GroundTruth-MCP is a self-hosted MCP server that fetches live, up-to-date documentation and audits your code against 445+ curated libraries and 107+ audit patterns — no rate limits or API keys required.
Route queries automatically (
gt_dispatch): Use plain-text like "use gt for react" and it routes to the right tool with the right arguments.Resolve libraries (
gt_resolve_library): Look up any library by name to get a validated ID, docs URL, and metadata. Falls back to npm, PyPI, crates.io, and pkg.go.dev.Batch resolve (
gt_batch_resolve): Resolve up to 20 library names to IDs in one call.Fetch live documentation (
gt_get_docs): Get current docs for any library on a specific topic, prioritizingllms.txt, Jina Reader, then GitHub README. Supports version pinning.Get best practices (
gt_best_practices): Fetch patterns, anti-patterns, and configuration guidance targeting best-practices pages, guides, and performance tips.Auto-scan project dependencies (
gt_auto_scan): Reads manifest files (package.json,requirements.txt,Cargo.toml,go.mod, etc.) and fetches best practices for every detected dependency.Search any topic (
gt_search): Search across OWASP, MDN, web.dev, W3C, AI provider docs, and more — covering security, accessibility, performance, web standards, and beyond.Audit your code (
gt_audit): Scan source files with 107+ patterns across 18 categories (security, accessibility, React, Next.js, TypeScript, Node.js, Python, Vue, Svelte, Angular, testing, performance, and more), pinpointing issues at exactfile:linelocations with live fix guidance.Fetch changelogs (
gt_changelog): Get release notes for any library version before upgrading, from GitHub Releases,CHANGELOG.md, or the docs site.Check compatibility (
gt_compat): Verify browser, Node.js, or runtime support for web APIs, CSS features, or JS syntax via MDN and caniuse.com.Compare libraries (
gt_compare): Compare 2–3 libraries side-by-side with live docs, filtered by specific criteria (e.g. bundle size, TypeScript support, DX).Find real-world code examples (
gt_examples): Search GitHub for actual usage examples from popular open-source projects, with repository attribution.Get migration guides (
gt_migration): Fetch step-by-step instructions, breaking changes, and upgrade guides when migrating between library versions.Get code snippets (
gt_snippets): Retrieve ranked code snippets from a library's own documentation, cached per library/version for instant retrieval, filterable by topic and language.
Provides documentation and best practices for Cloudflare services, including Cloudflare Workers.
Provides documentation, best practices, and compatibility checks for Cloudflare Workers.
Provides access to CSS specifications, browser compatibility data, best practices, and audit patterns for CSS code.
Provides documentation and best practices for Docker containerization and Dockerfile optimization.
Provides documentation, migration guides, and code examples for Drizzle ORM.
Provides documentation, best practices, and audit patterns for Expo and React Native mobile development.
Provides documentation, best practices, and code examples for Express.js web framework.
Provides documentation, best practices, and audit support for FastAPI Python web framework.
Provides documentation and best practices for Firebase services, including authentication, Firestore, and cloud functions.
Provides access to GitHub repository documentation, README files, release notes, and code examples via the GitHub API.
Provides documentation and best practices for GitHub Actions CI/CD workflows.
Provides documentation and best practices for Gmail API integration and email handling.
Provides documentation and best practices for Google APIs, including Maps, Analytics, Ads, Cloud, and other Google services.
Provides documentation and best practices for Google Cloud Platform services such as Compute Engine, Cloud Storage, and Vertex AI.
Provides documentation and best practices for Google Gemini AI API, including function calling and model capabilities.
Provides documentation, code examples, and best practices for Hono web framework.
Provides documentation and best practices for Kubernetes deployment, configuration, and management.
Provides documentation and best practices for LangChain LLM application framework.
Provides documentation, best practices, and audit support for NestJS framework.
Provides documentation, best practices, migration guides, and audit patterns for Next.js framework.
Provides documentation, best practices, and audit support for Node.js runtime, including security and performance patterns.
Provides fallback documentation and package metadata for npm packages.
Provides documentation and best practices for OpenAI API, including models and function calling.
Provides documentation, best practices, and configuration guidance for OpenTelemetry observability framework.
