Model Context Protocol (MCP)
Drive API testing from your AI agent
Native MCP server for Total Shift Left. Connect Claude Desktop, Cursor, or any MCP-compatible AI agent to drive test generation, coverage analysis, gap detection, and execution — from inside the conversation, without context-switching to a testing UI.
Why an MCP server matters for API testing
The Model Context Protocol is the standard interface between AI agents and the systems they need to operate on. For API testing, MCP changes the workflow shape: instead of “the developer leaves their IDE, opens the testing platform, and clicks generate,” the developer stays in their conversation and the agent drives the platform on their behalf.
Total Shift Left is the first enterprise API testing platform to ship a native MCP server. That isn't a marketing distinction — it's a structural one. None of the legacy enterprise platforms (ReadyAPI, Tricentis Tosca, Parasoft SOAtest) currently expose an MCP interface, which means agent-driven workflows on those platforms are limited to whatever public REST API exists and whatever wrapper the developer is willing to write.
Stays in your editor
The agent in Cursor or Claude Desktop drives test generation, coverage analysis, and execution — no UI context switch required.
Open protocol
MCP is an open standard. As more agent runtimes adopt it, support extends automatically — nothing platform-specific to maintain.
Six purpose-built tools
generateTests, enrichTest, explainCoverage, generateForGaps, analyzeEndpoint, validateTests — designed for the QE workflow, not generic CRUD.
Works with self-hosted
Point the server at any Shift-Left deployment — multi-tenant SaaS or self-hosted. Credentials stay in environment variables; the server itself doesn't talk to any LLM directly.
Six tools your agent can call
Each tool corresponds to a real QE workflow. The agent discovers them automatically when it connects to the MCP server; no glue code, no schema definitions, no per-client wrappers.
generateTeststoolGenerate a complete test suite for a given OpenAPI / Swagger / WSDL specification. The agent provides the spec source; the server returns generated tests covering happy paths, edge cases, and error scenarios.
enrichTesttoolTake an existing test and enrich it — add negative cases, boundary conditions, security checks, and additional assertions. Useful inside an editor where the agent is reviewing or expanding human-written tests.
explainCoveragetoolReturn a structured explanation of current test coverage for a project — which endpoints are tested, which methods/status codes are covered, and which parameters have assertions. Lets the agent reason about gaps the way a human QE would.
generateForGapstoolAuto-generate tests specifically for endpoints, methods, status codes, or parameters that current coverage misses. Closes the loop between explainCoverage and net-new test creation.
analyzeEndpointtoolDeep-analyze a single endpoint — its request schema, response schema, auth requirements, and risk profile. Returns a structured assessment the agent can use to prioritize testing.
validateTeststoolRun a set of tests and return structured results (pass / fail / error) plus failure reasons. Lets the agent close the loop on test execution without leaving the conversation.
Four resources for read-only context
Beyond callable tools, MCP supports resources — URIs the agent can read for context. Total Shift Left exposes four:
test://coverageCurrent coverage report for a project as a structured resource the agent can read directly.
test://gapsCoverage gap analysis — endpoints, methods, status codes, and parameters not yet covered.
test://schemaImported API schema (OpenAPI / Swagger / WSDL) for the project, normalized for agent consumption.
test://outputLatest test execution output — pass/fail counts, failure reasons, response bodies for failed assertions.
Connecting from Claude Desktop
Add this to your Claude Desktop MCP config (typically ~/Library/Application Support/Claude/claude_desktop_config.json on macOS or %APPDATA%\Claude\claude_desktop_config.json on Windows):
{
"mcpServers": {
"shift-left-api": {
"command": "node",
"args": [
"/path/to/shift-left-studio/backend/src/mcp/server.js"
],
"env": {
"SHIFTLEFT_URL": "https://app.totalshiftleft.ai",
"SHIFTLEFT_EMAIL": "you@yourcompany.com",
"SHIFTLEFT_PASSWORD": "your-api-password",
"SHIFTLEFT_PROJECT_ID": "your-project-id"
}
}
}
}Restart Claude Desktop after editing the config. The Shift-Left tools will appear in the tool selector inside any conversation.
Connecting from Cursor
Cursor reads MCP config from .cursor/mcp.json in the workspace or from global Cursor settings. Environment-variable interpolation lets you keep credentials out of the config file:
// .cursor/mcp.json
{
"mcpServers": {
"shift-left-api": {
"command": "node",
"args": ["/path/to/shift-left-studio/backend/src/mcp/server.js"],
"env": {
"SHIFTLEFT_URL": "${env:SHIFTLEFT_URL}",
"SHIFTLEFT_EMAIL": "${env:SHIFTLEFT_EMAIL}",
"SHIFTLEFT_PASSWORD": "${env:SHIFTLEFT_PASSWORD}",
"SHIFTLEFT_PROJECT_ID": "${env:SHIFTLEFT_PROJECT_ID}"
}
}
}
}After Cursor reloads the config, the Shift-Left tools become available in agent-driven editor commands and the chat panel.
