in your GitHub org admin panel under: Settings → Copilot → Policies

Node.js

Ensure Node.js v18.20 or later is installed. The MCP server uses npx and requires a modern Node.js runtime.

node --version

If not installed or outdated, install via nodejs.org.

Step 1: Enable MCP in VS Code

Open VS Code settings (Ctrl+Comma or Cmd+, on Mac).
Search for chat.mcp.enabled and check the box.

Alternatively, add this to your settings.json:

"chat.mcp.enabled": true

Step 2: Configure Mobb MCP Server

You can configure the MCP server either per workspace or globally.

Option A: Workspace-Level (`.vscode/mcp.json`)

In your project root, create .vscode/mcp.json:

{
  "servers": {
    "mobb-mcp": {
      "type": "stdio",
      "command": "npx",
      "args": ["mobbdev@latest", "mcp"],
      "env": {
      }
    }
  }
}

This file can be committed to your repo and shared across your team.

For single-tenant users, ensure you add the variables API_URL and WEB_APP_URL in the env section. Furthermore, TOOLS_ENABLED allows you to specify which modes are allowed:

For example:

{
  "servers": {
    "mobb-mcp": {
      "type": "stdio",
      "command": "npx",
      "args": ["mobbdev@latest", "mcp"],
      "env": {
        "API_URL": "https://api-st-<YOUR_TENANT_NAME>.mobb.ai/v1/graphql",
        "WEB_APP_URL": "https://<YOUR_TENANT_NAME>.mobb.ai",
        "TOOLS_ENABLED": ["check_for_available_fixes"]
      }
    }
  }
}

Option B: User-Level Configuration (`settings.json`)

Open Command Palette → Preferences: Open Settings (JSON)
Add or update the mcp section as follows:

{
  "mcp": {
    "servers": {
      "mobb-mcp": {
        "type": "stdio",
        "command": "npx",
        "args": ["mobbdev@latest", "mcp"],
        "env": {
        }
      }
    }
  }
}

This allows you to reuse the same setup across all projects without repeating .vscode setup.

For single-tenant users, ensure you add the variables API_URL and WEB_APP_URL in the env section. Furthermore, TOOLS_ENABLED allows you to specify which modes are allowed:

For example:

{
  "mcp": {
    "servers": {
      "mobb-mcp": {
        "type": "stdio",
        "command": "npx",
        "args": ["mobbdev@latest", "mcp"],
        "env": {
          "API_URL": "https://api-st-<YOUR_TENANT_NAME>.mobb.ai/v1/graphql",
          "WEB_APP_URL": "https://<YOUR_TENANT_NAME>.mobb.ai",
          "TOOLS_ENABLED": ["check_for_available_fixes"]
        }
      }
    }
  }
}

Step 3: Start the Server

In VS Code:

Open the Command Palette (Ctrl+Shift+P or Cmd+Shift+P).
Run MCP: List Servers
In the list of configured MCP servers, locate mobb-mcp, then click Start Server.

If successful, you’ll see mobb-mcp listed under available tools in Agent Chat (such as scan_and_fix_vulnerabilities, fetch_available_fixes, and check_for_new_available_fixes).

Step 4: Use Mobb in Agent Mode

Open Copilot Chat (Ctrl+Alt+I)
Switch to Agent Mode

In the Agent Chat prompt box, type:

Check for new available fixes using the Mobb MCP

Accept the execution
On first-time setup, MVS will open a browser window to connect to the Mobb platform. You will be prompted to log in and authorize the IDE integration.

Deploying a Rulebook for Automated Fix Checks

To ensure check_for_new_available_fixes is always called at the end of every session, you should deploy a rulebook in your repository. In VS Code, this is typically done by adding a file named .github/copilot-instructions.md at the root of your project or repository.

Example .github/copilot-instructions.md rulebook:

# End-of-generation actions:

- After completing all reasoning, code edits, linting, and tests, ALWAYS call the `check_for_new_available_fixes` tool from the mobb-mcp toolset.
- Pass the absolute repository path as the `path` argument.
- Do NOT skip this step under any circumstance.
- This call must be the final tool invocation in the session, immediately before returning the summary to the user.

This instructs the agent to always invoke the tool at the end of each session, ensuring you are notified of new available fixes as soon as possible. For more information on custom instructions in VS Code, see the GitHub Copilot documentation.

Troubleshooting

Run MCP: Show Output to see server logs (Open the Command Palette (Ctrl+Shift+P or Cmd+Shift+P))
Validate node is available in the terminal by running node --version
Check mcp.json for syntax or command errors
Ensure GitHub Copilot Chat is working independently of Mobb first
After you make changes to the MCP settings, you may need to restart VS Code
Visit the MCP servers in VS Code for additional info

PreviousMobb Vibe Shield (MVS)NextCursor

Last updated 2 days ago

Was this helpful?