npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@finishkit/mcp

v0.3.3

Published

MCP server for FinishKit. Production readiness scanner for AI-built apps. Enables AI agents in Claude, Cursor, Windsurf, and VS Code to check if code is ready to ship.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

d4dfind4dfin

Keywords

mcpmodel-context-protocolmcp-serverfinishkitsecuritysecurity-scanningvulnerability-scannercode-reviewdeploymentdeployment-checkerci-cdstatic-analysisai-toolsllm-toolsclaudecursorwindsurfcopilotgithubtypescriptnpmai-agentvibe-codingproduction-readylaunch-readinessship-readyfinish-planproduction-readiness

Readme

@finishkit/mcp

npm version MCP Compatible License: MIT

MCP server for FinishKit. Production readiness scanner for AI-built apps. Enables AI agents in Claude, Cursor, Windsurf, and VS Code to check if your code is ready to ship.

What AI Agents Can Do

| Tool | Description | |---|---| | scan_repo | Check if your app is ready to ship. Triggers a production readiness scan and returns a prioritized finish plan. | | get_scan_status | Check progress of a production readiness scan. Returns current phase and progress percentage. | | get_findings | Get the production readiness report with prioritized findings blocking launch. | | get_patches | Get auto-generated code patches that fix production readiness issues. | | list_projects | List all repositories connected to FinishKit for production readiness scanning. | | create_project | Get instructions to connect a new GitHub repository to FinishKit. | | request_intelligence_pack | Request a production readiness analysis pack tailored to your technology stack. | | sync_findings | Sync production readiness findings from a local analysis back to the FinishKit dashboard. | | finishkit_setup | Set up FinishKit or check connection status. Creates a browser-based setup link if not connected. |

Quick Start

No API key required to get started. The server starts in setup mode and guides you through connecting your account.

Option A: Browser login (recommended)

npx @finishkit/mcp login

Opens your browser. Sign in with GitHub or Google. Your editor picks up the key automatically. No copy-paste, no config editing, no restart.

Option B: Setup command

npx @finishkit/mcp setup

Auto-detects your editor and configures FinishKit. Or target a specific editor:

npx @finishkit/mcp setup --claude-code
npx @finishkit/mcp setup --cursor
npx @finishkit/mcp setup --windsurf
npx @finishkit/mcp setup --codex
npx @finishkit/mcp setup --vscode

Then ask your AI to scan your project. It will show a setup link if you haven't connected yet.

Option C: Manual configuration

Add the following to your editor's MCP config file:

Claude Desktop (~/.claude/claude_desktop_config.json), Cursor (~/.cursor/mcp.json), Windsurf (~/.codeium/windsurf/mcp_config.json), VS Code Copilot (.vscode/mcp.json):

{
  "mcpServers": {
    "finishkit": {
      "command": "npx",
      "args": ["-y", "@finishkit/mcp"],
      "env": {
        "FINISHKIT_API_KEY": "fk_live_your_key_here"
      }
    }
  }
}

Claude Code:

claude mcp add finishkit -- npx -y @finishkit/mcp

Get an API key at finishkit.app/activate.

Works Without API Key

The server always starts, even without an API key configured. This means FinishKit tools always appear in your IDE.

When called without a key, the finishkit_setup tool creates a browser-based activation link. Click the link, sign in, and your editor picks up the key on the next tool call. No restart needed.

Two tools always work without a key:

  • finishkit_setup: Creates a setup link and checks connection status.
  • create_project: Returns instructions for connecting a repository through the FinishKit dashboard.

Tools Reference

scan_repo (Primary Tool)

Check if your app is ready to ship. Triggers a production readiness scan on a GitHub repository, analyzing security, deployment, stability, tests, and UI completeness. Returns a prioritized finish plan with all findings. Typically takes 2-8 minutes.

| Parameter | Type | Required | Description | |---|---|---|---| | repo_owner | string | Yes | GitHub org or username (e.g., myorg) | | repo_name | string | Yes | Repository name without owner (e.g., my-app) | | run_type | enum | No | baseline (default), pr, or manual_patch | | commit_sha | string | No | Specific commit to scan; defaults to latest |

Returns: Finding counts by severity and category, human-readable summary, dashboard URL.

get_scan_status

Check progress of a production readiness scan. Returns current phase and progress percentage.

| Parameter | Type | Required | Description | |---|---|---|---| | run_id | string | Yes | Run ID from scan_repo or the dashboard |

get_findings

Get the production readiness report with prioritized findings blocking launch. Filter by category (blockers, security, deploy, stability, tests, ui) or minimum severity (critical, high, medium, low).

