VS Code + GitHub Copilot

Prerequisites

Before setting up MVS, ensure the following:

VS Code version

• Version 1.99 or later is required

• Download latest VS Code

GitHub Copilot permissions

If you are using GitHub Copilot through an organization account, confirm that your Copilot policies permit:

• Copilot Chat in the IDE

• MCP servers in Copilot

These settings are configured in your GitHub org admin panel under: Settings → Copilot → Policies

Node.js

Ensure Node.js v18.20 or later is installed. The MCP server uses npx and requires a modern Node.js runtime.

node --version

If not installed or outdated, install via nodejs.org.

Step 1. Enable MCP in VS Code

1. Open VS Code settings (Ctrl+Comma or Cmd+, on Mac).

2. Search for chat.mcp.enabled and check the box.

Alternatively, add this to your settings.json:

Step 2. Configure Mobb MCP Server

You can configure the MCP server either per workspace or globally.

Option A: Workspace-Level (.vscode/mcp.json)

1. In your project root, create .vscode/mcp.json:

This file can be committed to your repo and shared across your team.

Option B: User-Level Configuration (settings.json)

1. Open Command Palette → Preferences: Open Settings (JSON)

2. Add or update the mcp section as follows:

This allows you to reuse the same setup across all projects without repeating .vscode setup.

Step 3. Start the Server

In VS Code:

1. Open the Command Palette (Ctrl+Shift+P or Cmd+Shift+P).

2. Run MCP: List Servers

   
3. In the list of configured MCP servers, locate mobb-mcp, then click Start Server.

   

If successful, you’ll see mobb-mcp listed under available tools in Agent Chat (such as scan_and_fix_vulnerabilities, fetch_available_fixes, and check_for_new_available_fixes).

Step 4. Use Mobb in Agent Mode

1. Open Copilot Chat (Ctrl+Alt+I)

2. Switch to Agent Mode

   
3. In the Agent Chat prompt box, type:

4. Accept the execution

5. On first-time setup, MVS will open a browser window to connect to the Mobb platform. You will be prompted to log in and authorize the IDE integration.

Deploying a Rulebook for Automated Security Scanning and Fixing

To ensure comprehensive security coverage in your development workflow, you should deploy a security-focused rulebook that mandates Mobb vulnerability scanning and fixing after every code change. In VS Code, this can be done by adding a file named .github/instructions/security.instructions.md at the root of your project or repository:

This rulebook enforces a mandatory security protocol that requires:

• Automatic Mobb scanning and fixing after implementing any new features or making code changes

• Local fix rule creation for every vulnerability type discovered by Mobb

• Vulnerability prevention by building a library of security fix rules specific to your codebase

Key Features of the Security Rulebook:

• Mandatory scanning protocol: Cannot be bypassed - ensures every code change is security-tested

• Dynamic rule generation: Automatically creates security fix rules files for each new vulnerability type found

• Append-only rule updates: Preserves existing security knowledge while adding new protections

• Critical checklist enforcement: AI assistants must complete all security steps before finishing any task

This security-first approach transforms your development workflow into a continuous security hardening process, where each vulnerability discovered becomes a permanent protection rule for future development.

For more information on custom instructions in VS Code, see the GitHub Copilot documentation.

Troubleshooting

• Run MCP: Show Output to see server logs (Open the Command Palette (Ctrl+Shift+P or Cmd+Shift+P))

• Validate node is available in the terminal by running node --version

• Check mcp.json for syntax or command errors

• Ensure GitHub Copilot Chat is working independently of Mobb first

• After you make changes to the MCP settings, you may need to restart VS Code

• Visit the MCP servers in VS Code for additional info