Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"citadel": {
"args": [
"-y",
"citadel-mcp@latest"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
A Code Mode MCP server that gives AI coding agents curated, per-stack documentation as typed tools.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'pnpm' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
pnpm: Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config
## Summary `pnpm` accepts package names from the env lockfile `configDependencies` section and uses those names directly when creating config dependency symlinks under `node_modules/.pnpm-config`. A malicious repository can commit a crafted `pnpm-lock.yaml` whose env-lockfile document contains a traversal-shaped config dependency name such as `../../PWNED_CFGDEP`. During `pnpm install`, pnpm installs the config dependency and creates a symlink at a path derived from that name. In local testin
pnpm: `patch-remove` could delete project-selected files outside the patches directory
## Summary The `patch-remove` deletion-scope issue tracked as GHSA-72r4-9c5j-mj57 / CAND-PNPM-030 has been addressed in pnpm. A crafted patch entry could resolve outside the configured patches directory and cause `pnpm patch-remove` to delete an arbitrary reachable file. This patch validates the configured directory and every resolved target before unlinking anything, then deletes the final directory entry without following it. ## Security boundary - Traversal and absolute paths that resolve
pnpm: Hoisted install imports lockfile alias outside node_modules
## Summary The hoisted dependency alias issue tracked as GHSA-fr4h-3cph-29xv / CAND-PNPM-059 has been addressed in both pnpm and pacquet. A crafted lockfile alias could be joined directly under a hoisted `node_modules` directory. Traversal aliases could escape that directory, while reserved aliases such as `.bin` or `.pnpm` could overwrite pnpm-owned layout. This patch validates package-name semantics and path containment before graph insertion or filesystem work. ## Security boundary - The
pnpm: `stage download` writes outside its destination directory via manifest name/version traversal
## Summary The staged-tarball filename traversal reported as GHSA-v23m-ccfg-pq9h / CAND-PNPM-038 is fixed on `main` by [pnpm/pnpm#12303](https://github.com/pnpm/pnpm/pull/12303), merged as `65443f4bdf1f0db9c8c7dc58fee25252607e9234`. Before the fix, `pnpm stage download` derived a local filename from registry-controlled package name and version fields. A crafted manifest could escape the selected download directory and overwrite another reachable file. The merged fix validates both fields, deri
pnpm: Reserved bin name deletes PNPM_HOME during global remove
<details> <summary>Maintainer Action Plan</summary> ## Maintainer Action Plan This report is ready to review with the shared patch branch. Start with the PR and the expected fixed behavior, then use the detailed exploit narrative below only if you want to replay the original path. - Advisory: `CAND-PNPM-085` / `GHSA-4gxm-v5v7-fqc4` - Advisory URL: https://github.com/pnpm/pnpm/security/advisories/GHSA-4gxm-v5v7-fqc4 - Shared patch PR: https://github.com/pnpm/pnpm-ghsa-j2hc-m6cf-6jm8/pull/1 - S
Click any tool to inspect its schema.
agent-usagePlaybook for using the docs tool, including SDK reference, parallel fan-out patterns, error handling, and worked examples
citadel://docs/agent-usage
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in other
Pi Coding Agent extension (CLI-first) — routes bash/read/grep/find/ls through lean-ctx CLI for strong token savings. Optional MCP bridge can register advanced tools.
Autonomous spec-to-product coding-agent CLI with an MCP server exposing 34 tools over stdio.
97% token reduction for AI coding sessions — zero deps, 21 languages, MCP server
App framework, testing framework, and inspector for MCP Apps.
MCP Security Weekly
Get CVE alerts and security updates for io.github.sustinbebustin/citadel-mcp and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
A Code Mode MCP server that gives AI coding agents curated, per-stack documentation as typed tools.
Citadel is built to be forked and tailored. The hosted package ships with a small starter set of stacks, but the real value comes from packaging the docs your agents actually need. Each stack is a tiny module — adding one is mostly mechanical.
Install the MCP server for all your coding agents:
npx add-mcp citadel-mcp@latest
Add -y to skip the confirmation prompt and install to all detected agents already in use in the project directory. Add -g to install globally across all projects.
Add the following config to your MCP client:
{
"mcpServers": {
"citadel": {
"command": "npx",
"args": ["-y", "citadel-mcp@latest"]
}
}
}
[!NOTE] Using
citadel-mcp@latestensures that your MCP client will always use the latest version of the Citadel MCP server.
Using Amp CLI:
amp mcp add citadel -- npx citadel-mcp@latest
Or configure manually:
Follow Amp's MCP documentation and apply the standard configuration shown above.
Use the Claude Code CLI to add the Citadel MCP server:
claude mcp add -s user citadel -- npx -y citadel-mcp@latest
Use -s project instead of -s user to scope the install to the current project. Restart Claude Code, then verify with claude mcp list. A working server advertises a single tool named docs.
Using Codex CLI:
codex mcp add citadel -- npx citadel-mcp@latest
Or configure manually:
Follow the MCP setup guide with the standard configuration format:
npx-y, citadel-mcp@latestGo to Cursor Settings -> MCP -> New MCP Server. Use the JSON config provided above.
Using Gemini CLI:
Project-wide installation:
gemini mcp add citadel npx citadel-mcp@latest
Global installation:
gemini mcp add -s user citadel npx citadel-mcp@latest
Using VS Code CLI:
code --add-mcp '{"name":"citadel","command":"npx","args":["-y","citadel-mcp@latest"]}'
Or configure manually:
Follow the official VS Code MCP server setup guide and add the Citadel server through VS Code settings.
Navigate to Settings | AI | Manage MCP Servers and select + Add to register a new MCP server with the following configuration:
citadelnpx-y, citadel-mcp@latestThe hosted package includes a starter set of stacks so you can try it immediately:
This list is intentionally small. For the best results, fork this repo and add the stacks your agents care about — your internal libraries, the framework version you actually use, or any docs site that publishes machine-readable markdown. See docs/adding-a-docs-tool.md.
Citadel is a Code Mode server: instead of advertising one tool per docs source, it advertises a single docs tool. The agent writes one async () => { ... } per turn that calls codemode.<stack>_docs(...) and `codemode._index