Provides documentation and best practices for OWASP security guidelines, including SQL injection prevention, XSS, and authentication.
Provides documentation, best practices, and comparison support for Prisma ORM.
Provides fallback documentation and package metadata for PyPI Python packages.
Provides documentation, best practices, and audit support for Python, including security and performance patterns.
Provides documentation, best practices, and audit patterns for React, including hooks, component patterns, and React 19 migration.
Provides browser compatibility data and documentation for Safari web features.
Provides documentation, best practices, and audit support for Tailwind CSS, including migration from v3 to v4.
Provides documentation and best practices for Terraform infrastructure-as-code.
Provides documentation, best practices, and audit patterns for TypeScript, including type safety and code quality rules.
Provides documentation and best practices for WebAuthn and passkey authentication.
Provides documentation and best practices for WebRTC real-time communication API.
Provides documentation and best practices for YouTube Data API and embedded player integration.
The problem
Your model doesn't know that React 19 killed forwardRef, that Next.js made cookies() async, or that Tailwind v4 nuked @tailwind directives. It writes deprecated patterns with full confidence. It hands you SQL injection dressed up as a query builder and uses any in TypeScript like it's a feature.
GroundTruth runs on your machine. Fetches docs from the source — llms.txt, Jina Reader, GitHub — right when you ask. 445+ curated libraries, plus npm, PyPI, crates.io, and pkg.go.dev as fallback. The audit tool reads your actual files, finds issues at exact file:line locations, and fetches the current fix from the real spec.
Related MCP server: nexus-mcp-ci
Install
Claude Code
claude mcp add gt -- npx -y @groundtruth-mcp/gt-mcp@latestCursor / Claude Desktop / VS Code
Add to your MCP config (claude_desktop_config.json, .cursor/mcp.json, or .vscode/mcp.json):
{
"mcpServers": {
"gt": {
"command": "npx",
"args": ["-y", "@groundtruth-mcp/gt-mcp@latest"]
}
}
}No build step. No config file. Node.js 24+. Using @latest means npx pulls the newest version on every session start — you always get the latest libraries, audit patterns, and fixes without doing anything.
Optional: GitHub token
GroundTruth fetches README files, release notes, migration guides, and code examples from GitHub. Unauthenticated requests are limited to 60/hr. A token with no extra scopes takes it to 5,000/hr.
# Claude Code
claude mcp add gt -e GT_GITHUB_TOKEN=ghp_yourtoken -- npx -y @groundtruth-mcp/gt-mcp@latest
# Cursor / Claude Desktop / VS Code — add env to your config:
"env": { "GT_GITHUB_TOKEN": "ghp_yourtoken" }What it does
Fourteen tools. Each does one thing.
Tool | What it does |
| Find a library by name. Falls back to npm, PyPI, crates.io, pkg.go.dev |
| Fetch live docs for a specific topic |
| Patterns, anti-patterns, and config guidance for any library |
| Read your manifest, fetch best practices for every dependency |
| Search OWASP, MDN, web.dev, W3C, AI provider docs, Google APIs |
| Scan source files — issues at exact |
| Release notes before you upgrade |
| Browser and runtime compatibility via MDN + caniuse |
| Compare 2-3 libraries side-by-side |
| Real-world code examples from GitHub |
| Migration guides and breaking changes |
| Resolve up to 20 libraries in one call |
| Pre-indexed, ranked code snippets per library and version, cached on disk |
| Routes a plain-text query ("use gt mcp") to the right tool with args |
How to use it
You don't need to memorize tool names. Just talk to your AI assistant.
use gt for nextjs
use gt for drizzle migrations
gt audit
use gt to check WCAG focus indicators
use gt for OpenTelemetry setup
find all issues and fix with gt
use gt for Google Gemini API
use gt for Claude tool useOr call tools directly:
gt_resolve_library({ libraryName: "nestjs" })
gt_get_docs({ libraryId: "nestjs/nest", topic: "guards" })
gt_best_practices({ libraryId: "vercel/next.js", topic: "caching" })
gt_auto_scan({ projectPath: "." })
gt_search({ query: "OWASP SQL injection prevention" })
gt_audit({ projectPath: ".", categories: ["security", "accessibility"] })
gt_changelog({ libraryId: "vercel/next.js", version: "15" })
gt_compat({ feature: "CSS container queries", environments: ["safari"] })
gt_compare({ libraries: ["prisma", "drizzle-orm"], criteria: "TypeScript support" })
gt_examples({ library: "hono", pattern: "middleware" })gt_audit — the one that finds what you missed
Walks your project, runs 107+ patterns across 18 categories, pinpoints issues at file:line, then fetches fix guidance from the authoritative source.
