@sourcebot/mcp
Advanced tools
The Sourcebot MCP server gives your LLM agents the ability to fetch code context across thousands of repos hosted on GitHub, GitLab, BitBucket and more. Ask your LLM a question, and the Sourcebot MCP server will fetch relevant context from its index and inject it into your chat session. Some use cases this unlocks include:
Enriching responses to user requests:
useCodeMirrorTheme hook defined?"deprecatedApi across all repos"Improving reasoning ability for existing horizontal agents like AI code review, docs generation, etc.
Building custom LLM horizontal agents like like compliance auditing agents, migration agents, etc.
Install Node.JS >= v18.0.0.
(optional) Spin up a Sourcebot instance by following this guide. The host url of your instance (e.g., http://localhost:3000) is passed to the MCP server via the SOURCEBOT_HOST url. This allows you to control which repos Sourcebot MCP fetches context from (including private repos).
If a host is not provided, then the server will fallback to using the demo instance hosted at https://demo.sourcebot.dev. You can see the list of repositories indexed here. Add additional repositories by opening a PR.
Install @sourcebot/mcp into your MCP client:
Go to: Settings -> Cursor Settings -> MCP -> Add new global MCP server
Paste the following into your ~/.cursor/mcp.json file. This will install Sourcebot globally within Cursor:
{
"mcpServers": {
"sourcebot": {
"command": "npx",
"args": ["-y", "@sourcebot/mcp@latest" ],
// Optional - if not specified, https://demo.sourcebot.dev is used
"env": {
"SOURCEBOT_HOST": "http://localhost:3000"
}
}
}
}
Go to: Windsurf Settings -> Cascade -> Add Server -> Add Custom Server
Paste the following into your mcp_config.json file:
{
"mcpServers": {
"sourcebot": {
"command": "npx",
"args": ["-y", "@sourcebot/mcp@latest" ],
// Optional - if not specified, https://demo.sourcebot.dev is used
"env": {
"SOURCEBOT_HOST": "http://localhost:3000"
}
}
}
}
Add the following to your settings.json:
{
"mcp": {
"servers": {
"sourcebot": {
"type": "stdio",
"command": "npx",
"args": ["-y", "@sourcebot/mcp@latest"],
// Optional - if not specified, https://demo.sourcebot.dev is used
"env": {
"SOURCEBOT_HOST": "http://localhost:3000"
}
}
}
}
}
Run the following command:
# SOURCEBOT_HOST env var is optional - if not specified,
# https://demo.sourcebot.dev is used.
claude mcp add sourcebot -e SOURCEBOT_HOST=http://localhost:3000 -- npx -y @sourcebot/mcp@latest
Add the following to your claude_desktop_config.json:
{
"mcpServers": {
"sourcebot": {
"command": "npx",
"args": ["-y", "@sourcebot/mcp@latest"],
// Optional - if not specified, https://demo.sourcebot.dev is used
"env": {
"SOURCEBOT_HOST": "http://localhost:3000"
}
}
}
}
Alternatively, you can install using via Smithery. For example:
npx -y @smithery/cli install @sourcebot-dev/sourcebot --client claude
use sourcebot when prompting.For a more detailed guide, checkout the docs.
Fetches code that matches the provided regex pattern in query.
| Name | Required | Description |
|---|---|---|
query | yes | Regex pattern to search for. Escape special characters and spaces with a single backslash (e.g., 'console.log', 'console\ log'). |
filterByRepoIds | no | Restrict search to specific repository IDs (from 'list_repos'). Leave empty to search all. |
filterByLanguages | no | Restrict search to specific languages (GitHub linguist format, e.g., Python, JavaScript). |
caseSensitive | no | Case sensitive search (default: false). |
includeCodeSnippets | no | Include code snippets in results (default: false). |
maxTokens | no | Max tokens to return (default: env.DEFAULT_MINIMUM_TOKENS). |
Lists all repositories indexed by Sourcebot.
Fetches the source code for a given file.
| Name | Required | Description |
|---|---|---|
fileName | yes | The file to fetch the source code for. |
repoId | yes | The Sourcebot repository ID. |
Sourcebot supports the following code hosts:
| Don't see your code host? Open a GitHub discussion.
Currently, Sourcebot only supports regex-based code search (powered by zoekt under the hood). It is great for scenarios when the agent is searching for is something that is super precise and well-represented in the source code (e.g., a specific function name, a error string, etc.). It is not-so-great for fuzzy searches where the objective is to find some loosely defined category or concept in the code (e.g., find code that verifies JWT tokens). The LLM can approximate this by crafting regex searches that attempt to capture a concept (e.g., it might try a query like "jwt|token|(verify|validate).*(jwt|token)"), but often yields sub-optimal search results that aren't related. Tools like Cursor solve this with embedding models to capture the semantic meaning of code, allowing for LLMs to search using natural language. We would like to extend Sourcebot to support semantic search and expose this capability over MCP as a tool (e.g., semantic_search_code tool). GitHub Discussion
Another idea is to allow LLMs to traverse abstract syntax trees (ASTs) of a codebase to enable reliable code navigation. This could be packaged as tools like goto_definition, find_all_references, etc., which could be useful for LLMs to get additional code context. GitHub Discussion
Open up a GitHub discussion!
FAQs
Unknown package
The npm package @sourcebot/mcp receives a total of 658 weekly downloads. As such, @sourcebot/mcp popularity was classified as not popular.
We found that @sourcebot/mcp demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Two npm packages masquerading as WhatsApp developer libraries include a kill switch that deletes all files if the phone number isn’t whitelisted.
Research
/Security News
Socket uncovered 11 malicious Go packages using obfuscated loaders to fetch and execute second-stage payloads via C2 domains.
Security News
TC39 advances 11 JavaScript proposals, with two moving to Stage 4, bringing better math, binary APIs, and more features one step closer to the ECMAScript spec.