74
/ 100
26 days ago
glama

VibeGuard MCP

Enables policy-style auditing of content through the audit_vibe MCP tool to enforce configurable guardrails. Supports both local stdio and serverless Streamable HTTP deployment via Vercel for flexible integration with MCP clients.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 9 credentials: AMBIT_JWT_SECRET, BLOB_READ_WRITE_TOKEN, DX_PASS, GRAPH_SIDECAR_TOKEN, MCP_AUTH_TOKEN, OPENAI_API_KEY, POLICY_MANAGER_AUTH_TOKEN, SESSION_TOKEN_SECRET, GOOGLE_PAGESPEED_API_KEY
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configAMBIT_ALERT_EMAIL_WEBHOOK
configAMBIT_ALERT_MIN_SEVERITY
configAMBIT_AUTH_ALLOW_LOCAL_FALLBACK
configAMBIT_AUTH_MODE
configAMBIT_DEV_TENANT_ID
configAMBIT_DEV_USER_EMAIL
configAMBIT_DEV_USER_ROLE
🔐 secretAMBIT_JWT_SECRET
configAMBIT_SLACK_WEBHOOK_URL
configAWS_LAMBDA_FUNCTION_NAME
🔐 secretBLOB_READ_WRITE_TOKEN
configDATABASE_URLSet in .env.local to a Neon (or Postgres) connection string, then:
configDX_BASE_URL
🔐 secretDX_PASS
configDX_USER
configDX_WCM_LIBRARIES_PATH
configEMIT_SQL
configFALKOR_GRAPH_NAMEOptional: (default dxiq)
configFALKOR_REDIS_URLRequired envs for built-in ingest:
configGIT_BRANCH
🔐 secretGRAPH_SIDECAR_TOKENOptional auth: (Authorization: Bearer <token>)
configGRAPH_SIDECAR_URLSet to a webhook endpoint that accepts JSON events.
configHF_EMBEDDING_MODEL_ID
configLOCAL_API_PORT
🔐 secretMCP_AUTH_TOKEN
configMCP_CORS_ORIGINS
configMCP_MAX_BODY_BYTES
configNEON_DATABASE_URL
configOPENAI_ANALYSIS_MODEL
🔐 secretOPENAI_API_KEY
configOPENAI_MODEL
🔐 secretPOLICY_MANAGER_AUTH_TOKEN
configPOSTGRES_PRISMA_URL
configPOSTGRES_URL
configPOSTGRES_URL_NON_POOLING
configPRISMA_LOG
configSCAN_AUDITORS_CONFIG
🔐 secretSESSION_TOKEN_SECRET
configVERCEL
configVIRTUAL_ENV
configPYTHONPATH
🔐 secretGOOGLE_PAGESPEED_API_KEY
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 1 concrete improvement we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/mckaystu-ambit-iq-mcp-1acdwh)](https://m8ven.ai/mcp/mckaystu-ambit-iq-mcp-1acdwh)
commit: a968254e9e2ca12ab44f1d2fa3e4a7f90a237eaf
code hash: 256017668a15e6c3d4d2fbe0956800ba3e438015558f039b2a288ed335bba41d
verified: 6/17/2026, 12:08:56 PM
view raw JSON →