OpenCode MCP
The Aikido MCP (Model Context Protocol) Server brings Aikido's security scanning capabilities directly into your AI coding workflow. By connecting Aikido to your AI-powered IDE and other solutions with MCP support, you enable your coding assistant to automatically scan code for security vulnerabilities and hardcoded secrets, right as you write it.
By integrating the Aikido MCP server into their workflow, agents gain the ability to automatically scan any code they generate. This streamlined workflow allows them to detected and resolve any issues directly as they generate it resulting in safer code early in the development process.
Available Tools
aikido_full_scan: Runs a combined SAST + Secrets scan on provided files.aikido_sast_scan: Runs a local SAST (static application security testing) scan on provided filesaikido_secrets_scan: Runs a secrets-only scan on provided files
Installation
Create a personal access token
In Aikido, go to Settings → Integrations → IDE → MCP
Create a Personal Access Token.
Add Aikido MCP server to your OpenCode config
Open or create ~/.config/opencode/opencode.json and add the following to the file under mcp
{
"$schema": "https://opencode.ai/config.json",
"mcp": {
"aikido": {
"type": "local",
"command": ["npx", "-y", "@aikidosec/mcp"],
"enabled": true,
"environment": {
"AIKIDO_API_KEY": "YOUR_TOKEN",
},
},
},
}Replace YOUR_TOKEN with the token from the previous step.
Add the Aikido rule to Global AGENTS file
Create the vibe prompts directory if it doesn't exist yet.
mkdir -p ~/.config/opencode/skill/aikido/Download the Aikido rule and add it to ~/.vibe/prompts/aikido-rule.txt.
curl -fsSL "https://gist.githubusercontent.com/kidk/1d2c1e754d5a5ddd05c9966d2507ae42/raw/ea8183c0ae1af5ec9bcb8b93275145adbe936c20/aikido-skill.txt" \
-o ~/.config/opencode/skill/aikido/SKILL.mdLast updated
Was this helpful?