The fastest path from zero to a running SmeltSec pipeline.
Install the CLI globally with `npm install -g @smeltsec/cli`, or run one-off commands via `npx @smeltsec/cli`. The package is MIT-licensed and works on macOS, Linux, and Windows (WSL). No Docker image required.
Server code generation targets Python 3.11 (FastMCP) and TypeScript (MCP TypeScript SDK). Source-code analysis via Tree-sitter covers Python, TypeScript, JavaScript, Go, Rust, Java, and Ruby. Additional targets are rolling out on Team and Enterprise plans.
Yes. The Free plan includes unlimited local generation, all 15 free scanners in Gate 1, quality scoring, and config sync for one machine. Gate 2 behavioral analysis is the only paid step (≈ $0.02 per scan) and is only run on Team plans and above.
For a medium REST API (12–20 endpoints) the full eight-step pipeline finishes in under 60 seconds. Large repos with hundreds of files can take a few minutes, most of it spent in Tree-sitter parsing.
The CLI and core libraries live at github.com/smeltsec. The npm packages (@smeltsec/cli, @smeltsec/core, @smeltsec/proxy, @smeltsec/sync) are all open source under MIT. Only the behavioral analysis backend is closed.
🚀
クイックスタート
quick-start
CLIをインストール
npm install -g @smeltsec/cli
smeltsec --version
最初のサーバーを生成
# From a GitHub repo
smeltsec generate --from github:owner/repo
# From an OpenAPI spec
smeltsec generate --from ./openapi.yaml
# From a natural language description
smeltsec generate --prompt "Create a Stripe MCP server"
生成中に何が起こるか
Tree-sitter ASTパーシングによるソースコード分析
Gate 1セキュリティスキャン(SAST、シークレット、CVEs)
MCPサーバーコード生成(FastMCPまたはTypeScript SDK)
Gate 2セキュリティスキャン(ツールポイズニング、行動分析)
レポートカード付き品質+セキュリティスコアリング
クライアント設定生成(Claude Desktop、Cursor、VS Codeなど)
設定をインストール
# Auto-install config for Claude Desktop
smeltsec config install --client claude_desktop
# Or copy manually
cp ./mcp-server/claude_desktop_config.json ~/.config/claude/