boost-community/boost-mcp # codebase.md

# Directory Structure

```
├── img
│   ├── claude.png
│   ├── cursor-enabled.png
│   ├── vscode-config.png
│   ├── vscode-enabled.png
│   └── windsurf-enabled.png
└── README.md
```

# Files

--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------

```markdown
  1 | # BoostSecurity MCP: Securing Agentic AI Development Workflows
  2 | 
  3 | *Powered by [BoostSecurity](https://boostsecurity.io/)*
  4 | 
  5 | ## Description
  6 | Agentic AI systems can accelerate software delivery by autonomously suggesting or adding code and dependencies. However, without the right safeguards, they can also introduce significant supply chain risks by pulling in third-party packages that:
  7 | 
  8 | - Don’t actually exist (hallucinations)
  9 | 
 10 | - Contain known vulnerabilities, including high or critical severity issues
 11 | 
 12 | - Are end-of-life and no longer supported
 13 | 
 14 | - Are associated with malware or malicious activity
 15 | 
 16 | - Mimic legitimate libraries through typosquatting
 17 | 
 18 | 
 19 | **BoostSecurity MCP** acts as a safeguard for agentic workflows. It analyzes every package an AI agent introduces, flags unsafe dependencies, and recommends secure, maintained alternatives to keep projects protected.
 20 | 
 21 | 
 22 | With **BoostSecurity MCP**, teams can:
 23 | 
 24 | - Block unsafe or malicious packages before they are introduced
 25 | 
 26 | - Verify that dependencies are maintained and supported
 27 | 
 28 | - Receive recommendations for safer alternatives when risks are detected
 29 | 
 30 | - Reduce package-related risks and strengthen the software supply chain
 31 | 
 32 | - Confidently adopt agentic AI—supporting innovation and speed without compromising on security
 33 | 
 34 | 
 35 | ## Supported Languagues and Ecosystems
 36 | 
 37 | The following languages and package ecosystems are supported in this release:
 38 | 
 39 | - **Python** – PyPI
 40 | 
 41 | - **Go** – Go Modules
 42 | 
 43 | - **JavaScript/TypeScript** – npm
 44 | 
 45 | - **Java** – Maven
 46 | 
 47 | - **C#** – NuGet
 48 | 
 49 | 
 50 | ## Installation
 51 | 
 52 | 
 53 | ### Requirements
 54 | 
 55 | - Cursor, Claude Code, Windsurf, VS Code,  and other MCP Client
 56 | 
 57 | 
 58 | <details>
 59 | <summary><b>Install in Cursor</b></summary>
 60 | 
 61 | Go to: `Settings` -> `Cursor Settings` -> `MCP` -> `Add new global MCP server`
 62 | 
 63 | See [Cursor MCP docs](https://docs.cursor.com/context/model-context-protocol) for more info.
 64 | 
 65 | 
 66 | #### Cursor Remote Server Connection
 67 | 
 68 | ```json
 69 | {
 70 |   "mcpServers": {
 71 |     "boost-security": {
 72 |       "url": "https://mcp.boostsecurity.io/mcp",
 73 |       "transport": "http"
 74 |     }
 75 |   }
 76 | }
 77 | ```
 78 | 
 79 | Once configured, under `Cursor Settings` -> `MCP & Integrations`, the BoostSecurity MCP tool is enabled for validate_package
 80 | 
 81 | <img src="img/cursor-enabled.png" alt="BoostSecurity Enabled" width="50%"> 
 82 | 
 83 | </details>
 84 | 
 85 | <details>
 86 | <summary><b>Install in Claude Code</b></summary>
 87 | 
 88 | Run this command. See [Claude Code MCP docs](https://docs.anthropic.com/en/docs/claude-code/sdk/sdk-mcp) for more info.
 89 | 
 90 | #### Claude Code Remote Server Connection
 91 | 
 92 | ```sh
 93 | claude mcp add --scope user --transport http boost-security https://mcp.boostsecurity.io/mcp
 94 | ```
 95 | 
 96 | To confirm the BoostSecurity MCP server is properly configured, type `/mcp` within Claude. The BoostSecurity MCP should appear as enabled.
