How to Use the Contrast Security MCP in Mastra AI

Q: How do I install the Contrast Security MCP Server in Mastra AI?

Install the required package via npm install @mastra/mcp@latest in your project. Define the client using new MCPClient and register the Vinkius URL under your server configuration. Finally, spread the tools into your Mastra agent definition.

Q: Can I query user permissions dynamically?

Your Mastra agent can call listorganizationusers to audit who has access to your Contrast dashboard. You can write a workflow that cross-references this list with your corporate directory to find orphaned accounts.

Build self-healing AppSec pipelines by connecting Contrast Security to your Mastra AI workflows.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect Contrast Security MCP to Mastra AI

Create your Vinkius account to connect Contrast Security to Mastra AI and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup Contrast Security with Mastra AI

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Trigger conditional security playbooks in Mastra AI

Stop triaging security alerts manually. This Mastra AI setup lets you build workflows that automatically call `list_critical_vulnerabilities` via the MCP link. If the tool returns new high-risk bugs, the workflow branches to notify the on-call engineer and opens a ticket. The agent uses `get_vulnerability_details` to pull the precise stack trace. Mastra's built-in retry logic ensures that transient network hiccups won't drop your security alerts. You get a bulletproof automation loop that keeps your production environment safe.

Check your server agent status using Mastra AI MCP Server

Keep an eye on your active Contrast Security deployments. Your Mastra agent calls `list_monitored_servers` to verify which production nodes are actively reporting telemetry. If a server stops sending data, the workflow immediately flags the node for inspection. You can combine this check with application status queries. The agent runs `list_applications` to cross-reference offline servers with affected software packages. It gives your infrastructure team a clear picture of what went down and where.

Build autonomous hunting loops with Mastra AI

Run deep security audits across your entire application portfolio. By using Mastra's multi-step execution, your agent uses `search_vulnerabilities` to filter for specific CVEs across all environments. It sifts through hundreds of traces without needing human supervision. When it finds a match, it invokes `get_application_details` to pull the owner metadata. The workflow then packages the findings and sends them to the responsible engineering team. This keeps your vulnerability management process running 24/7.

Setup guide

Set up Contrast Security MCP in Mastra AI

Prerequisites

Node.js 18+ and a TypeScript project
@mastra/mcp + @mastra/core packages
Active Vinkius subscription with a valid endpoint token

1

Install dependencies
Run npm install @mastra/mcp @mastra/core plus your preferred model provider (e.g. @ai-sdk/openai).
2

Configure the MCPClient
Create an MCPClient with your Vinkius endpoint as a URL object. Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com.
3

Discover and inject tools
Call mcpClient.listTools() and spread the result into your agent's tools object. All Contrast Security tools become native Mastra tools.
4

Run with any model
Swap openai("gpt-4o") for any AI SDK-compatible provider. Call agent.generate() and the agent routes tool calls through MCP automatically.

agent.ts

import { MCPClient } from "@mastra/mcp";
import { Agent } from "@mastra/core/agent";
import { openai } from "@ai-sdk/openai";

const mcpClient = new MCPClient({
  id: "contrast-security-mcp-client",
  servers: {
    "contrast-security-mcp": {
      url: new URL(
        "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
      ),
    },
  },
});

const agent = new Agent({
  name: "Contrast Security Agent",
  model: openai("gpt-4o"),
  instructions: "You have access to Contrast Security tools.",
  tools: {
    ...(await mcpClient.listTools()),
  },
});

const result = await agent.generate(
  "List recent Contrast Security transactions"
);
console.log(result.text);

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Contrast Security. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Contrast Security now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Contrast Security MCP in Mastra AI

Install the required package via `npm install @mastra/mcp@latest` in your project. Define the client using `new MCPClient` and register the Vinkius URL under your server configuration. Finally, spread the tools into your Mastra agent definition.

Yes, you can enforce human-in-the-loop validation using Mastra's `requireToolApproval` setting. This stops the agent from executing automated steps until a security team member reviews the output of `get_vulnerability_details`.

Mastra AI features built-in exponential backoff for tool execution. If calling `list_vulnerability_traces` hits a rate limit, the client automatically backs off and retries the request without failing your workflow.

Your Mastra agent can call `list_organization_users` to audit who has access to your Contrast dashboard. You can write a workflow that cross-references this list with your corporate directory to find orphaned accounts.

Your vulnerability traces and server lists are never used for training models. Mastra connects directly to Vinkius's secure sandbox via SSE or HTTP. Only the specific metadata returned by `get_organization_info` is processed, keeping your security posture confidential.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript