README update

kapravel · kapravel · commit 48e10f490e68 · 2025-05-23T11:51:12.000-04:00
diff --git a/README.md b/README.md
@@ -172,3 +172,22 @@ After global installation, you can use the `socket-mcp` command from anywhere:
 export SOCKET_API_KEY=your_api_key_here
 socket-mcp
 ```
+
+## Adjust tool usage with custom rules
+
+You can further customize how the Socket MCP server interacts with your AI assistant by modifying your client rules. The rules are usually a markdown file and its location depends on the AI assistant you are using. 
+
+| MCP Client | Rules File Location |
+|---|---|
+| Claude Desktop/Code | `CLAUDE.md`  |
+| VSCode Copilot | `.github/copilot-instructions.md`  |
+| Cursor | `.cursor/rules` |
+
+
+Rules that can be added to the client rules file include the following:
+
+```md
+Always check dependency scores with the debscore tool when you add a new dependency. If the score is low, consider using an alternative library or writing the code yourself. If you are unsure about the score, ask for a review from someone with more experience. When checking dependencies, make sure to also check the imports not just the pyproject.toml file.
+```
+
+You can adjust the rules to fit your needs. For example, you can add rules to include specific manifest files, or guide the AI assistant on how to handle low scores. The rules are flexible and can be tailored to your workflow.
diff --git a/src/index.ts b/src/index.ts
@@ -46,7 +46,7 @@ const server = new McpServer({
 
 server.tool(
     "depscore",
-    "Get the dependency score of a package with the `depscore` tool from Socket. Use 'unknown' for version if not known. Use this tool to scan dependencies for their quality and security on existing code or when code is generated. Stop generating code and ask the user how to proceed when any of the scores are low.",
+    "Get the dependency score of a package with the `depscore` tool from Socket. Use 'unknown' for version if not known. Use this tool to scan dependencies for their quality and security on existing code or when code is generated. Stop generating code and ask the user how to proceed when any of the scores are low. When checking dependencies, make sure to also check the imports in the code, not just the manifest files (pyproject.toml, package.json, etc).",
     {
         ecosystem: z.string().describe("The package ecosystem (e.g., npm, pypi)").default("npm"),
         depname: z.string().describe("The name of the dependency"),

Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,7 @@ const server = new McpServer({`
`46`	`46`
`47`	`47`	`server.tool(`
`48`	`48`	`"depscore",`
`49`		- "Get the dependency score of a package with the `depscore` tool from Socket. Use 'unknown' for version if not known. Use this tool to scan dependencies for their quality and security on existing code or when code is generated. Stop generating code and ask the user how to proceed when any of the scores are low.",
	`49`	+ "Get the dependency score of a package with the `depscore` tool from Socket. Use 'unknown' for version if not known. Use this tool to scan dependencies for their quality and security on existing code or when code is generated. Stop generating code and ask the user how to proceed when any of the scores are low. When checking dependencies, make sure to also check the imports in the code, not just the manifest files (pyproject.toml, package.json, etc).",
`50`	`50`	`{`
`51`	`51`	`ecosystem: z.string().describe("The package ecosystem (e.g., npm, pypi)").default("npm"),`
`52`	`52`	`depname: z.string().describe("The name of the dependency"),`