{"id":31962069,"url":"https://github.com/ejmockler/brutalist-mcp","last_synced_at":"2026-05-31T03:01:54.069Z","repository":{"id":314928549,"uuid":"1053759650","full_name":"ejmockler/brutalist-mcp","owner":"ejmockler","description":"All AIs are sycophants.","archived":false,"fork":false,"pushed_at":"2026-03-21T07:54:27.000Z","size":7784,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-21T23:46:52.820Z","etag":null,"topics":["ai-safety","claude-code","code-review","code-security","codex-cli","gemini-cli","mcp","security-testing"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ejmockler.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-09T22:27:29.000Z","updated_at":"2026-03-21T07:54:31.000Z","dependencies_parsed_at":"2025-09-17T11:42:33.950Z","dependency_job_id":"95acf419-6ca6-471c-b6de-f6b27439722c","html_url":"https://github.com/ejmockler/brutalist-mcp","commit_stats":null,"previous_names":["ejmockler/gemini-mcp-server","ejmockler/brutalist-mcp"],"tags_count":38,"template":false,"template_full_name":null,"purl":"pkg:github/ejmockler/brutalist-mcp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ejmockler%2Fbrutalist-mcp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ejmockler%2Fbrutalist-mcp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ejmockler%2Fbrutalist-mcp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ejmockler%2Fbrutalist-mcp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ejmockler","download_url":"https://codeload.github.com/ejmockler/brutalist-mcp/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ejmockler%2Fbrutalist-mcp/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31430011,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-05T08:13:15.228Z","status":"ssl_error","status_checked_at":"2026-04-05T08:13:11.839Z","response_time":75,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-safety","claude-code","code-review","code-security","codex-cli","gemini-cli","mcp","security-testing"],"created_at":"2025-10-14T16:18:12.348Z","updated_at":"2026-05-31T03:01:54.063Z","avatar_url":"https://github.com/ejmockler.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Brutalist MCP\n\nMulti-perspective code analysis using Claude Code, Codex, and Antigravity (`agy`) CLI agents.\n\n\u003e **Gemini → Antigravity transition (May 2026).** Google sunsets `gemini-cli` for Pro/Ultra/free users on **2026-06-18**. The successor `agy` (Antigravity v1.0.2) is now wired in as the third critic; it's slower per call (~30-60s vs 5-25s for claude/codex) and hard-pinned to `Gemini 3.5 Flash (Medium)` until Google ships [agy #35](https://github.com/google-antigravity/antigravity-cli/issues/35) (per-call `--model`), but auth + subprocess capture both work today.\n\nGet direct, honest technical feedback on your code, architecture, and ideas before they reach production.\n\n## What It Does\n\nThe Brutalist MCP connects your AI coding assistant to three different CLI agents (Claude, Codex, Antigravity), each providing independent analysis. This gives you multiple perspectives on:\n\n- Code quality and security vulnerabilities\n- Architecture decisions and scalability\n- Product ideas and technical feasibility\n- Research methodology and design flaws\n\nReal file-system access. Straightforward analysis. No sugar-coating.\n\n## Quick Start\n\n### Step 1: Install a CLI Agent\n\nYou need at least one of these installed:\n\n```bash\n# Option 1: Claude Code (recommended)\nnpm install -g claude\n\n# Option 2: Codex\n# Install from https://github.com/openai/codex-cli\n\n# Option 3: Antigravity (agy) — the gemini-cli successor\ncurl -fsSL https://antigravity.google/cli/install.sh | bash\n# Then ONE-TIME interactive auth (browser OAuth flow):\nagy \"hi\"\n# On macOS, the agent binary lives at ~/.local/bin/agy; the desktop IDE\n# at ~/.antigravity/antigravity/bin/agy can shadow it on PATH. If both\n# are installed, set AGY_BIN=$HOME/.local/bin/agy in your environment.