Install BoringSec MCP in one copy-paste flow.
Open a terminal in your project folder, paste the commands below, approve the short browser code, then restart Claude Code, Codex, or Cursor. BoringSec stores a dedicated device credential for you, so beginners do not have to handle raw secrets.
Copy this into Terminal
Use this when you want BoringSec available in both Claude Code and Cursor for the current project.
npx -y @boringsec/claude-code login
npx -y @boringsec/claude-code init --editor both --scope project --write-rules
npx -y @boringsec/claude-code doctorClaude Code only
npx -y @boringsec/claude-code login
npx -y @boringsec/claude-code init --editor claude --scope project --write-rulesCursor only
npx -y @boringsec/claude-code login
npx -y @boringsec/claude-code init --editor cursor --scope project --write-rulesCodex manual setup
npx -y @boringsec/claude-code login[mcp_servers.boringsec]
command = "npx"
args = ["-y", "@boringsec/claude-code"]
startup_timeout_sec = 60
tool_timeout_sec = 660codex mcp get boringsecThe npm latest tag is currently 0.4.5. Its public initializer does not support --editor codex and will not write Codex config. Add the TOML block to .codex/config.toml, trust the workspace, then run the verification command. Automatic Codex initialization is available only in the local 0.4.6 release candidate until it is published. See the full MCP docs for user-scope paths and troubleshooting.
Step 1
Run login
Step 2
Approve in browser
/auth/device, then click approve.Step 3
Bootstrap project config
Step 4
Restart and run review
First prompt to paste into your AI editor
Use BoringSec MCP to review this project for security issues.
Start with boringsec_workspace_review.
Show critical risks first, explain why they matter, then give me safe fixes I can apply.If anything fails
npx -y @boringsec/claude-code doctor --fix
npx -y @boringsec/claude-code status
npx -y @boringsec/claude-code rotate
npx -y @boringsec/claude-code logout --revokeNo tools in editor
Restart the editor after init. Then run doctor --fix to repair local config.
Authorization denied
MCP uses authenticated API access. If your plan does not include MCP yet, upgrade or ask the workspace owner for access.