An MCP server that brings Optibot AI-powered code reviews to Claude Desktop, Cursor, Windsurf, Claude Code, and any MCP-compatible client.
Review local changes, compare branches, and get actionable feedback — all from your AI assistant.
What is MCP? The Model Context Protocol is an open standard that lets AI assistants use external tools and data sources. Once you add this server, your assistant can run Optibot reviews on your behalf — just ask in natural language.
- Review your code — say "review my changes" and get an AI code review instantly
- Compare branches — "review my branch against main" triggers a full branch diff review
- Review patch files — point it at any
.patchor.difffile - Run AI security scans — trigger token-metered scans on any repo in your org and get the full markdown report back
- Manage organizations — switch the active org for multi-org accounts
- Manage API keys — create, list, and delete keys for CI/CD automation
- Detect merge conflicts — warns you about conflicts before you review
npm install -g @optimalai/optibot-mcpAdd to your Claude Desktop configuration:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
{
"mcpServers": {
"optibot": {
"command": "npx",
"args": ["-y", "@optimalai/optibot-mcp"],
"env": {
"OPTIBOT_API_KEY": "optk_your_key_here"
}
}
}
}Add to your Cursor MCP configuration:
- Global (all projects):
~/.cursor/mcp.json - Project-level:
.cursor/mcp.jsonin your project root
{
"mcpServers": {
"optibot": {
"command": "npx",
"args": ["-y", "@optimalai/optibot-mcp"],
"env": {
"OPTIBOT_API_KEY": "optk_your_key_here"
}
}
}
}Add to your Windsurf MCP configuration (~/.codeium/windsurf/mcp_config.json):
{
"mcpServers": {
"optibot": {
"command": "npx",
"args": ["-y", "@optimalai/optibot-mcp"],
"env": {
"OPTIBOT_API_KEY": "optk_your_key_here"
}
}
}
}claude mcp add optibot -e OPTIBOT_API_KEY=optk_your_key_here -- npx -y @optimalai/optibot-mcpThe -e flag stores the API key in the MCP server config so it is always available when Claude Code spawns the server, regardless of your shell environment.
Set the OPTIBOT_API_KEY environment variable in your MCP client configuration. You can generate a key from the Optibot dashboard or using the CLI:
npx @optimalai/optibot apikey create my-mcp-keyUse the login tool to authenticate via browser. This saves credentials to ~/.optibot/config.json (90-day token).
Once configured, just ask your AI assistant naturally:
| What you say | What happens |
|---|---|
| "review my changes" | Reviews uncommitted local changes |
| "review my branch against main" | Compares current branch against main |
| "review this diff file" | Reviews an arbitrary patch file |
| "what's my Optibot status?" | Shows auth method, profile, active org, and daily quota |
| "which Optibot organizations do I have?" | Lists all orgs (active marked with *) |
| "switch Optibot to the Acme org" | Rescopes your token to that org |
| "run a security scan on org/repo-a" | Triggers an AI security scan and returns the full report |
| "show me recent security scans" | Lists recent scans with cost and severity |
| "how much have we spent on scans this month?" | Shows current-month token usage and cost |
| "create an API key for CI" | Creates and displays a new API key |
| "list my API keys" | Lists all API keys with metadata |
| Tool | Description |
|---|---|
review_local_changes |
Review uncommitted local changes (git diff HEAD) |
review_branch |
Review changes against a target branch (auto-detects or specify) |
review_diff_file |
Review an arbitrary diff/patch file |
| Tool | Description |
|---|---|
login |
Authenticate via browser OAuth (handles onboarding redirects; refuses inside CI environments) |
logout |
Remove saved credentials |
check_auth |
Check current authentication status |
get_status |
Full status: auth method, active org, daily quota |
| Tool | Description |
|---|---|
list_organizations |
List all organizations you belong to |
get_current_organization |
Show the active organization (read from the JWT claim) |
switch_organization |
Rescope your token to a different org (by id or name) |
| Tool | Description |
|---|---|
setup_ci |
Recommended onboarding for CI/CD — mints a long-lived API key bound to the active organization and returns the export line ready to paste into the user's CI secret store. Refuses inside CI environments. |
| Tool | Description |
|---|---|
create_api_key |
Create a new API key (lower-level primitive; prefer setup_ci for CI onboarding) |
list_api_keys |
List all API keys |
delete_api_key |
Delete an API key by ID |
⚠️ Heads up:create_api_keyandsetup_cireturn the full secret in the tool output — by design, since you have to copy it. That output then lives in your AI host's conversation transcript (Claude Desktop, Cursor, etc.), which may be persisted, synced, or backed up. Copy the key into your CI secret store, then delete the conversation or rotate the key withdelete_api_keyif you don't want it lingering in transcript history.
| Tool | Description |
|---|---|
trigger_security_scan |
Start an AI security scan on a repo; blocks until complete (configurable timeout) |
list_security_scans |
Paginated list of recent scans (optionally filtered by repo) |
get_security_scan |
Full markdown report + metadata for a specific scan id |
get_security_usage |
Current-month token usage and cost |
get_security_pricing |
Per-tier pricing and markup multiplier |
list_scannable_repos |
Repositories available to scan in the active org |
get_security_config |
Scheduled-scan configuration |
update_security_config |
Update the scheduled-scan configuration (partial merge) |
During reviews and security scans, the MCP server connects to the Optibot backend via WebSocket and emits real-time progress notifications using MCP logging messages. Your MCP client will receive updates as the operation progresses.
Reviews:
- started — Review request accepted
- analyzing_patch — Parsing and analyzing the diff
- tool_call — Running analysis tools (with tool name and query details)
- generating_review — Generating the final review
- completed — Review finished
Security scans:
- started — Scan request accepted
- cloning_repository — Fetching the repository
- scanning_code — Running security analysis
- tool_call — Individual analyzer tool invocations
- budget_update — Running token + cost ticker
- generating_report — Producing the final markdown report
- completed / failed — Final status
For automated reviews in CI/CD pipelines (GitHub Actions, GitLab CI, etc.), use the Optibot CLI instead. The CLI is purpose-built for non-interactive environments and runs as a standard command-line tool.
The MCP server is designed to run inside AI assistants (Claude Desktop, Cursor, etc.) — it speaks the MCP stdio protocol and is not intended to be invoked directly in a pipeline.
To use in CI:
- Generate an API key from the Optibot dashboard or with
create_api_keytool - Add
OPTIBOT_API_KEYas a repository secret - Use the CLI in your pipeline:
# GitHub Actions
- name: Install Optibot CLI
run: npm install -g @optimalai/optibot
- name: Run code review
env:
OPTIBOT_API_KEY: ${{ secrets.OPTIBOT_API_KEY }}
run: optibot review --branch origin/${{ github.base_ref }}See the Optibot CLI README for full CI/CD setup instructions including GitLab CI.
| Variable | Description |
|---|---|
OPTIBOT_API_KEY |
Your API token (required for automated use) |
OPTIBOT_API_URL |
Custom backend URL (must use https://, defaults to https://agents.getoptimal.ai) |
- Node.js >= 22
- Git (for review tools)
See CHANGELOG.md for the full release history. Security disclosures: SECURITY.md.
Contributions are welcome! See CONTRIBUTING.md for guidelines.
- Optibot Website
- Sign Up (Free)
- Report an Issue
- Optibot CLI on npm
- Optibot Claude Code Plugin
- Twitter / X
- YouTube
- Contact Us
MIT — see LICENSE for details. Copyright (c) 2026 Optimal AI, Inc.