MCP Integration
Connect Flowpatrol to your AI editor so security checks run inline while you code.
You've seen what Flowpatrol finds through the dashboard. Now bring that directly into your editor.
With MCP (Model Context Protocol), your AI assistant can run probes and scans without leaving the chat. You fix a bug, ask "is this secure?", and get an answer in seconds — no tab switching, no copy-pasting URLs.
Setup
Get your API key
Go to Settings → API Keys in the dashboard. Click Create API Key, name it, and copy the full key.
You'll only see the full key once. Store it somewhere safe.
Add the config file
Create the config file for your editor in your project root:
{
"mcpServers": {
"flowpatrol": {
"type": "url",
"url": "https://api.flowpatrol.ai/mcp",
"headers": {
"Authorization": "Bearer fp_live_your_api_key"
}
}
}
}{
"mcpServers": {
"flowpatrol": {
"type": "url",
"url": "https://api.flowpatrol.ai/mcp",
"headers": {
"Authorization": "Bearer fp_live_your_api_key"
}
}
}
}{
"mcpServers": {
"flowpatrol": {
"type": "url",
"url": "https://api.flowpatrol.ai/mcp",
"headers": {
"Authorization": "Bearer fp_live_your_api_key"
}
}
}
}Replace fp_live_your_api_key with your actual key. Start a new editor session — Flowpatrol will appear in the available tools.
Try it
Ask your assistant to run a probe:
Run a Flowpatrol probe on https://myapp.vercel.appYou should see results in about 10 seconds.
What you can do
Once connected, your assistant has access to the same three tools available in the dashboard:
| Prompt | What happens |
|---|---|
| "Probe my app at https://..." | Runs a quick surface check (~10s, 1 credit) |
| "Run a full scan on https://..." | Runs a full security scan (2–5 min, 5 credits) |
| "Show my latest Flowpatrol report" | Pulls results from the most recent scan |
| "Show only critical findings" | Filters an existing report by severity |
Your assistant formats the results inline and can immediately help you fix what it finds.
Workflows
Check before you push
After building a feature, ask your assistant to probe before you commit:
I just added a payment flow. Run a Flowpatrol probe on http://localhost:3000Deep scan on staging
Before merging to main, run a full scan against your preview deployment:
Run a full Flowpatrol scan on https://my-pr-123.vercel.appFix loop
The real power is the feedback loop. Flowpatrol finds an issue, your assistant suggests a fix, you apply it, and probe again to confirm:
Probe my app → finds missing RLS → assistant writes the policy → probe again → cleanThis loop works because probes are fast (10 seconds) and cheap (1 credit).
Multiple projects
Each project can use the same API key — just copy the config file to each project root. If you want per-project usage tracking, create a separate key for each project in the dashboard. All keys share your account's credit balance.
Keep your key safe
Add your MCP config file to .gitignore to keep your API key out of version control.
# MCP config (contains API key)
.mcp.json
.cursor/mcp.json
.windsurf/mcp.jsonHow MCP works
The Model Context Protocol is an open standard that lets AI assistants call external tools. Flowpatrol runs a hosted MCP server at api.flowpatrol.ai/mcp. When your assistant decides to check security, it sends a JSON-RPC request to our server, we authenticate via your API key, run the check, and return structured results.
- All communication uses HTTPS with TLS 1.3
- Your API key is hashed server-side — we never store the raw key
- Flowpatrol only tests targets you specify — we never access your source code
- Scan results are stored under your account with row-level security
Troubleshooting
Tool not found
Make sure the config file is in the correct location for your editor. Restart your editor session after adding the file.
Unauthorized errors
Check that your API key starts with fp_live_ and hasn't been revoked. Generate a new key from the API Keys page if needed.
Scan times out
Full scans can take up to 5 minutes for large apps. Use a probe for quick feedback, or set mode: "quick" for faster scans.