Your AI can read code.
Now it can see your app.
BrokenApp builds the runtime spec of your web app — every route, form, endpoint, and auth flow — then exposes it to AI agents via MCP. Your AI doesn't guess. It sees the running app.
Your forms are leaking.
Unvalidated inputs, missing CSRF tokens, exposed field names. We replay every form and prove what gets through.
$ npx brokenapp-mcp scan --layer frontend [CRITICAL] POST /api/checkout → price field accepted client-side value → replayed with price=0, order created
Your auth is Swiss cheese.
IDOR, broken sessions, missing role checks. We test every endpoint with every user role.
$ npx brokenapp-mcp list-findings --severity high [CRITICAL] GET /api/users/42 → User A accessed User B profile → 200 OK, full PII returned → No ownership check on :id param
Here’s everything your framework didn’t tell you.
Exposed API keys, debug endpoints, misconfigured CORS. We check 18 secret patterns and 22 sensitive paths.
$ npx brokenapp-mcp scan --layer code [HIGH] Exposed credentials → SUPABASE_KEY found in page source → .env.local accessible at /.env.local → CORS allows * with credentials
Start scanning
Three ways in
Scan your app
Paste your deployed URL. We scan it and email you a full security report. No install, no code, no CLI.
Results delivered to your dashboard.
Add to your AI agent
Connect BrokenApp to Claude Desktop, Cursor, or Claude Code via MCP. Your AI agent scans, reads findings, and fixes bugs directly.
"brokenapp": { "command": "npx", "args": ["-y", "brokenapp-mcp"] }
Install the CLI
Run scans from your terminal. Pipe results into CI. Full control over layers, output format, and scan depth.
AI Integration
Your AI agent reads the scan. Then fixes what's broken.
Runtime app graph
Every route, form, endpoint, and auth flow — mapped automatically via scan. Your AI gets a complete model of the running app without reading source.
Security findings via list_findings
Every bug and vulnerability — with severity, CWE mapping, reproduction steps, and remediation guidance. Full context to generate the fix.
Graph health via graph_health
Coverage metrics, layer freshness, cross-references. Your AI knows what has been scanned, what is stale, and where the gaps are.
agent → scan
"I'll scan the codebase and check for security issues."
mcp ←
Scanned 847 files. 234 code nodes, 89 endpoints, 12 security findings stored to graph.
agent → list_findings
"Found 3 high-severity issues. Let me check the details."
mcp ←
3 high findings: Hardcoded JWT secret (config.ts:23) SQL injection (users.ts:89) Missing CSRF (/api/payment)
agent → scan
"I'll fix the hardcoded JWT secret first, then re-scan to verify."
mcp ←
Re-scanned. 11 security findings (was 12). Hardcoded JWT secret resolved.
The workflow
Find. Fix. Verify.
BrokenApp finds it
Run scan to crawl your entire web app. Every route, form, endpoint, and asset. Structured findings with evidence, stored to your local graph.
Your AI fixes it -- via MCP
Your AI coding agent calls list_findings and graph_health to understand the app's runtime structure. One prompt to fix what's broken.
BrokenApp verifies it
Re-scan confirms which issues are resolved. Use baseline to diff old vs new. Run it in CI to catch regressions before deploy.
20
MCP tools
18
Secret patterns
< 60s
Average scan
7
Scan layers
Your web app is probably broken.
Let's find out.
Runtime scanning. Evidence-backed findings. AI-powered fixes.
npm install -g brokenapp-mcp