by biegehydra
VSCode Extension with an MCP server that exposes semantic tools like Find Usages and Rename to LLMs
# Add to your Claude Code skills
git clone https://github.com/biegehydra/BifrostMCPGuides for using mcp servers skills like BifrostMCP.
Last scanned: 5/30/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@eslint/plugin-kit: @eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@modelcontextprotocol/sdk: Anthropic's MCP TypeScript SDK has a ReDoS vulnerability",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@vscode/test-cli: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "ajv: ajv has ReDoS when using `$data` option",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion Regular Expression Denial of Service vulnerability",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "diff: jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
"severity": "low"
},
{
"type": "npm-audit",
"message": "eslint: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "express: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "fast-uri: fast-uri vulnerable to path traversal via percent-encoded dot segments",
"severity": "high"
},
{
"type": "npm-audit",
"message": "flatted: flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"severity": "high"
},
{
"type": "npm-audit",
"message": "glob: glob CLI: Command injection via -c/--cmd executes matches with shell:true",
"severity": "high"
},
{
"type": "npm-audit",
"message": "js-yaml: js-yaml has prototype pollution in merge (<<)",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"severity": "high"
},
{
"type": "npm-audit",
"message": "mocha: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "path-to-regexp: path-to-regexp vulnerable to Denial of Service via sequential optional groups",
"severity": "high"
},
{
"type": "npm-audit",
"message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"severity": "high"
},
{
"type": "npm-audit",
"message": "qs: qs's arrayLimit bypass in comma parsing allows denial of service",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "serialize-javascript: Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"severity": "high"
},
{
"type": "npm-audit",
"message": "terser-webpack-plugin: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "webpack: webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior",
"severity": "low"
}
],
"status": "WARNING",
"scannedAt": "2026-05-30T15:34:26.711Z",
"npmAuditRan": true,
"pipAuditRan": true
}BifrostMCP is an open-source mcp servers skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by biegehydra. VSCode Extension with an MCP server that exposes semantic tools like Find Usages and Rename to LLMs. It has 222 GitHub stars.
BifrostMCP returned warnings in SkillsLLM's automated security scan. It has no critical vulnerabilities, but review the flagged issues in the Security Report section before adding it to your workflow.
Clone the repository with "git clone https://github.com/biegehydra/BifrostMCP" and add it to your Claude Code skills directory (see the Installation section above).
BifrostMCP is primarily written in TypeScript. It is open-source under biegehydra on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other MCP Servers skills you can browse and compare side by side. Open the MCP Servers category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh BifrostMCP against similar tools.
No comments yet. Be the first to share your thoughts!
Top skills in this category by stars
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
This VS Code extension provides a Model Context Protocol (MCP) server that exposes VSCode's powerful development tools and language features to AI tools. It enables advanced code navigation, analysis, and manipulation capabilities when using AI coding assistants that support the MCP protocol.

The extension will automatically start an MCP server when activated. To configure an AI assistant to use this server:
bifrost.config.json)http://localhost:8008/ssehttp://localhost:8008/messageI have also provided sample rules that can be used in .cursorrules files for better results.
{
"mcpServers": {
"Bifrost": {
"command": "cmd",
"args": [
"/c",
"npx",
"-y",
"supergateway",
"--sse",
"http://localhost:8008/sse"
],
"disabled": false,
"autoApprove": [],
"timeout": 600
}
}
}
{
"mcpServers": {
"Bifrost": {
"command": "npx",
"args": [
"-y",
"supergateway",
"--sse",
"http://localhost:8008/sse"
],
"disabled": false,
"autoApprove": [],
"timeout": 600
}
}
}
{
"mcpServers": {
"Bifrost": {
"url": "http://localhost:8008/sse"
}
}
}
Follow this video to install and use with cursor
{
"mcpServers": {
"Bifrost": {
"url": "http://localhost:8008/sse"
}
}
}
When working with multiple projects, each project can have its own dedicated MCP server endpoint and port. This is useful when you have multiple VS Code windows open or are working with multiple projects that need language server capabilities.
Create a bifrost.config.json file in your project root:
{
"projectName": "MyProject",
"description": "Description of your project",
"path": "/my-project",
"port": 5642
}
The server will use this configuration to:
http://localhost:5642/my-project/sse){
"projectName": "BackendAPI",
"description": "Node.js REST API with TypeScript",
"path": "/backend-api",
"port": 5643
}
{
"projectName": "FrontendApp",
"description": "React frontend application",
"path": "/frontend-app",
"port": 5644
}
Each project should specify its own unique port to avoid conflicts when multiple VS Code instances are running:
port field in bifrost.config.json determines which port the server will useUpdate your AI assistant configuration to use the project-specific endpoint and port:
{
"mcpServers": {
"BackendAPI": {
"url": "http://localhost:5643/backend-api/sse"
},
"FrontendApp": {
"url": "http://localhost:5644/frontend-app/sse"
}
}
}
If no bifrost.config.json is present, the server will use the default configuration:
http://localhost:8008/ssehttp://localhost:8008/messageThis maintains compatibility with existing configurations and tools.
The extension provides access to many VSCode language features including:
Bifrost MCP: Start Server - Manually start the MCP server on port 8008Bifrost MCP: Start Server on port - Manually start the MCP server on specified portBifrost MCP: Stop Server - Stop the running MCP serverBifrost MCP: Open Debug Panel - Open the debug panel to test available tools
{
"name": "find_usages",
"arguments": {
"textDocument": {
"uri": "file:///path/to/your/file"
},
"position": {
"line": 10,
"character": 15
},
"context": {
"includeDeclaration": true
}
}
}
{
"name": "get_workspace_symbols",
"arguments": {
"query": "MyClass"
}
}
If you encounter issues:
Here are Vscodes commands if you want to add additional functionality go ahead. I think we still need rename and a few others. Please feel free to submit issues or pull requests to the GitHub repository.
vsce package
Use the MCP: Open Debug Panel command

This extension is licensed under the APGL-3.0 License.