\n```\n\n### Step 2: Install the MCP Server\n\nChoose your IDE:\n\n**Claude Code:**\n```bash\nclaude mcp add brutalist --scope user -- npx -y @brutalist/mcp@latest\n```\n\n**Codex:**\n```bash\n# Install globally once to avoid npx startup chatter\nnpm i -g @brutalist/mcp\n# Add MCP using the installed binary (clean stdio)\ncodex mcp add brutalist -- brutalist-mcp\n```\n\n**Configuring `tool_timeout_sec` for Codex:**\nThe `tool_timeout_sec` parameter (defaulting to 60 seconds) for your Brutalist MCP server needs to be configured directly in your Codex configuration file at `~/.codex/config.toml`. It cannot be passed via the `codex mcp add` command directly.\n\nTo set a custom timeout (e.g., 5 minutes or 300 seconds), add or modify the `[mcp_servers.brutalist]` section in `~/.codex/config.toml` as follows:\n\n```toml\n[mcp_servers.brutalist]\ncommand = \"brutalist-mcp\" # Ensure this matches your installation command\nargs = [] # Depending on your setup, this might be empty or contain arguments\ntool_timeout_sec = 300 # Set your desired timeout in seconds\n```\n\n\n**Cursor:**\nAdd to `~/.cursor/mcp.json`:\n```json\n{\n  \"mcpServers\": {\n    \"brutalist\": {\n      \"command\": \"npx\",\n      \"args\": [\"-y\", \"@brutalist/mcp@latest\"]\n    }\n  }\n}\n```\n\n**VS Code / Cline:**\n```bash\ncode --add-mcp '{\"name\":\"brutalist\",\"command\":\"npx\",\"args\":[\"-y\",\"@brutalist/mcp@latest\"]}'\n```\n\n**Windsurf:**\nAdd to `~/.codeium/windsurf/mcp_config.json`:\n```json\n{\n  \"mcpServers\": {\n    \"brutalist\": {\n      \"command\": \"npx\",\n      \"args\": [\"-y\", \"@brutalist/mcp@latest\"]\n    }\n  }\n}\n```\n\n### Step 3: Verify Installation\n\n```bash\n# Check which CLI agents are available\ncli_agent_roster()\n```\n\n## Usage Examples\n\n### Analyze Your Codebase\n\n```bash\n# Analyze entire project\nroast_codebase \"/path/to/your/project\"\n\n# Analyze specific modules\nroast_codebase \"/src/auth\"\nroast_codebase \"/src/api/handlers\"\n```\n\n### Validate Ideas\n\n```bash\n# Evaluate a product concept\nroast_idea \"A social network for developers to share code snippets\"\n\n# Review technical decisions\nroast_idea \"Migrating our monolith to microservices with Kubernetes\"\n```\n\n### Review Architecture\n\n```bash\n# System architecture analysis\nroast_architecture \"Microservices with event sourcing and CQRS\"\n\n# Infrastructure design review\nroast_architecture \"\"\"\nAPI Gateway → Load Balancer → 3 Node.js services → PostgreSQL\nRedis for caching, Docker containers on AWS ECS\n\"\"\"\n```\n\n### Security Analysis\n\n```bash\n# Authentication review\nroast_security \"JWT tokens with user roles in localStorage\"\n\n# API security check\nroast_security \"GraphQL API with dynamic queries and no rate limiting\"\n```\n\n### Compare Perspectives\n\n```bash\n# Get multiple viewpoints on technical decisions\nroast_cli_debate \"Should we use TypeScript or Go for this API?\"\n\n# Compare architecture approaches\nroast_cli_debate \"Microservices vs Monolith for our e-commerce platform\"\n```\n\n## How It Works\n\nThis MCP server coordinates analysis from locally installed CLI agents:\n- **Claude Code CLI** - Code review and architectural analysis\n- **Codex CLI** - Security and technical implementation review\n- **Antigravity (`agy`) CLI** - Gemini 3.5 Flash-tier rapid pattern-scan critique\n\nEach agent runs locally with direct file-system access, providing independent perspectives on your code and design decisions. Agy is structurally an agent (not a completion API) — it's slower per call and produces side effects under `~/.gemini/antigravity-cli/scratch/` (the adapter passes `--sandbox` to keep those out of the user's workspace).