Security posture for MCP
MCP is a transport, not an LLM. The Total Shift Left MCP server itself never calls an LLM — it exposes tools and resources that the agent runtime invokes. Where conversations and intermediate data go depends on which client you use:
- Claude Desktop / cloud agents: conversation context (including data the agent retrieves through the MCP server) goes to the cloud LLM provider. Suitable for non-regulated workloads or anything where your AI policy already permits the LLM provider in question.
- Self-hosted MCP-compatible clients + self-hosted LLM: conversation context stays inside your perimeter end-to-end. Pair an internally-hosted MCP client (or a thin custom one) with a self-hosted LLM (Ollama, vLLM, LM Studio) to keep both the prompts and the testing-platform interactions inside your boundary.
For platform-level data flow and access controls, see the security page.
MCP server — frequently asked questions
What is the Model Context Protocol (MCP)?
MCP is an open protocol introduced by Anthropic in late 2024 that lets AI agents connect to external systems through a standard tool/resource interface. An MCP server exposes tools (callable actions) and resources (readable data); an MCP client (like Claude Desktop, Cursor, or any agent runtime that speaks the protocol) discovers and uses them. Total Shift Left ships a native MCP server so any MCP-compatible client can drive API testing directly.Which AI clients can use the Total Shift Left MCP server?
Any client that implements the Model Context Protocol. Today that includes Claude Desktop, Cursor, the Claude Agent SDK, Continue, and a growing set of IDE extensions and agent frameworks. Because MCP is an open protocol, support extends automatically as new clients adopt it — there is nothing platform-specific to maintain.What can an agent actually do with these six tools?
Real workflows our customers run today: (1) developer pastes a new endpoint spec into Cursor and asks "generate tests" — the agent calls generateTests via MCP and returns a complete test suite. (2) QE engineer asks Claude "what coverage gaps do we have on the payments service?" — agent calls explainCoverage, then generateForGaps to fill the missing cases. (3) Reviewer asks Claude during PR review "validate these new tests against the staging API" — agent calls validateTests and reports back inline.Does the MCP server send my API specs to a third-party LLM?
No. The MCP server is a transport — the agent (Claude, Cursor, etc.) is what calls the LLM. If you use Claude Desktop, your conversations and the data the agent retrieves go to Anthropic. If you use a self-hosted MCP-compatible client connected to your own LLM (Ollama, vLLM), your specs and prompts stay inside your perimeter end-to-end. The MCP server itself doesn't talk to any LLM directly.How does the MCP server authenticate to my Shift-Left deployment?
Email and password (or API token) passed through environment variables in the MCP client configuration. The server uses these to authenticate against the Shift-Left /api/v1 endpoints with the same authorization scope as the user. Use a dedicated service account with project-scoped permissions for production setups.Which Shift-Left tier includes the MCP server?
Professional and Enterprise tiers, plus the 15-day Trial. The Citizen Developer free tier does not include MCP server access — see the pricing comparison for the full feature matrix.Is there a hosted MCP endpoint, or do I run the server myself?
Today the MCP server is a stdio-transport process spawned by the MCP client (Claude Desktop, Cursor) on demand. That keeps the connection local and credentials in environment variables, which most teams prefer for security. A hosted SSE-transport variant for organization-wide deployments is on the roadmap.Does the MCP server work with self-hosted Shift-Left deployments?
Yes. The server points at whatever SHIFTLEFT_URL you configure — multi-tenant SaaS or your self-hosted deployment behind a corporate firewall. Network reachability between the agent's machine and the Shift-Left API is the only requirement.Why is the MCP server uniquely valuable for an enterprise API testing platform?
Most API testing tools were designed before AI agents existed and treat AI as a feature inside their UI. MCP flips that: the agent (in your IDE, in your terminal, in your Claude conversation) drives the platform. For a developer working in Cursor or a QE engineer working in Claude Desktop, "I need test coverage for this new endpoint" becomes a natural-language request that the agent fulfills through MCP — without context-switching to the testing platform UI. None of the legacy enterprise platforms (ReadyAPI, Tricentis Tosca, Parasoft SOAtest) ship an MCP server today.
More integrations
Drive API testing from your AI agent
Forever-free Citizen Developer or 15-day Enterprise trial. The MCP server is included on Trial, Professional, and Enterprise tiers.