Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"io-github-bierlingm-spikes": {
"args": [
"-y",
"spikes-mcp"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
AI can build a prototype in an hour. Turning feedback into action is still the slow part.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'spikes-mcp' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked spikes-mcp against OSV.dev.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in other
Pi Coding Agent extension (CLI-first) — routes bash/read/grep/find/ls through lean-ctx CLI for strong token savings. Optional MCP bridge can register advanced tools.
Autonomous spec-to-product coding-agent CLI with an MCP server exposing 34 tools over stdio.
97% token reduction for AI coding sessions — zero deps, 21 languages, MCP server
App framework, testing framework, and inspector for MCP Apps.
MCP Security Weekly
Get CVE alerts and security updates for io.github.bierlingm/spikes and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
The feedback loop for AI-assisted building
AI can build a prototype in an hour.
Turning feedback into action is still the slow part.
Quick Start · CLI Reference · Widget Docs · Hosted Dashboard · Self-Hosting
Spikes is a feedback tool for AI-assisted development. It lets reviewers leave targeted feedback directly on web pages — no screenshots, no "that button over there", no lost context.
Click any element. Rate it. Comment. Spikes captures the exact CSS selector, bounding box, and page context. Your AI agent gets structured JSON it can act on immediately.
No accounts required. No build step. Works on file://, localhost, anywhere.
curl -fsSL https://spikes.sh/install.sh | sh
# Or: cargo install spikes
spikes init # Defaults to hosted spikes.sh
# spikes init --self-host # Opt out — scaffold a self-hosted config instead
spikes init creates .spikes/config.toml with a [remote] section pointing at https://spikes.sh by default. Pass --self-host (or answer s at the prompt) to skip the hosted defaults.
spikes inject ./mockups/ # Injects widget script tag (uses configured endpoint)
spikes serve # http://localhost:3847
spikes list # See all feedback
spikes list --json # Feed to your agent
spikes list --rating no # Find problems
spikes hotspots # Elements with most feedback
spikes resolve <id> # Mark items done
| Command | Description |
|---|---|
spikes init | Create .spikes/ directory with config (hosted by default; --self-host to opt out) |
spikes list | List feedback (--json, --page, --reviewer, --rating, --unresolved) |
spikes show <id> | Show single spike details |
spikes export | Export to JSON/CSV/JSONL/Cursor/Claude context |
spikes hotspots | Elements with most feedback |
spikes reviewers | List all reviewers |
spikes inject <dir> | Add/remove widget from HTML files (--endpoint <url> overrides the configured endpoint) |
spikes serve | Local dev server (--port, --marked, --cors-allow-origin) |
spikes mcp serve | Start MCP server for AI agent integration |
spikes pull/push/sync | Sync with remote endpoint |
spikes share <dir> | Upload to spikes.sh for instant sharing |
spikes login/logout/whoami | Authentication management |
spikes upgrade/billing | Pro tier subscription via Stripe |
spikes deploy cloudflare | Scaffold self-hosted Worker + D1 |
All commands support --json for scripting. See full CLI reference.
Viewing spikes for a hosted project:
The hosted dashboard at https://spikes.sh/dashboard lists every project you own and lets you drill into individual spikes (filter by page, rating, resolved, toggle resolved inline). Sign in directly in your browser: click Sign in, open the verification page, and confirm via the magic link sent to your email — no CLI required.
You can also hit the JSON API directly with your bearer token ($SPIKES_TOKEN from spikes login):
# GET /me/projects
# List all projects you own (with spike_count + last_activity)
curl -H "Authorization: Bearer $SPIKES_TOKEN" \
https://spikes.sh/me/projects
# GET /me/projects/:key
... [View full README on GitHub](https://github.com/bierlingm/spikes#readme)