Skip to main content
The Acrity MCP server exposes tools for clients compatible with Model Context Protocol using an existing public API key. It does not create provider credentials and does not need to receive VCS or PM tokens. Two tools are write-capable: start_security_scan queues a dependency security scan, and request_review requests a review. Both require the API key to hold the matching write scope. Every other tool is read-only.

When to use

Use the MCP server to let an assistant query Acrity information, such as repositories, PRs, reviews, findings, and security scans, within the scopes authorized by the API key. Recommended scopes for read-only use:
Repositories.Read
Reviews.Read
SecurityScans.Read
Add:
  • SecurityScans.Write when the assistant can start on-demand scans.
  • Reviews.Write when the assistant can request reviews.

Configuration

Example MCP client configuration when the npm package is available:
{
  "mcpServers": {
    "acrity": {
      "command": "npx",
      "args": ["-y", "@acrity/mcp-server"],
      "env": {
        "ACRITY_API_BASE_URL": "https://acrity.io",
        "ACRITY_API_KEY": "acr_live_..."
      }
    }
  }
}
Use the Acrity base URL without adding /api. The MCP server builds public paths automatically. To change how long the server waits for each public API call, set the optional ACRITY_MCP_TIMEOUT_MS environment variable to the timeout in milliseconds. If you omit it, the server uses a default of 20000 ms (20 seconds).
If Acrity provides a different MCP server distribution for your installation, keep the same variable set and replace only command and args with the installation method provided by Acrity.
Store the API key in the MCP client’s secrets vault. Do not put the key in repositories, shared messages, or screenshots.

Available tools

ToolScope
get_acr_contextvalid API key
list_repositoriesRepositories.Read
get_repositoryRepositories.Read
list_pull_requestsReviews.Read
get_pull_requestReviews.Read
list_reviewsReviews.Read
get_review_findingsReviews.Read
request_reviewReviews.Write
check_bootstrap_eligibilityRepositories.Read
get_bootstrap_statusRepositories.Read
get_bootstrap_artifactRepositories.Read
list_security_scansSecurityScans.Read
get_security_scanSecurityScans.Read
start_security_scanSecurityScans.Write
The list_ tools follow the public API pagination limit and return a maximum of 50 items per page. Request the next page to retrieve more results.

Validation

After configuring it, call get_acr_context. The tool confirms workspace, scopes, and API availability from that key’s view. If a tool returns missing permission, create or edit the API key in the Console with the minimum required scope.