 97 | 
 98 | <img src="img/claude.png" alt="BoostSecurity Enabled" width="50%">
 99 | 
100 | </details>
101 | 
102 | <details>
103 | <summary><b>Install in Windsurf</b></summary>
104 | 
105 | - Navigate to Windsurf Settings -> Cascade MCP Servers
106 | 
107 | - Add the BoostSecurity MCP server configuration:
108 | 
109 | See [Windsurf MCP docs](https://docs.windsurf.com/windsurf/cascade/mcp) for more info.
110 | 
111 | #### Windsurf Remote Server Connection
112 | 
113 | ```json
114 | {
115 |   "mcpServers": {
116 |         "boost-security": {
117 |             "serverUrl": "https://mcp.boostsecurity.io/mcp"
118 |         }
119 |     }
120 | }
121 | ```
122 | 
123 | Alternatively, add the configuration to your Windsurf MCP config file (e.g. `~/.codeium/windsurf/mcp_config.json`).
124 | 
125 | You may need to relaunch Windsurf for the new MCP server configuration to take effect.
126 | 
127 | Once configured, go to Windsurg Settings -> Manage MCPs, the BoostSecurity MCP connection should appear as enabled with the `validate_package` tool.
128 | 
129 | <img src="img/windsurf-enabled.png" alt="BoostSecurity Enabled" width="50%"> 
130 | 
131 | 
132 | </details>
133 | 
134 | <details>
135 | <summary><b>Install in VSCode</b></summary>
136 | 
137 | - Navigate to View -> Command Palette -> `MCP:Open User Configuration`
138 | 
139 | - Add the BoostSecurity MCP server configuration:
140 | 
141 | See [VSCode MCP docs](https://code.visualstudio.com/docs/copilot/customization/mcp-servers) for more info.
142 | 
143 | #### VSCode Remote Server Connection
144 | 
145 | ```json
146 | {
147 |   "servers": {
148 |     "boost-security": {
149 |       "type": "http",
150 |       "url": "https://mcp.boostsecurity.io/mcp"
151 |     }
152 |   }
153 | }
154 | ```
155 | 
156 | You may need to relaunch VS Code for the new MCP server configuration to take effect. 
157 | 
158 | Once added, enable the MCP connection by select **Start** on the MCP configuration.
159 | 
160 | <img src="img/vscode-config.png" alt="BoostSecurity Configuration" width="50%">
161 | 
162 | When enabled, the state changes to **Running**.
163 | 
164 | <img src="img/vscode-enabled.png" alt="BoostSecurity Enabled" width="50%"> 
165 | 
166 | 
167 | </details>
168 | 
169 | 
170 | <details>
171 | <summary><b>Install with Other MCP Clients</b></summary>
172 | 
173 | The BoostSecurity MCP server can be used by any MCP-compliant client, as long as the client supports:
174 | 
175 | - Transport type: `http`
176 | - Remote server connection, to: `https://mcp.boostsecurity.io/mcp`
177 | 
178 | Refer to your MCP client’s documentation for instructions on configuring remote MCP servers.
179 | </details>
180 | 
181 | 
182 | ## Included Tools
183 | 
184 | BoostSecurity MCP provides the following tools:
185 | 
186 | - `validate_package`: Validates whether a package is safe to use. If the package is unsafe, a recommended alternative is provided.
187 | 
188 | 
189 | ## For Better Results
190 | 
191 | The BoostSecurity MCP server provides strong instructions and descriptions during connection initialization, encouraging agents to always validate packages before adding to a project. 
192 | 
193 | To ensure best results, add a rule in your AI agent instructing it to validate packages with BoostSecurity MCP. For example:
194 | 
195 | ```txt
196 | Always use the BoostSecurity MCP tool `validate_package` to ensure a package is safe before adding it to a project. 
197 | Use the package versions recommended by BoostSecurity. 
198 | ```
```