Appearance
Client plugin config
How to register the Sonar MCP server with an MCP client (Claude Desktop, Claude Code, or any MCP-capable agent).
Remote (recommended)
Connect over HTTPS with the secret token as a bearer header:
json
{
"mcpServers": {
"sonar": {
"url": "https://mcp.astrixion.ai/mcp",
"headers": { "Authorization": "Bearer <YOUR_MCP_AUTH_TOKEN>" }
}
}
}This gives the agent the pentest surface (read + scan). See Setup.
Local (stdio)
For a co-located agent, launch the server as a subprocess. Defaults to the admin profile.
json
{
"mcpServers": {
"sonar": {
"command": "node",
"args": ["/absolute/path/to/apps/mcp-server/dist/index.js"],
"env": {
"BBM_BASE_URL": "http://localhost:3001",
"BBM_USERNAME": "admin",
"BBM_PASSWORD": "<password>"
}
}
}
}To restrict a local agent, set "BBM_MCP_PROFILE": "pentest" (or "readonly") in env.
Next
Pair the tools with the agent skills so the agent knows how to recon a target and drive a scan, not just which tools exist.