gt_audit({ categories: ["all"] }) // all 18 categories
gt_audit({ categories: ["security", "node"] }) // OWASP + Node.js
gt_audit({ categories: ["python", "security"] }) // Python OWASP scan
gt_audit({ categories: ["accessibility"] }) // WCAG AA
gt_audit({ categories: ["typescript", "react"] }) // type safety + React rulesCategory | What it checks |
| XSS, SQL injection, command injection, SSRF, path traversal, hardcoded credentials, CORS wildcard |
| Missing alt text, onClick on div, icon-only buttons, inputs without labels, |
| forwardRef (React 19), useFormState renamed, index as key, conditional hooks |
| Sync cookies/headers/params (Next.js 16), Tailwind v3 directives, missing metadata |
|
|
| Missing lazy loading, useEffect data fetching, missing Suspense boundaries |
| CLS-causing images, 100vh on mobile, missing font-display |
| console.log in production, sync fs ops, unhandled callbacks |
| SQL injection via f-string, eval/exec, subprocess shell=True, pickle.loads |
Sample output:
## [CRITICAL] SQL built via template literal
Category: security | Severity: critical | Count: 2
Fix: db.query('SELECT * FROM users WHERE id = $1', [userId])
Files:
- src/db/users.ts:47
- src/api/search.ts:23
Live fix: OWASP SQL Injection Prevention Cheat Sheetgt_auto_scan — best practices for your whole stack
Point it at your project root. It reads the manifest, figures out what you're using, and pulls best practices for each dependency.
gt_auto_scan({ projectPath: "." })Supports package.json, requirements.txt, pyproject.toml, Cargo.toml, go.mod, pom.xml, build.gradle, and composer.json.
gt_search — anything that isn't a specific library
Covers security, accessibility, performance, web APIs, CSS, HTTP, AI providers, Google APIs, infrastructure, databases, and more.
gt_search({ query: "WCAG 2.2 focus indicators" })
gt_search({ query: "Core Web Vitals LCP optimization" })
gt_search({ query: "Claude tool use best practices" })
gt_search({ query: "Google Gemini API function calling" })
gt_search({ query: "JWT vs session cookies" })
gt_search({ query: "gRPC vs REST tradeoffs" })Area | Topics |
Security | OWASP Top 10, SQL injection, XSS / CSP, CSRF, HSTS, CORS, JWT, OAuth 2.1, WebAuthn, SSRF, API security |
Accessibility | WCAG 2.2, WAI-ARIA, keyboard navigation |
Performance | Core Web Vitals, image optimization, web fonts, Speculation Rules |
Web APIs | Fetch, Workers, WebSocket, WebRTC, IndexedDB, Web Crypto, Intersection Observer |
CSS | Grid, Flexbox, Container Queries, View Transitions, Cascade Layers, :has(), Subgrid |
AI providers | Claude, OpenAI, Gemini, Mistral, Cohere, Groq, LangChain, LlamaIndex |
Maps, Analytics, Ads, Cloud, Firebase, Vertex AI, YouTube, Gmail, Sheets | |
Infrastructure | Docker, Kubernetes, GitHub Actions, Terraform, Cloudflare Workers |
How docs are fetched
For every request, GroundTruth tries sources in order and stops at the first one that returns useful content:
llms.txt/llms-full.txt— context files published by maintainers for LLM consumptionJina Reader — converts docs pages to clean markdown, handles JS-rendered sites
GitHub README / releases — latest release notes and README
npm / PyPI / crates.io / pkg.go.dev — fallback for packages outside the curated registry
Library coverage
445+ curated entries with 100% best-practices and URL pattern coverage, plus automatic fallback to npm, PyPI, crates.io, and pkg.go.dev. Any public package in any major ecosystem is resolvable.
Ecosystem | Libraries |
React / Next.js | React, Next.js, shadcn/ui, Radix UI, Tailwind CSS, Headless UI |
State management | Zustand, Jotai, TanStack Query, SWR, Redux Toolkit, XState |
Backend (Node.js) | Express, Fastify, Hono, NestJS, Elysia, tRPC |
Backend (Python) | FastAPI, Django, Flask, Pydantic |
Backend (Go / Rust) | Gin, Fiber, GORM, Axum, Actix Web, Tokio |
Database / ORM | Prisma, Drizzle, Kysely, TypeORM, Supabase, Neon, Turso |
AI / LLM | Claude API, OpenAI API, Gemini API, Vercel AI SDK, LangChain, LlamaIndex |
Testing | Vitest, Playwright, Jest, Testing Library, Cypress, MSW |
Auth | Clerk, NextAuth, Better Auth, Lucia |
Mobile | Expo, React Native, React Navigation, NativeWind |
Build tools | Vite, Turbopack, SWC, Biome, ESLint, Turborepo |
Cloud | Vercel, Cloudflare Workers, AWS SDK, Firebase, Google Cloud |
Monitoring | Sentry, PostHog, OpenTelemetry |
Full list in the documentation.
vs. Context7
Context7 is solid. Here's why I reach for this instead.
GroundTruth | Context7 | |
Hosting | Self-hosted (stdio) + HTTP mode | Cloud backend, local MCP client |
Rate limits | None | 1,000 free/month ($10/seat for 5,000) |
Transport | Stdio + Streamable HTTP | Stdio + Streamable HTTP |
Source priority | llms.txt -> Jina -> GitHub -> npm/PyPI | Vector DB with proprietary crawl pipeline |
Tools | 14 specialized tools | 2 tools |
Code audit | 107+ patterns, 18 categories, file:line, live fixes | No |
Freeform search | OWASP, MDN, AI docs, Google APIs, web standards | Library docs only |
Changelog, compat, compare, examples, migration | Yes | No |
MCP Resources + Prompts | 2 resources, 8 prompts | No |
Lockfile detection | Reads exact versions from lockfiles | No |
Libraries | 445+ curated + npm/PyPI/crates.io/Go fallback | Undisclosed (claims "thousands") |
API key required | No | No |
Context7 indexes docs into a vector database — fast lookups, but with indexing lag on new releases. GroundTruth fetches from the source at query time, prioritizes llms.txt, and scores content quality so your model knows when to retry.
Environment variables
All optional. Works out of the box with zero configuration.
Variable | Purpose | Default |
| GitHub API auth — raises rate limit from 60 to 5,000 req/hr | none |
| Disk cache location for persistent cross-session caching |
|
| Parallel fetch limit in |
|
| Bearer token required for HTTP transport endpoints | none |
| Port to enable HTTP transport (otherwise stdio) | none |
| Set |
|
Contributing
The public registry lives in src/sources/registry.ts. Adding a library is a PR with id, name, docsUrl, and llmsTxtUrl if the project publishes one.
Issues and requests: github.com/rm-rf-prod/GroundTruth-MCP/issues
Active development
GroundTruth is under active development. New curated registry entries, audit patterns, search topics, and features are added regularly. The registry covers 445+ libraries with 100% bestPracticesPaths and urlPatterns coverage. Automatic fallback to npm, PyPI, crates.io, and pkg.go.dev means any public package is resolvable out of the box.
To stay updated:
Star and watch the GitHub repo for release notifications
Use
@latestin your MCP config (the default install command) — npx fetches the newest version automaticallyCheck tool responses — GroundTruth appends an update notice when a newer version is available
Full documentation
Tool schemas, audit pattern details, architecture, caching internals, and the complete library list:
Star history
License
Elastic License 2.0 — free to use, free to self-host, free to build on. The one thing you can't do is turn it into a managed service and sell it. Fair enough.
Maintenance
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/rm-rf-prod/GroundTruth-MCP'
If you have feedback or need assistance with the MCP directory API, please join our Discord server