> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pipefort.com/llms.txt
> Use this file to discover all available pages before exploring further.

# MCP server

> Expose Pipefort's scanner to AI coding assistants over the Model Context Protocol.

`pipefort mcp` runs Pipefort as a [Model Context Protocol](https://modelcontextprotocol.io)
server over stdio, so an AI coding assistant can scan CI workflows **as it
writes them** — catching an injection sink or an unpinned action before the code
is ever committed. It wraps the same engine as the CLI and web app.

## Register it

Point your assistant at the `pipefort mcp` command. For Claude Code:

```bash theme={null}
claude mcp add pipefort -- pipefort mcp
```

For other clients, add a command-based (stdio) MCP server entry, e.g.:

```json theme={null}
{
  "mcpServers": {
    "pipefort": {
      "command": "pipefort",
      "args": ["mcp"]
    }
  }
}
```

## Tools

| Tool             | Arguments                                                                | Returns                                                                                                                          |
| ---------------- | ------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------- |
| `scan_workflow`  | `content` (required), `filename`, `ruleset`, `persona`, `min_confidence` | Findings for a single in-memory workflow file. Set `filename` to `.gitlab-ci.yml` to scan GitLab CI; defaults to GitHub Actions. |
| `scan_directory` | `path` (required), `ruleset`, `persona`, `min_confidence`                | Findings for a local directory's `.github/workflows/*` and `.gitlab-ci.yml`, plus detected toxic combinations.                   |
| `explain_rule`   | `rule_id` (required)                                                     | The catalog entry (title, severity, confidence, description, docs URL) for a rule.                                               |

All three are read-only and offline — no token or network required. `ruleset`,
`persona`, and `min_confidence` mirror the [CLI flags](/cli/flags): omit them for
the permissive defaults (`all` / `regular` / keep everything).

## Example

An assistant editing a workflow can call `scan_workflow` with the buffer
contents and surface findings inline:

```json theme={null}
{
  "name": "scan_workflow",
  "arguments": {
    "content": "on: pull_request_target\njobs: ...",
    "min_confidence": "MEDIUM"
  }
}
```

The response is the same finding shape as [`-o json`](/cli/usage#json-output):
each finding carries its `rule_id`, `severity`, `confidence`, `file`, `line`, and
`recommendation`.
