AI Integration
Give your agent runtime context, not just source code.
BrokenApp's MCP server builds a 7-layer graph of your entire application — code, frontend, database, runtime, docs, conversations, and design — then exposes it to Claude Code, Cursor, and any MCP-compatible AI tool. Your agent doesn't just read source files. It sees how your app actually works.
Application Graph
Your AI agent sees your whole app
Every scan builds a unified graph across 7 layers. Your agent can query any layer, trace connections between them, and understand your application as a system — not a pile of files.
Code
Source files, functions, imports, and dependency graph across all languages.
Frontend
Routes, components, forms, navigation flows, and UI state machines.
Database
Tables, columns, relations, indexes, and migration history.
Runtime
API endpoints, request/response schemas, auth flows, and network traffic.
Docs
README files, inline documentation, API docs, and architecture notes.
Conversations
Chat history, agent threads, past decisions, and context from previous sessions.
Design
Accessibility violations, color contrast, spacing, and UI consistency issues.
In action
Watch the agent work
Your AI agent queries the app graph, reads critical findings, generates fixes, and re-scans to verify — all through MCP tool calls.
agent → scan
"I'll scan the codebase and check for security issues."
mcp ←
Scanned 847 files. 234 code nodes, 89 endpoints, 12 security findings stored to graph.
agent → list_findings
"Found 3 high-severity issues. Let me check the details."
mcp ←
3 high findings: Hardcoded JWT secret (config.ts:23) SQL injection (users.ts:89) Missing CSRF (/api/payment)
agent → scan
"I'll fix the hardcoded JWT secret first, then re-scan to verify."
mcp ←
Re-scanned. 11 security findings (was 12). Hardcoded JWT secret resolved.
MCP Tools
What the server exposes
13 tools across 4 categories. Each tool returns structured data your agent can reason about, chain together, and act on.
Scanning
scan
Run a full scan across 6 layers: code, frontend, security, accessibility, design, and database.
Analysis
search
Full-text search across the entire application graph. Find endpoints, components, findings, and more.
list_findings
List all security and quality findings with severity, CWE mapping, evidence, and remediation.
graph_health
Get a health summary of the application graph: coverage, staleness, and layer completeness.
impact_analysis
Trace the blast radius of a change. Shows affected routes, components, and downstream dependencies.
endpoint_trace
Trace an endpoint from frontend form to API handler to database query. Full request lifecycle.
api_coverage
Compare discovered API endpoints against defined routes. Find untested or undocumented paths.
Management
baseline
Create, apply, or diff scan baselines. Filter noise and track regressions across runs.
ingest
Ingest external data into the graph: OpenAPI specs, Postman collections, HAR files, and more.
docs_report
Generate a documentation report from the graph. Markdown, JSON, or structured output.
Portal
portal_scan
Trigger a scan on BrokenApp Cloud. Returns scan ID for polling results remotely.
portal_projects
List and manage projects on BrokenApp Cloud. View scan history and team access.
sync_to_platform
Push local scan results and graph data to BrokenApp Cloud for team sharing and dashboards.
Setup
Install in under a minute
The MCP server ships as an npm package. No Rust toolchain or compilation required. Pick your tool and paste the config.
Claude Desktop
Add to your claude_desktop_config.json
{
"mcpServers": {
"brokenapp": {
"command": "npx",
"args": ["-y", "brokenapp-mcp"]
}
}
}Cursor
Add to .cursor/mcp.json in your project root
{
"mcpServers": {
"brokenapp": {
"command": "npx",
"args": ["-y", "brokenapp-mcp"]
}
}
}Claude Code
One command from your terminal
$ claude mcp add brokenapp -- npx -y brokenapp-mcp
Tell your AI what to do
"Scan this project, find all critical security issues, fix them, and re-scan to verify."
Install the MCP server. Give your agent eyes on the running app.
Works with Claude Desktop, Cursor, Claude Code, and any MCP-compatible tool.
$ npx -y brokenapp-mcp