Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"bugproof": {
"args": [
"-y",
"bugproof",
"mcp"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Capture a failing command into a portable .bug artifact that anyone can replay on their machine — same code, same env, same failure. Cryptographically signable. Cross-platform. Zero containers required.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'bugproof' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked bugproof against OSV.dev.
Click any tool to inspect its schema.
artifactRead the raw .bug artifact (base64-encoded ZIP)
bugproof://artifact/{path}
capture-failureGuide to capture a failing command as a .bug artifact
replay-and-analyzeReplay an artifact and analyze the root cause
compare-bugsCompare two artifacts to find differences
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in other
Pi Coding Agent extension (CLI-first) — routes bash/read/grep/find/ls through lean-ctx CLI for strong token savings. Optional MCP bridge can register advanced tools.
Compress tool outputs, logs, files, and RAG chunks before they reach the LLM. 60-95% fewer tokens, same answers. Library, proxy, MCP server.
97% token reduction for AI coding sessions — zero deps, 21 languages, MCP server
Autonomous spec-to-product coding-agent CLI with an MCP server exposing 34 tools over stdio.
MCP Security Weekly
Get CVE alerts and security updates for io.github.sidinsearch/bugproof and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Executable bugs, not bug reports.
Capture a failing command into a portable .bug artifact that anyone can replay on their machine — same code, same env, same failure. Cryptographically signable. Cross-platform. Zero containers required.
https://github.com/user-attachments/assets/2315cfee-3ccf-40d7-830e-3a3d23731ab8
"Works on my machine" is not a bug report.
Filing a backend or CLI bug today usually looks like this:
Then the maintainer spends hours reconstructing the failure: matching versions, replicating the env, finding the right command, guessing at config. Most of that time is wasted.
BugProof captures the bug — not the description of it. One command produces a single .bug file containing the source snapshot, the exact command, the environment schema, the failure fingerprint, and replay metadata. Another developer runs bugproof replay bug.bug and reproduces the failure deterministically.
Think of it as Git for bugs: a portable, content-addressable, verifiable artifact that turns "can you reproduce?" into a one-liner.
bugproof capture -- and ship the result.bugproof keygen / --sign / verify.--self-heal auto-installs missing npm/pip deps in the sandbox and retries.npm install -g bugproof
Requirements: Node.js 18+ and Git. Optional language toolchains (Python, Java, Go, Rust, …) are only needed if your captured command uses them.
Run a one-off health check after install:
bugproof doctor
Add a single step to any GitHub Actions workflow to auto-capture flaky/failing commands as .bug artifacts.
- name: Capture flaky test
uses: sidinsearch/BugProof/.github/actions/bugproof-action@main
with:
command: 'npm test -- --run flaky-suite'
name: flaky-test-failure
timeout: 300000
How it works: The action installs bugproof from npmjs.org (npm install -g bugproof) → wraps your command with bugproof capture → on failure, the .bug artifact is uploaded to the Actions run. Developers download and repro locally with bugproof replay.
Use cases: