Model Context Protocol

The verification layer inside your AI coding agent.

Deslint ships a Model Context Protocol server that runs as a local subprocess of any MCP-compatible agent. 12 tools the agent calls before it writes a file or runs a shell command: verify_shell_exec, verify_before_write, analyze_and_fix, and nine more. Sub-1 ms warm verdict. Zero LLM in the hot path. Zero code leaves your machine.

Install in one command

The installer detects Claude Desktop and Cursor and writes the MCP config for you. For other agents, drop the snippet below into the agent's MCP config file.

$ npx @deslint/mcp install

{
  "mcpServers": {
    "deslint": {
      "command": "npx",
      "args": ["-y", "@deslint/mcp"]
    }
  }
}

Pick your agent

Claude Code/mcp/claude-code →

Anthropic's terminal-first coding agent.

Cursor/mcp/cursor →

The AI-first code editor.

Codex/mcp/codex →

OpenAI's coding agent.

Windsurf/mcp/windsurf →

Codeium's agentic IDE.

Tools the agent can call

verify_shell_execAgent Action Firewall — pre-execution gate for shell commands. Agent calls before running any command; server reads `.deslint/policy.yml` and returns allow / warn / deny + reason + matched pattern. Built-in detection for rm -rf /, curl | sh, reverse shells, and history rewrites. Sub-1 ms warm. Same input, same verdict, every time.
verify_before_writeThe pre-write gate. Agent passes the proposed file content; server returns passed / violations / recommendedAction (ok-to-write | ok-with-warnings | fix-and-retry | consult-user). In-process Linter.verify, no temp file. Cold ~1s, warm 3-7ms, identical-content cache hit ~0.05ms.
quick_checkSub-200-byte yes/no check. Agent's "is this even worth a full verify?" decision. Shares cache with verify_before_write — calling both for the same content is essentially free.
scan_diffLint only files changed against a base ref (default origin/main). Separates new violations from pre-existing so the merge gate can hard-block on new failures without re-litigating legacy ones.
analyze_fileReturn all design-system, a11y, backend-safety, and AI-coding violations for a single file. Supports strict mode.
analyze_projectScan the whole workspace and return aggregated scores.
analyze_and_fixScan, apply every safe auto-fix in place, report what is left.
compliance_checkProduce the full compliance report (health score, debt, WCAG) as a single structured payload.
enforce_budgetGate on rule budgets from .deslintrc.json. Returns pass / fail so the agent can halt its own edits.
get_rule_detailsFetch the docs, examples, and suggested fixes for any deslint rule.
suggest_fix_strategyGiven a violation, return a structured fix plan the agent can execute.
get_server_statsPer-session telemetry: total verify calls, wall-clock spent linting, cache hit rate. Surface to the user so deslint's overhead stays visible.

Why a local MCP server — not a cloud review bot

Pre-generation, not post-PR. The agent calls deslint before it writes the file. Drift gets stopped at the source, not 24 hours later in CI.
Zero LLM in the hot path. Every finding is the output of a deterministic ESLint rule. Same result every run.
Zero egress. The MCP server is a stdio subprocess. No network calls. No code leaves your machine. Safe inside enterprise firewalls and regulated environments.

Install for Claude Code Install for Cursor Full docs

Further reading: How to fix design drift in AI-generated code →