Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"devilge": {
"env": {
"DEVILGE_KTOR_LOG_TAG": "HttpClient",
"DEVILGE_ANDROID_PROJECT_ROOT": "/absolute/path/to/your/android/project"
},
"args": [
"/absolute/path/to/devilge/dist/index.js"
],
"command": "node"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Model Context Protocol (MCP) server that lets an AI assistant — typically Claude — develop, drive, and observe an Android / KMM app end-to-end.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'cp' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked cp against OSV.dev.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in other
Pi Coding Agent extension (CLI-first) — routes bash/read/grep/find/ls through lean-ctx CLI for strong token savings. Optional MCP bridge can register advanced tools.
Autonomous spec-to-product coding-agent CLI with an MCP server exposing 34 tools over stdio.
97% token reduction for AI coding sessions — zero deps, 21 languages, MCP server
App framework, testing framework, and inspector for MCP Apps.
MCP Security Weekly
Get CVE alerts and security updates for io.github.Yercko/devilge and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Model Context Protocol (MCP) server that lets an AI assistant — typically Claude — develop, drive, and observe an Android / KMM app end-to-end.
devilge exposes 33 tools that cover the full inner loop: read the project, build it, install it, launch it, drive its UI, capture errors and network traffic, run tests. Anything an LLM coding agent would otherwise have to ask the user to do manually.
| Category | Tools | Purpose |
|---|---|---|
| Device read (8) | list_devices, get_logcat, get_app_errors, inspect_packages, resize_logcat_buffer, get_network_calls, get_compose_preview_source, list_compose_previews | Observe device + project state |
| Project static (3) | get_project_structure, get_compose_previews_tree, run_gradle_task (the latter wraps build-result parsers for kotlinc/javac/ksp errors, JUnit XML, Lint XML) | Inspect Gradle/KMM project + run any Gradle task |
| Device drive (7) | take_screenshot, dump_ui, input_tap, input_text, input_key, input_swipe, set_input_visualization | Manipulate the running app |
| Locators + waits (6) | tap_text, tap_resource_id, set_text, wait_for_text, wait_for_resource_id, wait_for_idle | Semantic UI navigation, no coordinate magic |
| Lifecycle (5) | launch_app, force_stop_app, clear_app_data, install_apk, run_instrumented_tests | Cold-start app, run Espresso tests, fast install |
| Maestro flows (optional) (3) | run_maestro_flow, list_maestro_flows, validate_maestro_flow | Reusable YAML flows for recurring navigation |
| Composition (1) | batch | Chain multiple devilge tools in one round trip |
215 unit tests in Vitest, all green. Strict TypeScript (strict, noUncheckedIndexedAccess).
Hosts that confirm every tool call (Claude Desktop, Cowork) can become noisy when the agent walks through multi-step UI flows. devilge_batch collapses a sequence into a single MCP call so the user approves once for the whole sequence.
// Tap "Settings", wait, screenshot, tap a row, screenshot — one approval.
{
"actions": [
{ "name": "devilge_tap_text", "input": { "text": "Settings" } },
{ "name": "devilge_wait_for_idle", "input": { "timeoutMs": 5000 } },
{ "name": "devilge_take_screenshot" },
{ "name": "devilge_tap_text", "input": { "text": "Wallpaper & style" } },
{ "name": "devilge_take_screenshot" }
]
}
Rules: capped at 20 actions per call; cannot be nested; cannot include destructive tools (devilge_clear_app_data, devilge_install_apk) — those always require their own dedicated prompt; stops on the first error and reports which step failed.
All tools also expose MCP annotations (readOnlyHint, idempotentHint, destructiveHint, openWorldHint). Hosts that respect annotations can auto-approve safe reads and prompt only on state-changing tools.
Clean / hexagonal layering, every concern replaceable in isolation:
src/
├── config/ # Config loading, structured logger, typed errors
├── domain/
│ ├── entities/ # Pure data types
│ └── ports/ # Interfaces the application talks to
├── application/ # Use cases — orchestrate ports, no IO of their own
├── infrastructure/
│ ├── adb/ # AdbAdapter, AdbAppController, runners, parsers
│ ├── build/ # Gradle adapter + parsers (compile errors, JUnit, Lint)
│ ├── maestro/ # Optional Maestro adapter + YAML validator
│ ├── network/ # Ktor logcat parser + header sanitizer
│ ├── scanners/ # ComposePreviewScanner, ProjectScanner, FileWalker
│ └── security/ # PathValidator, CommandSanitizer
└── presentation/
└── tools/ # MCP tool definitions (Zod schemas + handlers)
`src/server.