Jiffy Scan
Jiffy Scan MCP server β deterministic AI artifact scanning over the Model Context Protocol. Part of the Jiffy Trust Protocol (JTP).
Ask AI about Jiffy Scan
Powered by Claude Β· Grounded in docs
I know everything about Jiffy Scan. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Reviews
Documentation
Jiffy Scan MCP Server
The open-source wedge for the Jiffy Trust Protocol (JTP) β the first deterministic primitive any MCP-capable agent can call before loading another AI artifact (skill, MCP server, IDE rules file, Custom GPT, Claude project, or browser extension).
v0.1.0 ships the TypeScript flavor only. A Python port is planned for a later minor release.
The server exposes a single MCP tool:
jiffy_scan(artifact_uri, type?) ->
{ jts, tier, ioi_flags, sarif?, framework_codes? }
jtsβ integer 0-100, the Jiffy Trust Score.tierβ"TRUSTED" | "CAUTION" | "RISKY" | "CRITICAL".ioi_flagsβ list of canonical threat-pattern flags (e.g.credential_exfil,prompt_injection_pattern,malicious_skill).sarifβ optional SARIF 2.1.0 log for GitHub Advanced Security / GitLab.framework_codesβ optional OWASP-LLM / MITRE ATT&CK mapping (populated in a later release).
Install
pnpm dlx @jiffylabs/jiffy-scan-mcp --help
# or once installed:
pnpm add -D @jiffylabs/jiffy-scan-mcp
Claude Desktop
Add to ~/Library/Application Support/Claude/claude_desktop_config.json
(macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):
{
"mcpServers": {
"jiffy-scan": {
"command": "pnpm",
"args": ["dlx", "@jiffylabs/jiffy-scan-mcp"]
}
}
}
Roadmap
- Python port (PyPI
jiffy-scan-mcp) β planned for the next minor release.
Transport
v0.1.0 ships stdio only. HTTP / SSE transport is tracked for a later release.
Attribution
The scanner code is vendored from the Jiffy Intel repository
Jiffy-Labs-AI/jiffy-intel β
specifically web/src/lib/scanner/ at commit
ee411571324aa19a2853efbcd912915361429695. Every vendored file carries a
source-SHA attribution comment. See CHANGELOG.md for the
reconciliation plan with upstream.
Preflight + scope resolution
The publish-npm.yml workflow runs pnpm publish --dry-run --access public
before any real publish. If the @jiffylabs scope is owned by the provisioned
NPM_TOKEN, the published name is @jiffylabs/jiffy-scan-mcp. Otherwise the
workflow falls back to the unscoped jiffy-scan-mcp. The build report at
.harness/sprint-5-build.md records which path fired.
License
Apache 2.0 β see LICENSE.