# VS Code + GitHub Copilot ## Prerequisites Before setting up MVS, ensure the following: #### VS Code version * **Version 1.99 or later** is required * [Download latest VS Code](https://code.visualstudio.com/download) #### GitHub Copilot permissions If you are using GitHub Copilot through an **organization account**, confirm that your **Copilot policies** permit: * **Copilot Chat in the IDE** * **MCP servers in Copilot** These settings are configured in your GitHub org admin panel under:\ `Settings → Copilot → Policies` #### Node.js Ensure **Node.js v18.20 or later** is installed. The MCP server uses `npx` and requires a modern Node.js runtime. ```bash node --version ``` If not installed or outdated, install via [nodejs.org](https://nodejs.org/). ### Step 1. Enable MCP in VS Code 1. Open VS Code settings (Ctrl+Comma or `Cmd+,` on Mac). 2. Search for `chat.mcp.enabled` and check the box. Alternatively, add this to your `settings.json`: ```json "chat.mcp.enabled": true ``` ### Step 2. Configure Mobb MCP Server You can configure the MCP server either **per workspace** or **globally**. #### Option A: Workspace-Level (`.vscode/mcp.json`) 1. In your project root, create `.vscode/mcp.json`: ```json { "servers": { "mobb-mcp": { "type": "stdio", "command": "npx", "args": ["--yes", "mobbdev@latest", "mcp"], "env": { } } } } ``` This file can be committed to your repo and shared across your team. {% hint style="success" %} For single-tenant users, ensure you add the variables `API_URL` and `WEB_APP_URL` in the `env` section. Furthermore, `TOOLS_ENABLED` allows you to specify which [modes](/mobb-user-docs/getting-started/mobb-vibe-shield-mvs.md#modes) are allowed: For example: ```json { "servers": { "mobb-mcp": { "type": "stdio", "command": "npx", "args": ["--yes", "mobbdev@latest", "mcp"], "env": { "API_URL": "https://api-st-.mobb.ai/v1/graphql", "WEB_APP_URL": "https://.mobb.ai", "TOOLS_ENABLED": ["fetch_available_fixes"] } } } } ``` {% endhint %} *** #### Option B: User-Level Configuration (`settings.json`) 1. Open Command Palette → `Preferences: Open Settings (JSON)` 2. Add or update the `mcp` section as follows: ```json { "mcp": { "servers": { "mobb-mcp": { "type": "stdio", "command": "npx", "args": ["--yes", "mobbdev@latest", "mcp"], "env": { } } } } } ``` This allows you to reuse the same setup across all projects without repeating `.vscode` setup. {% hint style="success" %} For single-tenant users, ensure you add the variables `API_URL` and `WEB_APP_URL` in the `env` section. Furthermore, `TOOLS_ENABLED` allows you to specify which [modes](/mobb-user-docs/getting-started/mobb-vibe-shield-mvs.md#modes) are allowed: For example: ```json { "mcp": { "servers": { "mobb-mcp": { "type": "stdio", "command": "npx", "args": ["--yes", "mobbdev@latest", "mcp"], "env": { "API_URL": "https://api-st-.mobb.ai/v1/graphql", "WEB_APP_URL": "https://.mobb.ai", "TOOLS_ENABLED": ["fetch_available_fixes"] } } } } } ``` {% endhint %} ### Step 3. Start the Server In VS Code: 1. Open the Command Palette (`Ctrl+Shift+P` or `Cmd+Shift+P`). 2. Run `MCP: List Servers`
3. In the list of configured MCP servers, locate **mobb-mcp**, then click **Start Server**.
If successful, you’ll see `mobb-mcp` listed under available tools in Agent Chat (such as `scan_and_fix_vulnerabilities`, `fetch_available_fixes`, and `check_for_new_available_fixes`). ### Step 4. Use Mobb in Agent Mode 1. Open Copilot Chat (`Ctrl+Alt+I`) 2. Switch to **Agent Mode**
3. In the Agent Chat prompt box, type: ``` Check for new available fixes using the Mobb MCP ``` 4. Accept the execution 5. On first-time setup, MVS will open a browser window to connect to the Mobb platform. You will be prompted to log in and authorize the IDE integration. ## Deploying a Rulebook for Automated Security Scanning and Fixing To ensure comprehensive security coverage in your development workflow, you should deploy a security-focused rulebook that mandates Mobb vulnerability scanning and fixing after every code change. In VS Code, this can be done by adding a file named `.github/instructions/security.instructions.md` at the root of your project or repository: {% file src="/files/5TXW9LDj3EX7kZsh4FMG" %} This rulebook enforces a **mandatory security protocol** that requires: * **Automatic Mobb scanning and fixing** after implementing any new features or making code changes * **Local fix rule creation** for every vulnerability type discovered by Mobb * **Vulnerability prevention** by building a library of security fix rules specific to your codebase ### Key Features of the Security Rulebook: * **Mandatory scanning protocol**: Cannot be bypassed - ensures every code change is security-tested * **Dynamic rule generation**: Automatically creates security fix rules files for each new vulnerability type found * **Append-only rule updates**: Preserves existing security knowledge while adding new protections * **Critical checklist enforcement**: AI assistants must complete all security steps before finishing any task This security-first approach transforms your development workflow into a **continuous security hardening process**, where each vulnerability discovered becomes a permanent protection rule for future development. For more information on custom instructions in VS Code, see the [GitHub Copilot documentation](https://docs.github.com/en/copilot/how-tos/custom-instructions/adding-repository-custom-instructions-for-github-copilot). ### Troubleshooting * Run `MCP: Show Output` to see server logs (Open the Command Palette (`Ctrl+Shift+P` or `Cmd+Shift+P`)) * Validate `node` is available in the terminal by running `node --version` * Check `mcp.json` for syntax or command errors * Ensure GitHub Copilot Chat is working independently of Mobb first * After you make changes to the MCP settings, you may need to restart VS Code * Visit the [MCP servers in VS Code](https://code.visualstudio.com/docs/copilot/chat/mcp-servers) for additional info --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.mobb.ai/mobb-user-docs/getting-started/mobb-vibe-shield-mvs/vs-code-+-github-copilot.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.