{ "name": "VibeLeak MCP", "version": "1.0.0", "description": "Public redacted trust-grade tools and owner-only VibeLeak scan, findings, report, VibeSignal, VibeRank, Stripe Checkout, Score Watch, and Trust Index tools.", "homepage": "https://www.vibeleak.app", "documentation": "https://www.vibeleak.app/docs", "transport": { "type": "streamable_http", "endpoint": "https://www.vibeleak.app/api/mcp", "methods": [ "POST" ], "headers": [ "Authorization", "Content-Type", "MCP-Protocol-Version", "MCP-Session-Id" ] }, "local": { "stdioCommand": "npm run mcp:stdio", "apiKeyEnv": "VIBELEAK_API_KEY" }, "auth": { "type": "oauth_pkce", "fallbackType": "bearer_api_key", "oauth": { "protectedResourceMetadata": "https://www.vibeleak.app/.well-known/oauth-protected-resource", "authorizationServerMetadata": "https://www.vibeleak.app/.well-known/oauth-authorization-server", "authorizationEndpoint": "https://www.vibeleak.app/oauth/authorize", "tokenEndpoint": "https://www.vibeleak.app/oauth/token", "registrationEndpoint": "https://www.vibeleak.app/oauth/register", "grantTypes": [ "authorization_code" ], "codeChallengeMethods": [ "S256" ], "tokenEndpointAuthMethod": "none" }, "keyPrefix": "vlk_live_", "signupUrl": "https://www.vibeleak.app/login?action=signup&next=/dashboard/api-keys", "apiKeyDashboard": "https://www.vibeleak.app/dashboard/api-keys", "envKey": "VIBELEAK_API_KEY", "currentBestPath": "Public MCP tools work without auth. Owner-only tools can use OAuth 2.1 Authorization Code + PKCE. API keys remain available as a manual fallback.", "connectionStatusTool": "get_connection_status", "rawKeyRecoverable": false, "publicToolsReturnRedactedDataOnly": true, "ownerToolsFailClosedWithoutAuth": true }, "agentOnboarding": [ "Connect to the Streamable HTTP endpoint and list tools.", "For Hermes, configure the HTTP MCP server with auth: oauth so Hermes runs browser-based OAuth 2.1 PKCE and caches the token.", "Call get_connection_status first to learn whether the caller is authenticated and whether VibeRank is allowed for the current plan.", "If no VIBELEAK_API_KEY is available, use only public redacted tools.", "When owner-only tools are needed, prefer OAuth. Manual API-key fallback remains signup/login -> /dashboard/api-keys -> store raw key as VIBELEAK_API_KEY.", "When the user wants monitoring, VibeRank, or assisted remediation, call create_checkout_session to return a Stripe Checkout URL for an allowlisted subscription plan.", "Send owner requests with Authorization: Bearer . Never paste raw tokens or API keys into prompts, chat history, docs, or commits." ], "tools": [ { "name": "get_connection_status", "title": "Get Connection Status", "description": "Check whether the MCP caller is authenticated, which auth methods are available, and what account capabilities are enabled. Never returns raw API keys.", "access": "public", "scopes": [], "inputSchema": { "type": "object", "properties": {} } }, { "name": "scan_domain", "title": "Scan Domain", "description": "Run a VibeLeak trust scan for a public domain and store the result under the API key owner.", "access": "owner", "scopes": [ "scan:write" ], "inputSchema": { "type": "object", "required": [ "url" ], "properties": { "url": { "type": "string", "description": "Public URL or domain to scan." }, "timeoutMs": { "type": "integer", "minimum": 2000, "maximum": 30000 } } } }, { "name": "scan_domain_and_export", "title": "Scan Domain and Export", "description": "Run an owned full trust scan, prioritize remediation actions, and return a save-ready Markdown report payload for the agent to write locally.", "access": "owner", "scopes": [ "scan:write", "reports:read", "findings:read" ], "inputSchema": { "type": "object", "required": [ "url" ], "properties": { "url": { "type": "string", "description": "Public URL or domain to scan and export." }, "timeoutMs": { "type": "integer", "minimum": 2000, "maximum": 30000 } } } }, { "name": "get_scan_result", "title": "Get Scan Result", "description": "Fetch an owned private scan result, including structured findings and remediation data.", "access": "owner", "scopes": [ "scan:read", "findings:read" ], "inputSchema": { "type": "object", "required": [ "scanId" ], "properties": { "scanId": { "type": "string", "format": "uuid" } } } }, { "name": "get_public_grade_card", "title": "Get Public Grade Card", "description": "Fetch redacted public grade-card data plus copy-ready badge embed HTML for a scan result.", "access": "public", "scopes": [], "inputSchema": { "type": "object", "required": [ "scanId" ], "properties": { "scanId": { "type": "string", "format": "uuid" } } } }, { "name": "get_private_findings", "title": "Get