DURA MCP Server

MCP (Model Context Protocol) server for DURA – Dependency Update Risk Analyzer. modelcontextprotocol

Integrates DURA's dependency analysis capabilities with AI coding assistants (Cline, Cursor, Claude Code, Continue.dev, etc.) and desktop apps like Claude Desktop that support MCP servers. modelcontextprotocol

*

Quick Start

$3

``bash


Global install (recommended)

npm install -g dura-mcp

Or use npx (no install needed)

npx dura-mcp
`

The MCP server internally uses dura-kit to perform dependency analysis. github

$3

Add this entry to your AI agent’s MCP configuration (the exact file/setting path differs per client, but the JSON structure is the same): modelcontextprotocol

`json
{
"mcpServers": {
"dura": {
"command": "npx",
"args": ["dura-mcp"],
"cwd": "${workspaceFolder}"
}
}
}
`

This pattern works for:

- Cline (VS Code)
- Cursor
- Claude Desktop / Claude Code
- Continue.dev
- Other MCP-compatible IDE and desktop clients that accept an mcpServers JSON block. airbyte

cwd is set to ${workspaceFolder} so the server runs relative to your current project and can resolve local dependencies or configuration correctly. github

| Client | Config Location |
|--------|-----------------|
| Cline | VS Code Settings → MCP |
| Cursor | Settings → MCP Servers |
| Claude Desktop | ~/Library/Application Support/Claude/ |
| Continue.dev | ~/.continue/mcp.json |
| Roo Code | Settings → Tools |

491+ MCP clients - Full list

*

Configuration Fallbacks

If npx dura-mcp does not work in your environment, you can fall back to local or absolute paths as needed. zuplo

$3

Install locally in your project:

`bash
npm install dura-mcp
`

Then configure:

`json
{
"mcpServers": {
"dura": {
"command": "node",
"args": ["./node_modules/.bin/dura-mcp"],
"cwd": "${workspaceFolder}"
}
}
}
`

$3

Useful for global or non-standard installs:

`json
{
"mcpServers": {
"dura": {
"command": "node",
"args": ["/full/path/to/your/project/node_modules/.bin/dura-mcp"],
"cwd": "/full/path/to/your/project"
}
}
}
`

$3

If npm install -g dura-mcp is used and dura-mcp is on your PATH: github

`json
{
"mcpServers": {
"dura": {
"command": "dura-mcp"
}
}
}
`

*

Verifying the Server in Terminal

From your project root (the same directory used as cwd):

`bash


1) Start the server

npx dura-mcp

2) List tools via MCP

echo '{"jsonrpc":"2.0","id":1,"method":"tools/list"}' | npx dura-mcp

3) Call a tool directly

echo '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"get_risk_summary","arguments":{"repoUrl":"https://github.com/expressjs/express"}}}' | npx dura-mcp
`

If everything is wired correctly, you should see a JSON response listing four tools on tools/list and a structured result for get_risk_summary rather than an internal error. github

*

Available Tools

The DURA MCP server provides four tools for dependency risk analysis. github

$3

Complete dependency analysis with detailed risk assessment and actionable recommendations.

Parameters

- repoUrl (required): GitHub repository URL, for example https://github.com/facebook/react
- branch (optional): Git branch to analyze, default main
- useCache (optional): Use cached results if available, default true

Returns

- Overall health score and risk summary
- Critical issues requiring attention
- Breaking changes with evidence
- Prioritized action items
- Suggested update order

$3

Focuses on only the highest-risk dependencies that require immediate attention.

Parameters

- repoUrl (required): GitHub repository URL
- branch (optional): Git branch, default main

Returns

- List of high-risk dependencies
- Explanation of why each is high risk
- Specific recommendations and priority guidance

$3

Returns only dependencies with confirmed breaking changes.

Parameters

- repoUrl (required): GitHub repository URL
- branch (optional): Git branch, default main

Returns

- Dependencies with confirmed breaking changes
- Confidence scores and supporting evidence from release notes
- Migration and upgrade guidance

$3

Lightweight health check and risk overview.

Parameters

- repoUrl (required): GitHub repository URL
- branch (optional): Git branch, default main

Returns

- Health score (0–100)
- Risk distribution (high/medium/low)
- Overall status and recommendation

*

Typical AI Usage Patterns

These examples illustrate how AI assistants tend to use the tools; they are not strict requirements: github

- Quick check:
“Is it safe to update my dependencies?” → get_risk_summary
- Deep audit:
“Analyze dependencies for https://github.com/expressjs/express” → analyze_repository
- Critical-only view:
“What are the risky dependencies in React?” → get_high_risk_dependencies
- Upgrade planning:
“What breaking changes do I need to worry about?” → get_breaking_changes

*

How It Works

1. The AI assistant receives a dependency-related question.
2. The MCP client lists available tools from the DURA MCP server.
3. The AI chooses the appropriate tool (full analysis, high-risk only, breaking changes, or summary).
4. The MCP server runs the dura-kit CLI to analyze the target repository. github
5. Results are normalized into structured JSON and returned via MCP.
6. The AI formats the findings into natural language and follow-up recommendations.

*

Caching Behavior

The MCP server caches repository analyses for one hour: github

- First query: Fetches fresh data, typically a few seconds.
- Repeated queries: Served from cache for the same repository and branch.
- Cache expiry: After one hour, the next call re-runs analysis.
- Manual refresh: Set useCache: false for analyze_repository to force a fresh run.

Cache is shared across tools, so one full analysis speeds up subsequent summary or filtered calls for the same repository. github

*

Requirements

- Node.js 18.0.0 or higher
- Internet access (GitHub and npm APIs)
- Currently supports public GitHub repositories with a package.json in the root directory github

*

Troubleshooting

$3

`bash
npm install -g dura-mcp
which dura-mcp
`

Ensure the printed path is on your PATH and update your configuration to use either dura-mcp (global) or npx dura-mcp as described above. github

$3

- Confirm your config uses one of the working patterns above (especially cwd).
- Restart the client fully after editing MCP config.
- Open the client’s developer tools/console and check for spawn errors or path issues. docs.cline

$3

- Run echo '{"jsonrpc":"2.0","id":1,"method":"tools/list"}' | npx dura-mcp from the same directory as cwd.
- If this fails, adjust cwd and args until terminal tests succeed, then mirror that in your MCP config. modelcontextprotocol

$3

- Verify the repository URL is public and valid.
- Ensure the repo contains package.json at the root.
- Test the underlying CLI directly:
npx dura-kit https://github.com/owner/repo github

*

Development

$3

`bash
git clone https://github.com/ArchieTansaria/dura.git
cd dura/mcp
npm install
node server.js
`

The server starts and waits for MCP JSON-RPC messages on stdin. github

$3

`bash
npm install -g @modelcontextprotocol/inspector
npx @modelcontextprotocol/inspector node server.js
`

Use the inspector UI to list tools, call each one, and inspect responses. modelcontextprotocol

$3

`bash
cd dura/mcp
npm link

Then in your MCP client config:


{
"mcpServers": {
"dura": {
"command": "dura-mcp"
}
}
}
``

*

Links

- DURA CLI: dura-kit on npm
- GitHub Repository: ArchieTansaria/dura
- MCP Documentation: Model Context Protocol
- Issues: GitHub Issues

*

License

MIT License – see the LICENSE file for details.