\n\n**Analysis time:** Up to 25 minutes for complex projects. Thorough analysis requires time to examine code patterns, dependencies, and architectural decisions.\n\n## Pagination for Large Results\n\nFor analyses that exceed your IDE's token limit:\n\n```bash\n# Set chunk size for large codebases\nroast_codebase({targetPath: \"/monorepo\", limit: 20000})\n\n# Continue from cached output; omit resume\nroast_codebase({targetPath: \"/monorepo\", context_id: \"abc123\", offset: 20000, limit: 20000})\n\n# Use cursor-based navigation\nroast_codebase({targetPath: \"/complex-system\", context_id: \"abc123\", cursor: \"offset:25000\"})\n```\n\nFeatures:\n- Smart boundary detection (preserves paragraphs and sentences)\n- Token estimation (~4 chars = 1 token)\n- Progress indicators\n- Configurable chunk size (1K to 100K characters)\n- `resume: true` is only for new follow-up prompts and starts another agent run\n\n## Tools\n\n### Code \u0026 Architecture\n\n| Tool | Analyzes |\n|------|----------|\n| `roast_codebase` | Security vulnerabilities, performance issues, code quality |\n| `roast_file_structure` | Directory organization, naming conventions, structure |\n| `roast_dependencies` | Version conflicts, security vulnerabilities, compatibility |\n| `roast_git_history` | Commit quality, branching strategy, collaboration patterns |\n| `roast_test_coverage` | Test coverage, quality gaps, testing strategy |\n\n### Design \u0026 Planning\n\n| Tool | Analyzes |\n|------|----------|\n| `roast_idea` | Feasibility, market fit, implementation challenges |\n| `roast_architecture` | Scalability, cost, operational complexity |\n| `roast_research` | Methodology, reproducibility, statistical validity |\n| `roast_security` | Attack vectors, authentication, authorization |\n| `roast_product` | UX, adoption barriers, user needs |\n| `roast_infrastructure` | Reliability, scaling, operational overhead |\n| `roast_design` | Perceptual craft, typography, affordances (Playwright for live UIs) |\n| `roast_legal` | Authority, application, adversary, procedure, interpretation, risk |\n\n### Utilities\n\n| Tool | Purpose |\n|------|---------|\n| `roast` | **Unified tool** - use `domain` parameter to select analysis type |\n| `brutalist_discover` | Find the best tool for your intent using natural language |\n| `roast_cli_debate` | Multi-agent discussion from different perspectives |\n| `cli_agent_roster` | Show available CLI agents on your system |\n\n\u003e **Tip:** Use the unified `roast` tool with a domain parameter for a leaner schema, or use `brutalist_discover` to find the right tool based on your intent.\n\nSee [docs/pagination.md](docs/pagination.md) for detailed pagination documentation.\n\n## Advanced Usage\n\n### Choose Specific CLI Agents\n\n```bash\n# Default: run all available critics in parallel (recommended)\nroast(domain=\"codebase\", target=\"/src\")\n\n# Restrict to a subset only when the user explicitly names which critics\nroast(domain=\"codebase\", target=\"/src\", clis=[\"codex\", \"agy\"])\n```\n\n### Agent Strengths\n\nDifferent agents have different strengths:\n- **Code review**: Claude, Codex, Agy\n- **Architecture**: Claude, Codex, Agy\n- **Security**: Codex, Claude, Agy\n- **Research**: Claude, Codex, Agy\n\nWhen auto-selecting (no `clis` parameter), `agy` is always tried LAST since it's the slowest per call. Explicit `clis=[\"agy\"]` honors the request regardless.