npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@perfai/mcp

v1.0.28

Published

PerfAI MCP Server - Security, Design & Quality Analysis with Auth0 Authentication

Readme

@perfai/mcp

A Model Context Protocol (MCP) server that brings PerfAI Security, Design & Quality Analysis directly into your AI coding assistant. Authenticate once, then list and triage API security issues, generate AI-powered fix prompts, and view detailed dashboards — all from within Claude, Cursor, VS Code, Windsurf, Zed, or any MCP-compatible client.


⚡ Setup

Run the setup wizard — it auto-detects your MCP clients (Claude, Cursor, VS Code, Windsurf, Zed) and writes the correct config for each:

npx -y --package=@perfai/mcp@latest perfai-mcp-setup

That's it. No config file editing needed.


🔐 Authentication

Run the login tool from your AI assistant to open a browser-based Auth0 login. After authenticating, all protected tools become available automatically.

login                  # opens browser → authenticate → done
auth_status            # verify you're authenticated
logout                 # clear session

🛠️ Available Tools

🔓 Public (no authentication required)

| Tool | Description | | ------------- | -------------------------------------------------------- | | login | Authenticate with PerfAI via Auth0 OAuth. Opens browser. | | auth_status | Check current authentication status and user info. |

🔒 Protected (authentication required)

User & Session

| Tool | Description | | ----------- | ------------------------------------------------------ | | user_info | Get detailed information about the authenticated user. | | logout | Clear authentication session. | | setup | Auto-configure org and app with default values. |

Organization & App Management

| Tool | Parameters | Description | | ---------------------- | ---------------------------------------------------- | ------------------------------------------------------------------ | | manage_organizations | action (list/select/refresh), sequence, org_id | List orgs with sequence numbers, select by number or ID. | | list_apps | search, environment, page, limit | List all APPs with optional filters and pagination. | | select_app | sequence, name_or_label, app_id | Select an APP by sequence number, partial name/label, or exact ID. |

Issue Summary

| Tool | Description | | ------------------ | ------------------------------------------------------------------------------------------------------------------------------------- | | summarize_issues | Full dashboard for the selected APP — security risk, design issues, quality issues, attack surface, bug bounty savings, and coverage. |

Security Issues

| Tool | Parameters | Description | | ----------------------- | ------------------------------------------------------------------------------ | ----------------------------------------------------------- | | show_security_issues | limit, severities[], status, sort_by, sort_order, search, cursor | List security vulnerabilities with filters. | | ai_fix_security_issue | issue_id (sequence #, ID, or description) | Generate an AI-powered fix prompt for a security issue. | | check_security_fixes | wait_seconds | Check which previously fixed issues were actually resolved. |

Design Issues

| Tool | Parameters | Description | | --------------------- | -------------------------------------------------------------- | ----------------------------------------------------- | | show_design_issues | limit, status, sort_by, sort_order, search, cursor | List API design issues with filters. | | ai_fix_design_issue | issue_id | Generate an AI-powered fix prompt for a design issue. | | check_design_fixes | wait_seconds | Check which design fixes were actually resolved. |

Quality / Spec Validation Issues

| Tool | Parameters | Description | | ---------------------- | ---------------------------------------------------- | ------------------------------------------------------ | | show_quality_issues | limit, sort_by, sort_order, search, cursor | List spec validation issues. | | ai_fix_quality_issue | issue_id | Generate an AI-powered fix prompt for a quality issue. | | check_quality_fixes | wait_seconds | Check which quality fixes were actually resolved. |

Session State

| Tool | Description | | ------------------- | -------------------------------------------------- | | show_fixed_issues | Show all AI-fixed issues from the current session. |


💡 Typical Workflow

1. login                                                          # authenticate
2. manage_organizations {"action": "list"}                        # see your orgs
3. manage_organizations {"action": "select", "sequence": 1}
4. list_apps {"search": "payments"}                               # find your app
5. select_app {"sequence": 2}                                     # or by name: {"name_or_label": "payments"}
6. summarize_issues                                               # dashboard overview
7. show_security_issues {"severities": ["Critical", "High"]}
8. ai_fix_security_issue {"issue_id": "3"}                        # fix issue #3
9. show_design_issues {"status": "Open"}
10. show_quality_issues {}

📋 Tool Examples

Organization & App Selection

// List organizations with sequence numbers
manage_organizations {"action": "list"}

// Select org by sequence number (preferred)
manage_organizations {"action": "select", "sequence": 2}

// List apps — filter by name or environment
list_apps {"search": "checkout", "environment": "production", "page": 1, "limit": 50}

// Select app by partial name
select_app {"name_or_label": "checkout"}

// Select app by sequence number from list_apps
select_app {"sequence": 4}

Summary Dashboard

// Full dashboard: security + design + quality + attack surface
summarize_issues {}

Security Issues

// Show only Critical and High issues
show_security_issues {"severities": ["Critical", "High"], "limit": 20}

// Show dismissed issues
show_security_issues {"status": "Dismissed"}

// Fix issue #5
ai_fix_security_issue {"issue_id": "5"}

// Fix by description
ai_fix_security_issue {"issue_id": "System Design Issues/Enumerable Resource ID • GET /users"}

Design & Quality Issues

show_design_issues {"status": "Open", "sort_by": "createdOn", "sort_order": "DESC"}
show_quality_issues {"limit": 50}
ai_fix_design_issue {"issue_id": "2"}
ai_fix_quality_issue {"issue_id": "7"}

🚀 Local Development

git clone https://github.com/perfai/mcp-server.git
cd mcp-server
npm install
npm run build        # compile TS → dist/
npm start            # start MCP server
npm run dev          # watch mode
npm run mcp:inspect  # MCP Inspector UI at http://localhost:6274

🔍 Troubleshooting

| Problem | Fix | | --------------------------------------------- | ---------------------------------------------------------- | | MCP error -32000: Connection closed | Use the exact args above (--package=@perfai/mcp@latest perfai-mcp-server). A bare npx @perfai/mcp is ambiguous and fails to launch. | | Browser doesn't open on login | Manually visit the URL shown in the tool response | | No organizations found | Run manage_organizations {"action": "refresh"} | | App not found by name | Run list_apps {} first and use the exact sequence number | | Protected tool says "Authentication required" | Run login first | | Stale issues after a fix | Wait a moment and re-run show_*_issues |

Debug logs go to stderr:

npm start 2> debug.log

🌟 Key Features

  • Auth0 OAuth2 — secure browser-based login, no plaintext credentials in config
  • Org & App selection — by sequence number, name/label partial match, or ID
  • Issue filters — severity, status (Open/Dismissed), sort field & direction, keyword search, pagination
  • Summary dashboard — single-call overview of security, design, quality, attack surface, and bug bounty savings
  • AI fix prompts — generate actionable fix instructions for any issue by number, ID, or description
  • Fix tracking — compare AI-fixed issues against post-run results to confirm resolution

📄 License

MIT — see LICENSE