dissid-audit-mcp
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@dissid-audit-mcprun funnel audit on example.com"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
dissid-audit-mcp
DISSID's deterministic audit engine, packaged as an MCP server (G3). Three tools wrap the existing audit scripts — the server shells out to them and returns their markdown reports verbatim. It never reimplements a scan and never fabricates a result.
Tool | Wraps | Status on a fresh host |
|
| shipped with |
|
| on branch |
|
| on branch |
Honesty floors (inherited from the scripts, not weakened here)
Reports state only what the scan proved;
UNKNOWN != ABSENT(JS-rendered pages get UNKNOWN).Missing script → "tool not installed" error, never a fake report.
Scan timeout (default 120s) → explicit timeout error; a timeout is not a finding.
Corrupt usage counter → fail closed (treated as limit reached, user told why).
The server never phones home except the optional Lemon Squeezy license validation below.
Related MCP server: mcp-a11y-tools
Install
Runtime: bun (≥1.1). No npm/npx anywhere.
git clone <this-repo> ~/dev/dissid-audit-mcp
cd ~/dev/dissid-audit-mcp
bun install
bun test # 11 tests, network-freeWire into Claude Code
claude mcp add dissid-audit -- bun run ~/dev/dissid-audit-mcp/src/index.tsOr in .mcp.json / ~/.claude.json:
{
"mcpServers": {
"dissid-audit": {
"command": "bun",
"args": ["run", "/Users/<you>/dev/dissid-audit-mcp/src/index.ts"]
}
}
}Configuration (env)
Var | Default | Meaning |
|
| where the audit scripts live (test seam) |
|
| free-tier counter location ( |
|
| free scans per UTC day |
|
| per-scan hard timeout |
| — | Lemon Squeezy license key → unmetered |
| unset |
|
| LS public endpoint | override exists only so tests run network-free |
Metering model
Free tier: 3 scans per UTC day, persisted in
usage.json({day, count}, atomic write, UTC rollover). Corrupt file = fail closed.Licensed: set
DISSID_AUDIT_LICENSE_KEY. WithLEMONSQUEEZY_VALIDATE=1the key is validated per scan against Lemon Squeezy (invalid/unreachable → fail closed, no scan). Without it, the stub accepts any key and says so in the output.
Pricing plan (sketch)
Free: 3 scans/day — enough to try every tool on your own domain.
Pro: $19/mo, unlimited scans — license key sold via Lemon Squeezy (merchant-of-record handles global sales tax/VAT).
⚠️ Blocker before any sale: the DISSID Lemon Squeezy store currently has 0 products. Sid must create the store product (subscription with license keys enabled) before a key can ever validate. Until then, paying customers cannot exist; the
LEMONSQUEEZY_VALIDATE=1path is wired and tested against a mock.
Development
bun test # full suite (registration, metering, license seam, honest errors)
bunx tsc --noEmit # typecheck
bun run src/index.ts # serve on stdioThis server cannot be installed
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/sidhunt/dissid-audit-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server