LaraBug

Connecting AI assistants (MCP)

LaraBug speaks the Model Context Protocol (MCP), so you can connect an AI assistant like Claude, ChatGPT or Cursor straight to your account. The assistant can then read your projects, issues and CVE findings, and (with a write token) resolve or annotate issues, all without leaving your editor.

Two ways to connect

OAuth (recommended). The assistant sends you to a LaraBug authorization screen, you click Authorize, and it stores its own credentials. Nothing to copy or paste. An OAuth connection is read only.

Personal access token. You create a token under Profile, API Tokens and paste it into the assistant. Choose this when a client does not support the OAuth flow, or when you want an assistant to change issues (which needs a token with write access).

The MCP endpoint is:

https://www.larabug.com/mcp

Connect Claude Code

For the OAuth flow, add the server without a token:

claude mcp add --transport http --scope user larabug https://www.larabug.com/mcp

Then run /mcp inside Claude Code, pick larabug and choose Authenticate. Your browser opens the LaraBug authorization screen. Approve it and you are connected.

To use a personal access token instead, pass it as a header:

claude mcp add --transport http --scope user larabug https://www.larabug.com/mcp \
  --header "Authorization: Bearer YOUR_TOKEN"

Connect Claude Desktop or Cursor

Add LaraBug to your client's MCP configuration:

{
  "mcpServers": {
    "larabug": {
      "type": "http",
      "url": "https://www.larabug.com/mcp",
      "headers": { "Authorization": "Bearer YOUR_TOKEN" }
    }
  }
}

Connect ChatGPT

ChatGPT supports remote MCP servers as custom connectors through Developer Mode, on the Plus, Pro, Business, Enterprise and Edu plans. Enable Developer Mode in settings, add a custom connector pointing at the LaraBug MCP endpoint, and authorize it through the LaraBug screen. ChatGPT connects to remote servers only, which LaraBug is.

Access and scopes

A token or connection carries a scope that decides what the assistant may do.

  • Read covers browsing your projects, issues, occurrences (stack trace and request context) and CVE findings.
  • Write additionally lets the assistant change an issue's status (resolve, reopen) and set its note.

OAuth connections are always read only, which keeps anything an assistant sees from being changed by accident. To let an assistant write, create a personal access token with read and write access under Profile, API Tokens.

What the assistant can do

Once connected, the assistant has tools to:

  • List your projects and get a health summary of any one
  • List and filter issues by project, type and status
  • Open a single issue and its most recent occurrence, with the full stack trace and request context
  • List a project's CVE findings with severity and advisory detail
  • Resolve, reopen or annotate an issue (write access only)

Revoking access

Every connection and token appears under Profile, API Tokens. Revoke any of them there and the assistant loses access immediately.