The fastest path from zero to a running SmeltSec pipeline.
Install the CLI globally with `npm install -g @smeltsec/cli`, or run one-off commands via `npx @smeltsec/cli`. The package is MIT-licensed and works on macOS, Linux, and Windows (WSL). No Docker image required.
Server code generation targets Python 3.11 (FastMCP) and TypeScript (MCP TypeScript SDK). Source-code analysis via Tree-sitter covers Python, TypeScript, JavaScript, Go, Rust, Java, and Ruby. Additional targets are rolling out on Team and Enterprise plans.
Yes. The Free plan includes unlimited local generation, all 15 free scanners in Gate 1, quality scoring, and config sync for one machine. Gate 2 behavioral analysis is the only paid step (≈ $0.02 per scan) and is only run on Team plans and above.
For a medium REST API (12–20 endpoints) the full eight-step pipeline finishes in under 60 seconds. Large repos with hundreds of files can take a few minutes, most of it spent in Tree-sitter parsing.
The CLI and core libraries live at github.com/smeltsec. The npm packages (@smeltsec/cli, @smeltsec/core, @smeltsec/proxy, @smeltsec/sync) are all open source under MIT. Only the behavioral analysis backend is closed.
🚀
快速开始
quick-start
安装CLI
npm install -g @smeltsec/cli
smeltsec --version
生成您的第一个服务器
# From a GitHub repo
smeltsec generate --from github:owner/repo
# From an OpenAPI spec
smeltsec generate --from ./openapi.yaml
# From a natural language description
smeltsec generate --prompt "Create a Stripe MCP server"
生成过程中发生了什么
通过Tree-sitter AST解析进行源代码分析
Gate 1安全扫描(SAST、密钥、CVEs)
MCP服务器代码生成(FastMCP或TypeScript SDK)
Gate 2安全扫描(工具投毒、行为分析)
带报告卡的质量+安全评分
客户端配置生成(Claude Desktop、Cursor、VS Code等)
安装配置
# Auto-install config for Claude Desktop
smeltsec config install --client claude_desktop
# Or copy manually
cp ./mcp-server/claude_desktop_config.json ~/.config/claude/