MCP Code Audit Server

AI-powered code auditing using local Ollama models with Model Context Protocol (MCP) integration

A comprehensive TypeScript MCP server that performs intelligent code audits for security, completeness, performance, quality, architecture, testing, and documentation using local AI models via Ollama.

🚀 Features

Multi-Dimensional Code Analysis

• Security: OWASP Top 10 vulnerabilities, authentication flaws, injection attacks
• Completeness: TODOs, empty functions, missing error handling, unfinished implementations
• Performance: Algorithmic complexity, memory leaks, optimization opportunities
• Quality: Code smells, SOLID principles, maintainability issues
• Architecture: Design patterns, separation of concerns, dependency management
• Testing: Testability issues, missing coverage, race conditions
• Documentation: API docs, code comments, compliance standards

Intelligent Model Selection

• Multi-model support: CodeLlama, DeepSeek-Coder, StarCoder2, Granite-Code, Qwen2.5-Coder
• Specialization-based routing: Different models for different audit types
• Fallback strategies: Automatic model fallback on failures
• Performance optimization: Fast vs. thorough modes

Advanced Features

• Context-aware analysis: Framework-specific checks (React, Express, Django, etc.)
• Priority-based auditing: Fast mode (security + completeness) for rapid feedback
• Language support: 10+ programming languages with language-specific rules
• Configurable severity: Customizable issue severity thresholds
• Auto-fix suggestions: Confidence-scored fix recommendations
• Complexity analysis: Cyclomatic, cognitive, and maintainability metrics

📋 Requirements

• Node.js: 18.0.0 or higher
• Ollama: Latest version (Download)
• RAM: 8GB+ recommended (for larger models)
• Storage: 10GB+ for essential models, 50GB+ for comprehensive setup

🛠️ Installation

Global Installation (Recommended)

# Install globally from npm
npm install -g @moikas/code-audit-mcp

# Run interactive setup (includes MCP configuration)
code-audit setup

# Or setup with automatic MCP configuration
code-audit setup --auto

# Start the MCP server
code-audit start

Development Installation

# Clone the repository
git clone <repository-url>
cd code-audit-mcp

# Install dependencies
npm install

# Build the package
npm run build

# Test locally
npm run test-local

🚀 Development Setup

Prerequisites

• Node.js: v18.0.0 or higher
• npm: v8.0.0 or higher
• Git: For version control and pre-commit hooks
• VS Code: Recommended IDE (see .vscode/extensions.json for extensions)

Initial Setup

# Clone and enter directory
git clone https://github.com/warrengates/code-audit-mcp.git
cd code-audit-mcp

# Install dependencies (includes husky setup)
npm install

# Build the project
npm run build

# Run quality checks
npm run quality-check

# Test the setup
npm run test-local

Pre-commit Hooks

This project uses Husky and lint-staged for automatic code quality checks:

• ESLint: Checks code for errors and style issues
• Prettier: Formats code consistently
• TypeScript: Type checks all TypeScript files

Pre-commit hooks run automatically on git commit. To manually run quality checks:

# Run all quality checks
npm run quality-check

# Fix auto-fixable issues
npm run quality-fix

# Individual checks
npm run lint          # ESLint check
npm run format:check  # Prettier check
npm run type-check    # TypeScript check

The setup script will:

1. ✅ Check prerequisites (Node.js, npm, tsx)
2. 🩺 Verify Ollama installation and health
3. 📦 Install recommended AI models
4. 🧪 Test MCP server functionality
5. 📝 Generate example configuration

Manual Setup

If you prefer manual installation:

# Install dependencies
npm install

# Install essential models
ollama pull codellama:7b
ollama pull granite-code:8b

# Build the project
npm run build

# Test the server
npm run dev

🎯 Usage

CLI Commands

# Interactive setup wizard
code-audit setup

# Start MCP server (foreground)
code-audit start

# Start as background daemon
code-audit start --daemon

# Stop running server
code-audit stop

# Check system health
code-audit health

# Manage AI models
code-audit models --list
code-audit models --pull codellama:7b

# Configuration management
code-audit config --show
code-audit config --set ollama.host=http://remote:11434

# MCP server management
code-audit mcp status
code-audit mcp configure
code-audit mcp remove

# Check for updates
code-audit update

Development Mode

# Development mode with hot reload
npm run dev

# Build TypeScript
npm run build

# Test package locally
npm run test-local

MCP Integration

Automatic Configuration (Recommended)

The setup wizard now automatically configures code-audit as an MCP server:

# Configure during setup
code-audit setup

# Or configure after installation
code-audit mcp configure

This will automatically add code-audit to:

