The CLI
Free ForeverEvery MCP tool, in your terminal.
Static analysis, graph search, finding triage, and baselines — all tools, no license key, no AI agent required.
No signup. No auth wall. No usage caps.
Quick start
Two commands. That's it.
$ npm install -g brokenapp-mcp
$ brokenapp-mcp scan --layer code
Scanning src/ ...
Routes found: 47
Endpoints mapped: 112
Findings: 3 high, 7 medium
Commands
Everything you need, nothing you don't.
13 commands covering static analysis, graph queries, triage, baselines, and MCP server mode.
brokenapp-mcp scan --layer code
Scan backend code
$ brokenapp-mcp scan --layer code Scanning src/ ... Routes found: 47 Endpoints mapped: 112 Findings: 3 high, 7 medium
brokenapp-mcp scan --layer frontend
Scan frontend components
$ brokenapp-mcp scan --layer frontend Scanning components/ ... Components found: 38 Routes mapped: 24 Findings: 1 high, 4 medium
brokenapp-mcp scan --layer security
Detect hardcoded secrets
$ brokenapp-mcp scan --layer security Scanning for secrets ... Files scanned: 214 Secrets found: 2 Exposed keys: 1 AWS, 1 Stripe
brokenapp-mcp scan --layer accessibility
Check a11y compliance
$ brokenapp-mcp scan --layer accessibility Checking WCAG compliance ... Components checked: 38 Violations: 5 Warnings: 12
brokenapp-mcp scan --layer design
Audit design consistency
$ brokenapp-mcp scan --layer design Auditing design tokens ... Components checked: 38 Inconsistencies: 7 Missing tokens: 3
brokenapp-mcp scan --layer db
Introspect database schema
$ brokenapp-mcp scan --layer db Introspecting schema ... Tables found: 23 Relations mapped: 41 Missing indexes: 4
brokenapp-mcp search
Full-text search across graph
$ brokenapp-mcp search "auth middleware" 3 results in graph: src/middleware/auth.ts (route) src/lib/session.ts (dependency) src/api/login/route.ts (endpoint)
brokenapp-mcp list-findings
List findings by category
$ brokenapp-mcp list-findings --severity high 3 high-severity findings: SEC-001 Hardcoded AWS key src/config.ts:42 SEC-003 Open redirect src/api/callback.ts:18 A11Y-02 Missing alt text src/components/Hero.tsx:7
brokenapp-mcp graph-health
Graph statistics and drift
$ brokenapp-mcp graph-health Nodes: 312 Edges: 847 Orphans: 4 Staleness: 2 days since last scan
brokenapp-mcp baseline
Capture/compare baselines
$ brokenapp-mcp baseline --compare Baseline: 2026-02-28 New findings: 2 Resolved: 5 Unchanged: 41
brokenapp-mcp impact-analysis
Trace changes through graph
$ brokenapp-mcp impact-analysis --file src/lib/auth.ts Direct dependents: 8 Transitive impact: 23 Affected endpoints: 12 Risk: high
brokenapp-mcp endpoint-trace
Trace endpoint through layers
$ brokenapp-mcp endpoint-trace "/api/users/:id" Route: src/api/users/[id]/route.ts Middleware: auth, rateLimit DB tables: users, sessions Frontend: UserProfile, Settings
brokenapp-mcp serve
Start MCP server (stdio)
$ brokenapp-mcp serve BrokenApp MCP server running Transport: stdio Tools: 47 registered Ready for connections ...
MCP Server
Also an MCP server.
Run brokenapp-mcp serve to start the MCP server over stdio. Connect it to Claude Desktop, Cursor, VS Code, or any MCP-compatible client. All 47 tools available instantly.
$ brokenapp-mcp serve
BrokenApp MCP server running
Transport: stdio
Tools: 47 registered
Ready for connections ...
Free forever. All tools. No limits.
Install once, scan everything. No account required.