Audito Docs
HomeDashboard

Docs

MCP setup

Wire the Audito MCP server into Claude Code (hosted or local).

What the MCP gets you

The Audito MCP server lets Claude Code (or any Model Context Protocol client) read and mutate your libraries without you opening the dashboard. Thirteen tools cover the full data model — list / inspect libraries, add or update dependencies, list and triage findings, ask for next-action suggestions, and pre-flight a single package or a whole lockfile before installing. See the MCP tools reference for the full schema.

Authentication is a single Audito API token. The MCP exchanges it for a short-lived JWT carrying your identity, and every query runs through Postgres RLS — same authz path as the dashboard.

Prerequisites

  1. A live Audito account with at least one library (otherwise there's nothing for the tools to return).
  2. A personal access token. Mint one at /dashboard/settings/api-tokens — see API tokens for the security model. Copy it now, you won't see it again.

Connect Claude Code

Run one command — Claude Code stores the URL and your bearer header in its config and the thirteen tools appear in the tool picker after a restart.

claude mcp add \
  --transport http audito \
  https://mcp.audito.dev/api/mcp \
  --header "Authorization: Bearer audt_your_token_here"

Verify with claude mcp listaudito should be listed and reachable.

Desktop clients without HTTP transport

A few MCP clients (Claude Desktop included, depending on version) don't speak the streamable-HTTP transport natively. Wrap the connection in mcp-remote:

{
  "mcpServers": {
    "audito": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote",
        "https://mcp.audito.dev/api/mcp",
        "--header",
        "Authorization: Bearer audt_your_token_here"
      ]
    }
  }
}

That keeps token handling on your machine while exposing the same toolset.

Troubleshooting

  • 401 Missing bearer token — the Authorization header didn't make it through. Re-run claude mcp add and quote the header value.
  • 401 Unknown or revoked token — token doesn't match any active row. Mint a new one at /dashboard/settings/api-tokens.
  • Tools don't appear — restart Claude Code; check claude mcp list to confirm the server is registered.