Private Findings", "description": "Fetch owned private findings only. Public callers must use get_public_grade_card.", "access": "owner", "scopes": [ "findings:read" ], "inputSchema": { "type": "object", "required": [ "scanId" ], "properties": { "scanId": { "type": "string", "format": "uuid" } } } }, { "name": "get_vibesignal", "title": "Get VibeSignal", "description": "Run a public, redacted VibeSignal check for AI-readable trust posture.", "access": "public", "scopes": [], "inputSchema": { "type": "object", "required": [ "url" ], "properties": { "url": { "type": "string", "description": "Public URL or domain to check." } } } }, { "name": "get_vibesignal_and_export", "title": "Get VibeSignal and Export", "description": "Run a public, redacted VibeSignal check and return save-ready Markdown for an agent handoff.", "access": "public", "scopes": [], "inputSchema": { "type": "object", "required": [ "url" ], "properties": { "url": { "type": "string", "description": "Public URL or domain to check and export as Markdown." } } } }, { "name": "run_viberank", "title": "Run VibeRank", "description": "Run an owned VibeRank check for AI-search and answer-engine visibility.", "access": "owner", "scopes": [ "viberank:write" ], "inputSchema": { "type": "object", "required": [ "url" ], "properties": { "url": { "type": "string", "description": "Public URL or domain to rank." }, "promptConfig": { "type": "object", "additionalProperties": true } } } }, { "name": "run_viberank_and_export", "title": "Run VibeRank and Export", "description": "Run owned VibeRank for Pro or Agency accounts and return a save-ready Markdown visibility report with Hermes agentic handoff, model-provider wiring, prompt-level fix queue, and Stripe/Score Watch next steps.", "access": "owner", "scopes": [ "viberank:write" ], "inputSchema": { "type": "object", "required": [ "url" ], "properties": { "url": { "type": "string", "description": "Public URL or domain to rank and export." }, "promptConfig": { "type": "object", "additionalProperties": true } } } }, { "name": "export_markdown_report", "title": "Export Markdown Report", "description": "Export an owned scan as an agent-ready Markdown security report.", "access": "owner", "scopes": [ "reports:read", "findings:read" ], "inputSchema": { "type": "object", "required": [ "scanId" ], "properties": { "scanId": { "type": "string", "format": "uuid" } } } }, { "name": "list_scan_history", "title": "List Scan History", "description": "List recent owned scan grade cards for the API key owner.", "access": "owner", "scopes": [ "history:read" ], "inputSchema": { "type": "object", "properties": { "limit": { "type": "integer", "minimum": 1, "maximum": 100, "default": 20 } } } }, { "name": "verify_domain_ownership_status", "title": "Verify Domain Ownership Status", "description": "List owned domain-verification records and their current trust gate status.", "access": "owner", "scopes": [ "trust-index:read" ], "inputSchema": { "type": "object", "properties": { "domain": { "type": "string" } } } }, { "name": "get_remediation_actions", "title": "Get Remediation Actions", "description": "Fetch prioritized remediation actions from an owned scan result.", "access": "owner", "scopes": [ "findings:read" ], "inputSchema": { "type": "object", "required": [ "scanId" ], "properties": { "scanId": { "type": "string", "format": "uuid" } } } }, { "name": "get_trust_index_visibility_status", "title": "Get Trust Index Visibility Status", "description": "Check public Trust Index visibility for a domain without exposing private findings.", "access": "public", "scopes": [], "inputSchema": { "type": "object", "required": [ "domain" ], "properties": { "domain": { "type": "string" } } } }, { "name": "create_checkout_session", "title": "Create Checkout Session", "description": "Create an allowlisted Stripe Checkout subscription session by plan/interval or price ID, returning agent-commerce metadata for approved operator spend.", "access": "owner", "scopes": [ "billing:write" ], "inputSchema": { "type": "object", "required": [ "priceId" ], "properties": { "priceId": { "type": "string", "description": "Allowlisted Stripe price ID." } } } }, { "name": "enable_score_watch", "title": "Enable Score Watch", "description": "Enroll an owned scan in Score Watch using the API key owner account.", "access": "owner", "scopes": [ "score-watch:write" ], "inputSchema": { "type": "object", "required": [ "scanId" ], "properties": { "scanId": { "type": "string", "format": "uuid" } } } } ], "resources": [ "vibeleak://tool-policy" ] }