VERIFIED

Bifrostmcp

Safety: 65/100

0.0(0)

Bifrost MCP exposes VSCode's language features to AI tools, enabling code navigation, analysis, and manipulation via an HTTP/SSE server.

MCP ServersFreemium

Boost this tool

Subscribe to listing upgrades or segmented pushes.

Overview

Bifrost MCP exposes VSCode's language features to AI tools, enabling code navigation, analysis, and manipulation via an HTTP/SSE server.

Bifrost MCP is relatively safe for read-only operations like code analysis and navigation. However, the ability to perform code actions and refactoring introduces a moderate risk, especially if the AI assistant is not fully trusted or properly configured. Ensure proper network security and carefully review any proposed code changes.

Performance depends on the size and complexity of the project, as well as the capabilities of the underlying language extensions. Large projects may experience slower response times.

No direct cost, but using AI assistants may incur costs depending on the assistant's pricing model (e.g., API usage).

CloudTypeScript201 starsAGPL-3.0

Connections & Capabilities

Connects To

GitHub

Capabilities

ReadWrite

Client Compatibility

Claude Desktop

full

Cursor

full

Windsurf

untested

VS Code (Copilot)

partial

Quickstart

Claude Desktop Config

{
  "mcpServers": {
    "Bifrost": {
      "command": "cmd",
      "args": [
        "/c",
        "npx",
        "-y",
        "supergateway",
        "--sse",
        "http://localhost:8008/sse"
      ],
      "disabled": false,
      "autoApprove": [],
      "timeout": 600
    }
  }
}

Environment Variables

MCP

Tools (19)

safe

find_usages

Locates all references to a specified symbol within the project.

Read-only operation; does not modify code.

safe

go_to_definition

Navigates to the definition of a symbol.

Read-only operation; does not modify code.

safe

find_implementations

Finds all implementations of an interface or abstract method.

Read-only operation; does not modify code.

safe

get_hover_info

Retrieves documentation and type information for a symbol.

Read-only operation; does not modify code.

safe

get_document_symbols

Lists all symbols within a document.

Read-only operation; does not modify code.

safe

get_completions

Provides context-aware code completion suggestions.

Read-only operation; suggests code but doesn't apply it.

safe

get_signature_help

Displays function parameter hints and overloads.

Read-only operation; provides information but doesn't modify code.

safe

get_rename_locations

Finds all locations where a symbol can be renamed.

Read-only operation; identifies locations but doesn't perform the rename.

moderate

rename

Renames a symbol across the project.

Modifies code by renaming symbols; requires careful review.

moderate

get_code_actions

Suggests quick fixes, refactors, and improvements.

Can modify code based on suggestions; requires review.

safe

get_semantic_tokens

Provides enhanced highlighting data for code.

Read-only operation; affects display but not code.

safe

get_call_hierarchy

Shows incoming and outgoing call relationships for a function.

Read-only operation; provides call information but doesn't modify code.

safe

get_type_hierarchy

Visualizes class and interface inheritance.

Read-only operation; provides type information but doesn't modify code.

safe

get_code_lens

Displays inline insights such as references and tests.

Read-only operation; provides information but doesn't modify code.

safe

get_selection_range

Expands code selection intelligently.

Read-only operation; helps select code but doesn't modify it.

safe

get_type_definition

Navigates to the definition of a type.

Read-only operation; does not modify code.

safe

get_declaration

Navigates to the declaration of a symbol.

Read-only operation; does not modify code.

safe

get_document_highlights

Highlights all occurrences of a symbol in the current document.

Read-only operation; does not modify code.

safe

get_workspace_symbols

Searches for symbols across the entire workspace.

Read-only operation; does not modify code.

Security

Auth Method

None

Data Locality

cloud

Known Risks

!Exposure of internal code structure to external AI assistants.
!Potential for AI assistants to introduce unintended code changes through refactoring.
!Reliance on VSCode and language extension security.
!Risk of information leakage if the HTTP/SSE server is compromised.

Safety Score

moderate risk

Positive

+Exposes VSCode's language server features, not direct file system access.
+Requires explicit configuration to connect AI assistants.
+Provides code analysis and navigation tools without direct execution capabilities.
+Supports multiple project configurations for isolation.

Risks

-Exposes an HTTP/SSE server, potentially vulnerable if not properly secured.
-Allows code actions and refactoring, which can modify code.
-Relies on the security of the underlying VSCode language extensions.
-Misconfiguration could lead to unintended code modifications by AI assistants.

Use Cases

Code Understanding

-Exploring unfamiliar codebases
-Understanding complex inheritance structures
-Tracing function call hierarchies

Code Refactoring

-Automated symbol renaming
-Applying suggested code improvements
-Extracting methods or classes

Code Completion

-Generating code snippets
-Suggesting function parameters
-Completing variable names

Code Analysis

-Identifying unused code
-Detecting potential bugs
-Enforcing coding standards

Who Is This For?

Best For

Developers using AI assistants for code completion and refactoring
Teams working on large codebases
Individuals seeking to improve code understanding
Projects requiring automated code analysis

Not Ideal For

Projects with strict security requirements
Environments where external network access is prohibited
Users unfamiliar with VSCode and language extensions
Critical systems where automated code changes are unacceptable

Autonomy & Execution

Default ModeConfigurable

Destructive Tools

Autonomy depends on the AI assistant's configuration and the user's review of proposed changes. No built-in sandboxing or rollback.

StatelessYes

Retry LogicNone

ConcurrencySingle-threaded

Production Tip

Monitor the VSCode output panel for errors and carefully review all code changes proposed by the AI assistant before applying them.

FAQ

What languages are supported?

Any language supported by a VSCode language extension can be used.

How do I configure the AI assistant to use Bifrost MCP?

Configure the AI assistant to connect to the HTTP/SSE endpoint provided by Bifrost MCP (default: http://localhost:8008/sse).

Can I run multiple instances of Bifrost MCP for different projects?

Yes, you can configure each project with a unique port and endpoint using a `bifrost.config.json` file.

What if the default port 8008 is already in use?

You can change the port in the `bifrost.config.json` file or free up the port.

How do I debug issues with Bifrost MCP?

Use the `Bifrost MCP: Open Debug Panel` command to test available tools and check the VSCode output panel for error messages.

Does Bifrost MCP support authentication?

No, Bifrost MCP does not currently support authentication. Ensure your network is secure.

Is it safe to allow an AI assistant to automatically refactor my code?

It is generally recommended to carefully review all proposed code changes before applying them, especially for critical systems.

Metrics

Discovered2/14/2026

Reviews0

Saved By0 users

Related Tools

Bifrostmcp - AI Tool Review & Alternatives | Flaex AI