• Claude Desktop: ~/Library/Application Support/Claude/claude_desktop_config.json
• Claude Code (Global): ~/.config/claude/mcp-settings.json
• Claude Code (Project): .claude/mcp-settings.json

Manual Configuration

If you prefer manual configuration, add to your MCP configuration:

{
  "mcpServers": {
    "code-audit": {
      "command": "code-audit",
      "args": ["start", "--stdio"],
      "env": {}
    }
  }
}

For more details, see:

• MCP Configuration Guide
• Claude Code Integration

Available Tools

audit_code - Main audit tool

{
  "name": "audit_code",
  "arguments": {
    "code": "function processPayment(amount) {
  const query = `SELECT * FROM users WHERE id = ${userId}`;
  // TODO: implement payment logic
}",
    "language": "javascript",
    "auditType": "all",
    "priority": "thorough",
    "context": {
      "framework": "express",
      "environment": "production",
      "performanceCritical": true,
      "projectType": "api"
    }
  }
}

Parameters:

• code (required): Code to audit
• language (required): Programming language
• auditType: security | completeness | performance | quality | architecture | testing | documentation | all
• priority: fast (security + completeness only) | thorough (all audit types)
• context: Additional context for framework-specific analysis
• maxIssues: Limit number of issues returned (default: 50)

health_check - Server health status

{
  "name": "health_check",
  "arguments": {}
}

list_models - Available AI models

{
  "name": "list_models",
  "arguments": {}
}

🔧 Configuration

Server Configuration

Create a configuration file or use environment variables:

const config = {
  name: 'code-audit-mcp',
  version: '1.0.0',
  ollama: {
    host: 'http://localhost:11434',
    timeout: 30000,
    retryAttempts: 3,
    retryDelay: 1000,
  },
  auditors: {
    security: {
      enabled: true,
      severity: ['critical', 'high', 'medium'],
      rules: {
        sql_injection: true,
        xss_vulnerability: true,
        hardcoded_secret: true,
      },
    },
    performance: {
      enabled: true,
      severity: ['high', 'medium', 'low'],
      thresholds: {
        cyclomaticComplexity: 10,
        nestingDepth: 4,
      },
    },
  },
  logging: {
    level: 'info',
    enableMetrics: true,
    enableTracing: false,
  },
};

Auditor Configuration

Each auditor can be individually configured:

{
  enabled: boolean;              // Enable/disable auditor
  severity: Severity[];          // Severity levels to include
  rules: Record<string, boolean>; // Specific rules to enable/disable
  thresholds: Record<string, number>; // Numeric thresholds
}

Model Selection

Configure model preferences for different scenarios:

// Performance-critical code
const performanceConfig = {
  strategy: 'PerformanceModelSelectionStrategy', // Always prefer fast models
  fallbackModels: ['codellama:7b', 'granite-code:8b'],
};

// Quality-focused analysis
const qualityConfig = {
  strategy: 'QualityModelSelectionStrategy', // Always prefer accurate models
  fallbackModels: ['deepseek-coder:33b', 'codellama:13b'],
};

🤖 Supported Models

Essential Models (Recommended)

• CodeLlama 7B: Fast, general-purpose code analysis
• Granite Code 8B: Excellent for security analysis

Comprehensive Setup

• CodeLlama 13B: Better accuracy for complex analysis
• DeepSeek-Coder 6.7B: Superior performance analysis
• StarCoder2 7B: Specialized for testing analysis
• Qwen2.5-Coder 7B: Good for documentation analysis

Full Setup (Advanced)

• DeepSeek-Coder 33B: Highest accuracy (requires 16GB+ RAM)
• StarCoder2 15B: Advanced testing and architecture analysis
• Llama 3.1 8B: Excellent for documentation

Model Installation

# Essential models (~7GB)
ollama pull codellama:7b
ollama pull granite-code:8b

# Comprehensive setup (~30GB)
ollama pull codellama:13b
ollama pull deepseek-coder:6.7b
ollama pull starcoder2:7b
ollama pull qwen2.5-coder:7b

# Full setup (~80GB)
ollama pull deepseek-coder:33b
ollama pull starcoder2:15b
ollama pull llama3.1:8b

🌐 Language Support

Fully Supported

• JavaScript/TypeScript: React, Node.js, Express-specific checks
• Python: Django, Flask, FastAPI-specific analysis
• Java: Spring Boot, security-focused analysis
• Go: Goroutine safety, performance patterns
• Rust: Memory safety, performance optimization

Well Supported

• C#: .NET patterns, security analysis
• PHP: Laravel, WordPress security checks
• Ruby: Rails-specific patt

---