Documentation

Quick Start

npx @claytivi/driftguard-mcp init

Auto-detects Claude Code, Cursor, or Windsurf and writes the MCP config. Pass --api-key=YOUR_KEY to configure a Pro/Team/Enterprise key. Pass --no-telemetry to skip anonymous install tracking.

Tools Reference

scan_dependencies

Full vulnerability scan with priority bucketing: Act Now, Plan to Fix, Noise.

check_cve

Look up a specific CVE and check if your project is affected.

dependency_risk_score

Overall dependency health score (1-10) with breakdown.

safe_upgrade_path

Safest upgrade path — version, breaking changes, install command.

dependency_tree

Trace how a package enters your tree through transitive deps.

generate_report

Markdown compliance report for SOC2/audit documentation.

license_scan

Scan all dependencies for license compliance issues.

supply_chain_scan

Detect typosquatting, suspicious scripts, and maintainer takeovers.

generate_sbom

Generate a CycloneDX Software Bill of Materials.

batch_fix

Generate fix commands for multiple vulnerabilities at once.

Environment Variables

Variable	Required	Description
`NVD_API_KEY`	No	NVD API key (5 → 50 req/30s)
`GITHUB_TOKEN`	No	GitHub PAT for Advisory database
`DRIFTGUARD_API_KEY`	No	Unlocks Pro/Team/Enterprise features