Start NowBlogsWatch NowContact Us

VS Code + GitHub Copilot

This guide describes how to configure Mobb Vibe Shield (MVS) as an MCP (Model Context Protocol) server in Visual Studio Code.

Prerequisites

Before setting up MVS, ensure the following:

VS Code version

GitHub Copilot permissions

If you are using GitHub Copilot through an organization account, confirm that your Copilot policies permit:

  • Copilot Chat in the IDE

  • MCP servers in Copilot

These settings are configured in your GitHub org admin panel under: Settings → Copilot → Policies

Node.js

Ensure Node.js v18.20 or later is installed. The MCP server uses npx and requires a modern Node.js runtime.

node --version

If not installed or outdated, install via nodejs.org.

Step 1: Enable MCP in VS Code

  1. Open VS Code settings (Ctrl+Comma or Cmd+, on Mac).

  2. Search for chat.mcp.enabled and check the box.

Alternatively, add this to your settings.json:

"chat.mcp.enabled": true

Step 2: Configure Mobb MCP Server

You can configure the MCP server either per workspace or globally.

Option A: Workspace-Level (.vscode/mcp.json)

  1. In your project root, create .vscode/mcp.json:

{
  "servers": {
    "mobb-mcp": {
      "type": "stdio",
      "command": "npx",
      "args": ["--yes", "mobbdev@latest", "mcp"],
      "env": {
      }
    }
  }
}

This file can be committed to your repo and shared across your team.

For single-tenant users, ensure you add the variables API_URL and WEB_APP_URL in the env section. Furthermore, TOOLS_ENABLED allows you to specify which modes are allowed:

For example:

{
  "servers": {
    "mobb-mcp": {
      "type": "stdio",
      "command": "npx",
      "args": ["--yes", "mobbdev@latest", "mcp"],
      "env": {
        "API_URL": "https://api-st-<YOUR_TENANT_NAME>.mobb.ai/v1/graphql",
        "WEB_APP_URL": "https://<YOUR_TENANT_NAME>.mobb.ai",
        "TOOLS_ENABLED": ["check_for_available_fixes"]
      }
    }
  }
}

Option B: User-Level Configuration (settings.json)

  1. Open Command Palette → Preferences: Open Settings (JSON)

  2. Add or update the mcp section as follows:

{
  "mcp": {
    "servers": {
      "mobb-mcp": {
        "type": "stdio",
        "command": "npx",
        "args": ["--yes", "mobbdev@latest", "mcp"],
        "env": {
        }
      }
    }
  }
}

This allows you to reuse the same setup across all projects without repeating .vscode setup.

For single-tenant users, ensure you add the variables API_URL and WEB_APP_URL in the env section. Furthermore, TOOLS_ENABLED allows you to specify which modes are allowed:

For example:

{
  "mcp": {
    "servers": {
      "mobb-mcp": {
        "type": "stdio",
        "command": "npx",
        "args": ["--yes", "mobbdev@latest", "mcp"],
        "env": {
          "API_URL": "https://api-st-<YOUR_TENANT_NAME>.mobb.ai/v1/graphql",
          "WEB_APP_URL": "https://<YOUR_TENANT_NAME>.mobb.ai",
          "TOOLS_ENABLED": ["check_for_available_fixes"]
        }
      }
    }
  }
}

Step 3: Start the Server

In VS Code:

  1. Open the Command Palette (Ctrl+Shift+P or Cmd+Shift+P).

  2. Run MCP: List Servers

  3. In the list of configured MCP servers, locate mobb-mcp, then click Start Server.

If successful, you’ll see mobb-mcp listed under available tools in Agent Chat (such as scan_and_fix_vulnerabilities, fetch_available_fixes, and check_for_new_available_fixes).

Step 4: Use Mobb in Agent Mode

  1. Open Copilot Chat (Ctrl+Alt+I)

  2. Switch to Agent Mode

  3. In the Agent Chat prompt box, type:

    Check for new available fixes using the Mobb MCP

  4. Accept the execution

  5. On first-time setup, MVS will open a browser window to connect to the Mobb platform. You will be prompted to log in and authorize the IDE integration.

Deploying a Rulebook for Automated Security Scanning and Fixing

To ensure comprehensive security coverage in your development workflow, you should deploy a security-focused rulebook that mandates Mobb vulnerability scanning and fixing after every code change. In VS Code, this can be done by adding a file named .github/instructions/security.instructions.md at the root of your project or repository:

2KB
security.instructions.md
Open

This rulebook enforces a mandatory security protocol that requires:

  • Automatic Mobb scanning and fixing after implementing any new features or making code changes

  • Local fix rule creation for every vulnerability type discovered by Mobb

  • Vulnerability prevention by building a library of security fix rules specific to your codebase

Key Features of the Security Rulebook:

  • Mandatory scanning protocol: Cannot be bypassed - ensures every code change is security-tested

  • Dynamic rule generation: Automatically creates security fix rules files for each new vulnerability type found

  • Append-only rule updates: Preserves existing security knowledge while adding new protections

  • Critical checklist enforcement: AI assistants must complete all security steps before finishing any task

This security-first approach transforms your development workflow into a continuous security hardening process, where each vulnerability discovered becomes a permanent protection rule for future development.

For more information on custom instructions in VS Code, see the GitHub Copilot documentation.

Troubleshooting

  • Run MCP: Show Output to see server logs (Open the Command Palette (Ctrl+Shift+P or Cmd+Shift+P))

  • Validate node is available in the terminal by running node --version

  • Check mcp.json for syntax or command errors

  • Ensure GitHub Copilot Chat is working independently of Mobb first

  • After you make changes to the MCP settings, you may need to restart VS Code

  • Visit the MCP servers in VS Code for additional info

PreviousVS Code + GitLab Duo ChatNextCursor

Last updated

Was this helpful?