Package Exports
- devxira
- devxira/build/cli.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (devxira) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
Devxira
MCP server for developer workflows — PR review, daily standup reports, task management, and WordPress plugin research.
Features
- Git — Status, diff, branch, commit, push, log (local stdio mode only)
- WordPress — Search and inspect plugins from wordpress.org
- Workflow prompts — Built-in workflow templates for daily reports, PR reviews, task implementation, plugin research, and QA testing
- Companion server support — Integrates with GitHub, ClickUp, and Playwright MCP servers for extended workflows
Installation
Claude Code
claude mcp add devxira -- npx devxiraCompanion Servers (optional)
Install these alongside devxira for full workflow support:
# GitHub — for PR review, code search, and GitHub operations
claude mcp add --transport http github https://api.githubcopilot.com/mcp/ -H "Authorization: Bearer YOUR_GITHUB_PAT"
# ClickUp — for daily reports and task management
claude mcp add clickup --transport http https://mcp.clickup.com/mcp
# Playwright — for browser-based QA testing
claude mcp add playwright -- npx @playwright/mcp@latestClaude Desktop
Add to your config file:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
{
"mcpServers": {
"devxira": {
"command": "npx",
"args": ["devxira"]
}
}
}VS Code / Cursor
Add to .vscode/mcp.json in your workspace:
{
"servers": {
"devxira": {
"command": "npx",
"args": ["devxira"]
}
}
}Windsurf
Add to ~/.windsurf/mcp.json:
{
"mcpServers": {
"devxira": {
"command": "npx",
"args": ["devxira"]
}
}
}OpenAI Codex
codex --mcp-server "npx devxira"Available Tools
Git (6) — stdio mode only
| Tool | Description | Read-Only |
|---|---|---|
git_status |
Show working tree status | Yes |
git_diff |
Show staged/unstaged/ref changes | Yes |
git_create_branch |
Create and checkout a new branch | No |
git_commit |
Stage files and commit | No |
git_push |
Push to remote | No |
git_log |
Show recent commit history | Yes |
WordPress (2)
| Tool | Description | Read-Only |
|---|---|---|
wordpress_get_plugin |
Get plugin details from wordpress.org | Yes |
wordpress_search_plugins |
Search plugins by keyword | Yes |
Workflow Prompts
Devxira includes workflow prompts that guide Claude through multi-step developer tasks. Prompts that need companion servers will automatically detect if they're missing and show install instructions.
| Prompt | Description | Companion Server |
|---|---|---|
test_connection |
Verify all integrations are working | — |
daily_report |
Generate and send daily standup report | GitHub, ClickUp |
audit_pr |
Single-pass deep audit → severity-rated bug report | GitHub |
pr_feedback_loop |
Incremental Codex + Claude loop: review → verify → fix → re-review. A critic agent pushes back on false positives, a fixer agent applies verified fixes, then the loop repeats until clean or the iteration cap (default 5) fires. Best for small/medium PRs and fast feedback. | GitHub (PR mode only) |
pr_bulk_review_loop |
Bulk-discovery multi-agent loop: parallel specialized discovery passes (no fixing) → consolidate + cluster by root cause → evidence-grounded specialist critics on the FULL list → architect a coordinated fix plan → apply all fixes in dependency order → final verify. Best for medium/large PRs and root-cause / cross-cutting bugs (one fix closes N findings). Honors CLAUDE.md, .claude/skills/*/SKILL.md, and persists false-positive learnings across runs. |
GitHub (PR mode only); Playwright (auto, for UI changes) |
implement_task |
End-to-end ClickUp task implementation with PR | GitHub, ClickUp |
research_plugin |
WordPress plugin market analysis and MVP planning | — |
build_plugin |
Generate step-by-step AI build plan from a research report | — |
qa_test |
Browser-based QA testing with screenshot evidence | Playwright (+ GitHub if PR provided) |
Picking between the two PR-review loops
| Aspect | pr_feedback_loop (incremental) |
pr_bulk_review_loop (bulk) |
|---|---|---|
| Loop shape | small bite (find few → verify → fix → re-find) | one big sweep (find all → verify all → fix all → final verify) |
| Best for | small/medium PRs, fast feedback, well-known codebase | medium/large PRs, security audits, root-cause / pattern bugs, unfamiliar codebases |
| Catches | individual bugs as they surface | cross-cutting patterns (one fix closes 5 findings) |
| Wall-clock | longer (sequential rounds) | shorter (parallel discovery + fix in batches) |
| Risk | misses cross-file patterns, can oscillate | longer time-to-first-fix; bugs may interact under batch fix |
| Args | pr, max_iterations, mode |
pr, discovery_passes, outer_iterations, mode, verify_with_browser, precision |
Research-backed design (pr_bulk_review_loop)
The bulk loop's design is grounded in published code-review-tool research (CodeRabbit, Cursor Bugbot V1→V2 retrospective, CriticGPT, AutoReview FSE 2025, the Multi-Agent Code Verification paper, and the bug-bash methodology). Highlights:
- Specialist critics over generic — domain-specific critics (Correctness / Security / Performance / UI / Backend-Tenancy / Type-safety) detect 3× more bugs and produce 87% fewer false positives than generic critics, because their detections are statistically independent.
- "Evidence not vibes" (CodeRabbit) — every critic verdict requires executable proof (grep / ast-grep / quoted code snippets / browser screenshots). Pure-opinion verdicts are auto-downgraded to
NEEDS_INFO. - Asymmetric thresholds, not voting — Security critic alone marking
VERIFIEDblocks; Correctness needs two specialists or one + concrete reproduction; UI requires a screenshot or DOM excerpt. This prevents the "80+ agents unanimously endorse a non-existent vulnerability" failure mode (real, documented). - Dynamic per-finding context lookup (Cursor Bugbot V2 lesson) — critics
grepandReadthe actual code per finding rather than trusting an inlined excerpt. Resolution rate climbed from 52% → 70% when Cursor moved from pre-stuffed context to dynamic. - Persistent learnings (CodeRabbit-style) — refuted findings get appended to
.claude/review-learnings.md. Future runs auto-skip patterns matching that file (overridable with new evidence). Cross-PR memory is the single biggest source of false-positive reduction over time. - Architect / Editor split (Aider) — one subagent plans the fix batch (with dependency ordering and cluster-fix detection), separate fixer subagents apply patches per file-group.
- Browser verification uses Playwright MCP via the bundled
qa_testprompt (orcodex execwith Playwright MCP wired). Codex CLI does not have a native browser plugin —@Browseris a Codex App (GUI) feature only.
Note on naming: the previous
review_prprompt was renamed toaudit_prin v1.2.0 to make room for the loop tools and to avoid colliding with project-level/review-prslash commands.pr_bulk_review_loopwas added in v1.3.0.
Authentication
All external authentication is handled by companion MCP servers:
- GitHub — Requires a GitHub Personal Access Token (PAT). Create one at github.com/settings/tokens with
repoandread:userscopes. - ClickUp — Authenticates via browser on first use through ClickUp's official MCP server.
- Playwright — No authentication needed (runs locally).
Development
Prerequisites
- Node.js >= 18
- npm
Setup
git clone https://github.com/abuldev/devxira.git
cd devxira
npm installBuild
npm run buildRun
# stdio mode (for MCP clients)
npm start
# HTTP mode (for remote deployment)
npm run start:httpTest
npm testTest with MCP Inspector
npx @modelcontextprotocol/inspector node build/cli.jsLicense
MIT