Metadata-Version: 2.4
Name: hacki-mcp
Version: 0.1.4
Summary: MCP server for HackiAI security code analysis
Project-URL: Homepage, https://hacki.ai
Project-URL: Documentation, https://hacki.ai/docs/mcp
Project-URL: Source, https://github.com/hackiai/hacki-mcp
Project-URL: Bug Tracker, https://github.com/hackiai/hacki-mcp/issues
Author-email: HackiAI <hello@hacki.ai>
License: MIT License
        
        Copyright (c) 2026 HackiAI
        
        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:
        
        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.
        
        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
License-File: LICENSE
Keywords: claude,code-review,hacki,mcp,sast,security
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Quality Assurance
Requires-Python: >=3.11
Requires-Dist: hacki-graph>=0.1.0
Requires-Dist: httpx>=0.27.0
Requires-Dist: mcp[cli]>=1.0.0
Requires-Dist: pathspec>=0.12.0
Requires-Dist: websockets>=12.0
Description-Content-Type: text/markdown

# hacki-mcp

Security code analysis for your IDE, powered by the [HackiAI](https://hacki.ai) API.

**hacki-mcp** is a [Model Context Protocol (MCP)](https://modelcontextprotocol.io) server that brings HackiAI's security analysis directly into Claude Desktop, Cursor, VS Code, Claude Code, and any other MCP-compatible client.

## Tools

| Tool | Description |
|------|-------------|
| `hacki_review_file` | Analyze a single file for security vulnerabilities |
| `hacki_review_files` | Analyze a list of files together |
| `hacki_review_directory` | Analyze a directory recursively |
| `hacki_commit` | Analyze staged files and generate a suggested commit message |
| `hacki_get_history` | List past reviews with filters and pagination |
| `hacki_get_findings` | Get the findings for a specific review |
| `hacki_update_finding_status` | Mark a finding as `resolved`, `ignored`, or `pending` |

## Usage

Just ask your AI agent in natural language. The agent decides which tool to call. If it searches your codebase instead of calling the tool, be explicit with the tool name.

### Analyze a file

```
Review /home/user/project/app.py for security issues
```
```
Use hacki_review_file to analyze /home/user/project/app.py
```

### Analyze multiple files together

```
Use hacki_review_files to analyze src/auth.py, src/models.py and src/api.py
```

> Multi-file analysis automatically generates a code graph (AST + CFG + DFG) to detect cross-file vulnerabilities.

### Analyze an entire directory

```
Run a security review on the /home/user/project/src directory
```
```
Use hacki_review_directory on ./src
```

### Before committing — analyze staged files

Stage your files first (`git add`), then:

```
Use hacki_commit to review my staged changes and suggest a commit message
```

The tool returns a suggested commit message plus any security findings in the staged code.

### View past reviews

```
Show my last 10 security reviews
```
```
Use hacki_get_history with page 1 and size 10
```

Filter by filename or date:

```
Show reviews from the last week for files named auth
```

### See the findings of a specific review

Copy the review ID from the history and ask:

```
Show the findings for review 59f862db-adb1-4f63-a920-fbfc42ee4f93
```
```
Get the critical and high severity findings for review <id>
```

### Mark a finding as resolved

```
Mark finding <issue_id> in review <review_id> as resolved
```
```
Ignore finding <issue_id> in review <review_id>
```

Valid statuses: `resolved`, `ignored`, `pending`.

### Typical workflow

```
1. Ask for your review history to find recent reviews
2. Ask for the findings of a specific review
3. Fix the issues in your code
4. Mark the findings as resolved
```

---

## Requirements

A HackiAI API key. Get one at [hacki.ai](https://hacki.ai).

## Installation

### uvx — recommended, no install needed

[uvx](https://docs.astral.sh/uv/) runs the server on demand without polluting your Python environment:

```json
{
  "mcpServers": {
    "hacki": {
      "command": "uvx",
      "args": ["hacki-mcp@latest"],
      "env": { "HACKI_API_KEY": "hacki_xxxx" }
    }
  }
}
```

### pip

```bash
pip install hacki-mcp
```

### Docker

```bash
docker pull hackiai/hacki-mcp
```

## Configuration

### Claude Desktop

Edit your config file:
- **macOS:** `~/Library/Application Support/Claude/claude_desktop_config.json`
- **Windows:** `%APPDATA%\Claude\claude_desktop_config.json`

```json
{
  "mcpServers": {
    "hacki": {
      "command": "uvx",
      "args": ["hacki-mcp@latest"],
      "env": {
        "HACKI_API_KEY": "hacki_xxxx"
      }
    }
  }
}
```

### Claude Code

```bash
claude mcp add hacki -- uvx hacki-mcp
```

Then add your API key in `.claude/settings.json`:

```json
{
  "mcpServers": {
    "hacki": {
      "command": "uvx",
      "args": ["hacki-mcp@latest"],
      "env": {
        "HACKI_API_KEY": "hacki_xxxx"
      }
    }
  }
}
```

### Cursor

Add to `~/.cursor/mcp.json`:

```json
{
  "mcpServers": {
    "hacki": {
      "command": "uvx",
      "args": ["hacki-mcp@latest"],
      "env": {
        "HACKI_API_KEY": "hacki_xxxx"
      }
    }
  }
}
```

### VS Code (GitHub Copilot Agent)

Open the Command Palette (`Ctrl+Shift+P`) and run **"MCP: Open User Configuration"**, then add:

```json
{
  "servers": {
    "hacki": {
      "command": "uvx",
      "args": ["hacki-mcp@latest"],
      "env": {
        "HACKI_API_KEY": "hacki_xxxx"
      }
    }
  }
}
```

Switch Copilot to **Agent** mode to use the tools.

### Docker (any IDE)

Use this variant if you prefer not to install Python:

```json
{
  "mcpServers": {
    "hacki": {
      "command": "docker",
      "args": ["run", "--rm", "-i", "-e", "HACKI_API_KEY", "hackiai/hacki-mcp"],
      "env": {
        "HACKI_API_KEY": "hacki_xxxx"
      }
    }
  }
}
```

### Already using the HackiAI CLI?

If you have run `hacki login`, your credentials are already stored at `~/.hacki_cli/config.json`. The MCP reads them automatically — no `HACKI_API_KEY` needed in the config.

## Code Graph

hacki-mcp automatically generates AST, IR, CFG, and DFG graphs (via [hacki-graph](https://pypi.org/project/hacki-graph/)) when analyzing multiple files. This significantly improves cross-file vulnerability detection.

Supported languages: Python, JavaScript, TypeScript, Java, C#, Go, PHP.

## License

[MIT](LICENSE)
