@finishkit/mcp

MCP server for FinishKit. Production readiness scanner for AI-built apps. Enables AI agents in Claude, Cursor, Windsurf, and VS Code to check if your code is ready to ship.

What AI Agents Can Do

Quick Start

No API key required to get started. The server starts in setup mode and guides you through configuration.

1. Run setup

npx @finishkit/mcp setup

This auto-detects your editor and configures FinishKit. Or target a specific editor:

npx @finishkit/mcp setup --claude-code
npx @finishkit/mcp setup --cursor
npx @finishkit/mcp setup --windsurf
npx @finishkit/mcp setup --codex
npx @finishkit/mcp setup --vscode

2. Restart your AI client

3. Try it out

Ask "is my app ready to ship?" or use the finishkit_setup tool to see configuration details and all available tools.

4. Get an API key when ready

Follow the setup guidance to get a free API key at finishkit.app. Then re-run setup with your key:

npx @finishkit/mcp setup --api-key fk_live_your_key_here

Restart your AI client after adding the key.

Manual Configuration

If you prefer to configure manually, add the following to your editor's MCP config file:

Claude Desktop (~/.claude/claude_desktop_config.json), Cursor (~/.cursor/mcp.json), Windsurf (~/.codeium/windsurf/mcp_config.json), VS Code Copilot (.vscode/mcp.json):

{
  "mcpServers": {
    "finishkit": {
      "command": "npx",
      "args": ["-y", "@finishkit/mcp"],
      "env": {
        "FINISHKIT_API_KEY": "fk_live_your_key_here"
      }
    }
  }
}

Claude Code:

claude mcp add finishkit -- npx -y @finishkit/mcp

Works Without API Key

The server always starts, even without an API key configured. This means FinishKit tools always appear in your IDE.

When called without a key, tools that require authentication return a helpful response explaining what FinishKit does and how to get set up. Two tools work without a key:

• finishkit_setup: Shows detailed setup instructions, API key status, and configuration examples for every supported IDE.
• create_project: Returns instructions for connecting a repository through the FinishKit dashboard.

Tools Reference

scan_repo (Primary Tool)

Check if your app is ready to ship. Triggers a production readiness scan on a GitHub repository, analyzing security, deployment, stability, tests, and UI completeness. Returns a prioritized finish plan with all findings. Typically takes 2-8 minutes.

Returns: Finding counts by severity and category, human-readable summary, dashboard URL.

get_scan_status

Check progress of a production readiness scan. Returns current phase and progress percentage.

get_findings

Get the production readiness report with prioritized findings blocking launch. Filter by category (blockers, security, deploy, stability, tests, ui) or minimum severity (critical, high, medium, low).

get_patches

Get auto-generated code patches that fix production readiness issues. Each patch includes a unified diff you can apply directly.

list_projects

List all repositories connected to FinishKit for production readiness scanning. No inputs required.

create_project

Get instructions to connect a new GitHub repository to FinishKit for production readiness scanning. Works without an API key.

request_intelligence_pack

Request a production readiness analysis pack tailored to your technology stack. Returns framework-specific rules, security advisories, and analysis prompts for local scanning.

sync_findings

Sync production readiness findings from a local analysis back to the FinishKit dashboard. Creates a run record and inserts findings with deduplication.

finishkit_setup

Get information about FinishKit and how to set it up. Shows what FinishKit does, your current API key status, and configuration examples for every supported IDE. Always works, even without an API key. No inputs required.

Resources Reference

For AI Agents

If you are an AI agent with access to FinishKit MCP tools:

Primary workflow: Scan a repository

1. Call scan_repo with the repository owner and name
2. The tool handles the full lifecycle (trigger, poll, wait for completion)
3. Returns finding counts by severity and category
4. Call get_findings for detailed findings list
5. Call get_patches for generated code fixes

Example: User asks "scan myorg/myapp for security issues"

scan_repo({ repo_owner: "myorg", repo_name: "myapp", run_type: "baseline" })

Then:

get_findings({ run_id: "<from scan_repo response>", category: "security" })

Handling common situations

• "API key not configured": Use finishkit_setup to get setup instructions
• "Project not found": The repository must be connected at https://finishkit.app/dashboard first
• "Authentication failed": The FINISHKIT_API_KEY env var is missing or invalid
• "Plan limit reached": User needs to upgrade at https://finishkit.app/dashboard/settings

Key facts

• scan_repo typically takes 2-8 minutes. It blocks until complete, no need to poll separately.
• Findings have severity: critical, high, medium, low
• Findings have category: blockers, security, deploy, stability, tests, ui
• Critical and high findings should be fixed before production deployment

Authentication

Set the FINISHKIT_API_KEY environment variable with your API key:

FINISHKIT_API_KEY=fk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

To get an API key:

1. Go to finishkit.app/dashboard/settings?tab=developer
2. Generate a new API key
3. Copy the key (it starts with fk_live_)

API keys authenticate via Authorization: Bearer <key> on every request. Keep your key secret and never commit it to source control.

Requirements

• Node.js 18+
• A FinishKit account (finishkit.app) for scanning (optional for setup)
• At least one repository connected to FinishKit via the GitHub App (for scanning)

Registry Listings

• Smithery
• npm: @finishkit/mcp

License

MIT - Copyright (c) 2026 FinishKit