MCPSafe
DocsCLIConfiguration
Configuration

CLI Configuration

Configure the MCPSafe CLI using config files, environment variables, or command-line options.

Configuration Priority

Configuration values are loaded in the following order (later values override earlier ones):

  1. 1
    Default values - Built-in defaults
  2. 2
    Global config file - ~/.mcpsafe/config.json
  3. 3
    Project config - package.json or mcp.config.json
  4. 4
    Environment variables - MCPSAFE_* variables
  5. 5
    Command-line options - Flags passed to commands

Config File Locations

Global Config

~/.mcpsafe/config.json

User-wide settings that apply to all projects

Project Config

./mcp.config.json

Project-specific settings (or in package.json)

Configuration Options

apiKey
string

Your MCPSafe API key for authentication

mcp_abc12345_xxxxxxxxxxxxxxxx
format
string

Default output format for scan results

json | sarif | table
failOn
string

Default severity threshold for failure

critical | high | medium | low
quiet
boolean

Suppress non-essential output

true | false
ignore
string[]

Patterns to ignore during scanning

["node_modules", "*.test.ts"]

Project Configuration

package.json

Add mcpsafe config to your existing package.json

package.json
{
  "mcpsafe": {
    "ignore": [
      "node_modules",
      "dist",
      "**/*.test.ts",
      "**/*.spec.ts"
    ],
    "failOn": "high",
    "rules": {
      "CMD001": "warn",
      "PATH002": "error"
    }
  }
}

mcp.config.json

Standalone configuration file in project root

mcp.config.json
{
  "name": "my-mcp-server",
  "version": "1.0.0",
  "mcpsafe": {
    "ignore": ["tests/**", "examples/**"],
    "failOn": "critical"
  }
}

Environment Variables

MCPSAFE_API_KEY

API key for authentication (overrides config file)

MCPSAFE_CONFIG

Path to custom config file

MCPSAFE_FORMAT

Default output format

MCPSAFE_FAIL_ON

Default failure threshold

CI

When set, enables CI-friendly output (no colors, no spinners)

Environment setup
# Example .env or shell profile
export MCPSAFE_API_KEY="mcp_abc12345_xxxxxxxxxxxxxxxx"
export MCPSAFE_FORMAT="json"
export MCPSAFE_FAIL_ON="high"

Rule Configuration

Custom Rule Severity

Override the default severity for specific rules

Rule overrides
{
  "mcpsafe": {
    "rules": {
      "CMD001": "error",    // Treat as error (fail scan)
      "PATH002": "warn",    // Treat as warning (report but don't fail)
      "INFO001": "off"      // Disable this rule entirely
    }
  }
}

"error" - Fail the scan if this rule triggers

"warn" - Report the issue but don't fail

"off" - Completely disable the rule