| Parameter | Type | Required | Description | |---|---|---|---| | run_id | string | Yes | Run ID of a completed scan | | category | enum | No | blockers, security, deploy, stability, tests, ui | | severity | enum | No | Minimum severity: critical, high, medium, low | | limit | number | No | Max findings to return (1-100, default 50) |

get_patches

Get auto-generated code patches that fix production readiness issues. Each patch includes a unified diff you can apply directly.

| Parameter | Type | Required | Description | |---|---|---|---| | run_id | string | Yes | Run ID of a completed scan |

list_projects

List all repositories connected to FinishKit for production readiness scanning. No inputs required.

create_project

Get instructions to connect a new GitHub repository to FinishKit for production readiness scanning. Works without an API key.

| Parameter | Type | Required | Description | |---|---|---|---| | repo_owner | string | Yes | GitHub org or username | | repo_name | string | Yes | Repository name |

request_intelligence_pack

Request a production readiness analysis pack tailored to your technology stack. Returns framework-specific rules, security advisories, and analysis prompts for local scanning.

| Parameter | Type | Required | Description | |---|---|---|---| | framework | string | Yes | Web framework (e.g., nextjs, remix, vite) | | language | enum | Yes | typescript or javascript | | package_manager | enum | Yes | npm, pnpm, yarn, or bun | | framework_version | string | No | Framework version (e.g., 16.0.0) | | integrations | array | No | Detected integrations (e.g., ["supabase", "stripe"]) | | dependencies | object | No | Package versions for CVE lookup | | focus | enum | No | full (default), security, api, deploy, stability |

sync_findings

Sync production readiness findings from a local analysis back to the FinishKit dashboard. Creates a run record and inserts findings with deduplication.

| Parameter | Type | Required | Description | |---|---|---|---| | project_name | string | Yes | Project display name | | agent_id | enum | Yes | claude-code, cursor, codex, windsurf, custom | | pack_id | string | Yes | Intelligence pack ID used | | pack_version | string | Yes | Intelligence pack version used | | started_at | string | Yes | ISO timestamp when analysis started | | finished_at | string | Yes | ISO timestamp when analysis finished | | detected_stack | object | Yes | Detected stack metadata | | findings | array | Yes | Array of findings from the analysis | | summary | string | Yes | Human-readable summary |

finishkit_setup

Set up FinishKit or check connection status. If not connected, creates a browser-based activation link. If connected, shows available tools. Always works, even without an API key. No inputs required.

Resources Reference

| URI | Description | |---|---| | finishkit://projects | All projects as a JSON array | | finishkit://projects/{id} | Single project details by ID | | finishkit://runs/{run_id}/findings | All findings for a scan run | | finishkit://runs/{run_id}/events | Full event log for a scan run |

For AI Agents

If you are an AI agent with access to FinishKit MCP tools:

Primary workflow: Scan a repository

  1. Call scan_repo with the repository owner and name
  2. The tool handles the full lifecycle (trigger, poll, wait for completion)
  3. Returns finding counts by severity and category
  4. Call get_findings for detailed findings list
  5. Call get_patches for generated code fixes

Example: User asks "scan myorg/myapp for security issues"

scan_repo({ repo_owner: "myorg", repo_name: "myapp", run_type: "baseline" })

Then:

get_findings({ run_id: "<from scan_repo response>", category: "security" })

Handling common situations

  • "FinishKit is not connected": Use finishkit_setup to get a browser activation link
  • "Project not found": The repository must be connected at https://finishkit.app/dashboard first
  • "Authentication failed": The API key is invalid. Run npx @finishkit/mcp login to re-authenticate
  • "Plan limit reached": User needs to upgrade at https://finishkit.app/dashboard/settings

Key facts

  • scan_repo typically takes 2-8 minutes. It blocks until complete, no need to poll separately.
  • Findings have severity: critical, high, medium, low
  • Findings have category: blockers, security, deploy, stability, tests, ui
  • Critical and high findings should be fixed before production deployment

Authentication

The simplest way to authenticate is npx @finishkit/mcp login, which opens your browser and stores the key locally at ~/.finishkit/credentials.

The MCP resolves API keys in this order:

  1. FINISHKIT_API_KEY environment variable (highest priority)
  2. ~/.finishkit/credentials file (written by login or setup --api-key)
  3. No key (setup mode with browser activation link)

To get an API key manually:

  1. Visit finishkit.app/activate
  2. Sign in with GitHub or Google
  3. Copy the key (starts with fk_live_)

API keys authenticate via Authorization: Bearer <key> on every request. Keep your key secret and never commit it to source control.

Requirements

  • Node.js 18+
  • A FinishKit account (finishkit.app) for scanning (optional for setup)
  • At least one repository connected to FinishKit via the GitHub App (for scanning)

Registry Listings

License

MIT - Copyright (c) 2026 FinishKit