\n\n### Antigravity (Agy) Auth Setup\n\nLocal dev (one-time):\n```bash\nagy \"hi\"   # browser OAuth flow seeds the macOS keychain (or Linux file)\n```\n\nCI / GitHub Actions: capture the token from your local macOS keychain and store as a GH secret named `AGY_OAUTH_TOKEN`:\n```bash\nsecurity find-generic-password -s gemini -a antigravity -w \\\n  | sed 's/^go-keyring-base64://' | base64 -d \\\n  | gh secret set AGY_OAUTH_TOKEN\n```\nThe Brutalist GitHub Action writes the secret to `~/.gemini/antigravity-cli/antigravity-oauth-token` (mode 0600) before invoking the orchestrator; agy auto-detects the container environment and reads tokens from there. Agy issue [#78](https://github.com/google-antigravity/antigravity-cli/issues/78) (env-var auth) is still open — until it closes, the file-provisioning path is the only way agy authenticates in CI.\n\nIf you have BOTH the Antigravity desktop IDE and the CLI agent installed on macOS, the IDE wrapper at `~/.antigravity/antigravity/bin/agy` may shadow the CLI agent at `~/.local/bin/agy` on PATH. Brutalist auto-prefers `~/.local/bin/agy` when it exists, so no manual override is usually needed. If your install is in a non-standard location, set `AGY_BIN=$HOME/.local/bin/agy` (or wherever) to override.\n\n### Per-Call Model Pinning (Agy)\n\nagy `--print` has no `--model` flag, but its `settings.json` accepts a human-readable label. Brutalist exploits this transparently: pass `models.agy` and brutalist writes the requested label under `flock(2)` for the duration of the call, then restores.\n\n```python\nroast(\n  domain=\"codebase\",\n  target=\"/src\",\n  clis=[\"agy\"],\n  models={\"agy\": \"Gemini 3.1 Pro (High)\"}\n)\n```\n\nSupported labels (Pro / Claude / GPT-OSS tiers require Antigravity entitlement; Flash is always available):\n- `Gemini 3.5 Flash (High)` / `Gemini 3.5 Flash (Medium)`\n- `Gemini 3.1 Pro (High)` / `Gemini 3.1 Pro (Low)`\n- `Claude Sonnet 4.6 (Thinking)`\n- `Claude Opus 4.6 (Thinking)`\n- `GPT-OSS 120B (Medium)`\n\nInvalid labels silently downselect to Flash Medium (agy's behavior, not ours).\n\n### Verification-Heavy Domains\n\n`legal`, `research`, and `security` ship with a mandatory verification protocol. Before citing any external authority (case, statute, study, CVE, advisory), agents must invoke their native web tools, lift a verbatim quote from the source, and tag the citation with one of:\n\n- `[VERIFIED: \u003curl\u003e | \"\u003cverbatim quote supporting the attribution\u003e\"]`\n- `[SUPPLIED: \u003clocation\u003e | \"\u003cverbatim quote from supplied materials\u003e\"]`\n- `[UNVERIFIED: \u003creason\u003e]` — verification failed; no quote\n\nUntagged citations are a protocol violation. The \"state doctrine without a cite\" fallback is conditional on a failed web lookup, not a parallel option. Consumers of the critique can spot-check citations by fetching the URL and grepping for the quoted string.\n\n### Codex Model Selection\n\nCodex uses the Codex CLI's configured/default model by default. The server deliberately does not pass `--model` for Codex, even if `models.codex` is present, so stale tool-call tags cannot override a newer `~/.codex/config.toml` value.\n\nSet `BRUTALIST_CODEX_ALLOW_MODEL_OVERRIDE=true` only if you explicitly want Brutalist to pass `models.codex` through as `codex exec --model ...`. When that opt-in is enabled, deprecated Codex model names are still resolved through the migration table discovered from the Codex CLI config.\n\n## Why Multiple Perspectives\n\nEach CLI agent brings a different approach to analysis:\n- Different training data and focus areas\n- Independent evaluation of the same code\n- Varied perspectives on technical tradeoffs\n\nGetting multiple viewpoints helps identify issues that a single perspective might miss.\n\n---\n\n**License:** MIT\n**Issues:** https://github.com/ejmockler/brutalist-mcp/issues\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fejmockler%2Fbrutalist-mcp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fejmockler%2Fbrutalist-mcp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fejmockler%2Fbrutalist-mcp/lists"}