Is Code Auditor free?

Yes, Code Auditor is free to use.

How do I install Code Auditor?

Code Auditor is a local plugin. Install it using npm package: code-auditor-mcp and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What AI apps work with Code Auditor?

Code Auditor uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Code Auditor MCP Server

by BenAHammond

Developer ToolsLow Risk10.0MCP RegistryLocal

Free

Server data from the Official MCP Registry

Code Quality Auditor: Analyze code for SOLID principles, DRY violations, and more

About

Code Quality Auditor: Analyze code for SOLID principles, DRY violations, and more

Security Report

10.0

Low Risk10.0Low Risk

Valid MCP server (2 strong, 4 medium validity signals). No known CVEs in dependencies. Package registry verified. Imported from the Official MCP Registry.

3 files analyzed · 1 issue found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

file_system

Check that this permission is expected for this type of plugin.

env_vars

Check that this permission is expected for this type of plugin.

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "mcp-server": {
      "args": [
        "-y",
        "code-auditor-mcp"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

Code Auditor: AI-Powered Multi-Language Code Intelligence

Your AI understands your code across languages. Code Auditor indexes your entire codebase (TypeScript, JavaScript, and Go) and provides real-time analysis that AI assistants like Claude can actually use to help you write better code.

The Problem It Solves

AI coding assistants are powerful, but they're flying blind. They can't search your codebase, don't know your patterns, and miss critical context. Code Auditor changes that by creating a searchable index of every function, component, and pattern in your code.

How It Works

Index - Automatically catalogs functions, React components, Go structs, and dependencies
Analyze - Detects SOLID violations, code duplication, and security issues across multiple languages
Connect - AI assistants access your code index via MCP (Model Context Protocol)
Iterate - Get intelligent suggestions based on your actual codebase patterns

Quick Start (2 minutes)

# Add to your project with Claude Code CLI
claude mcp add code-auditor -- npx code-auditor-mcp

# That's it! Now ask Claude:
# "What authentication functions exist in my codebase?"
# "Find all API endpoints and check for rate limiting"
# "Show me Go structs that handle user data"
# "Compare TypeScript and Go implementations of the same feature"

Core Features That Matter

🔍 Multi-Language Code Search

"Find all functions that validate user input"
"Show me where we're calling the payment API"
"What Go structs implement the User interface?"
"Compare error handling patterns between TypeScript and Go"

🎯 Smart Code Analysis

SOLID Principles - Catch architecture issues before they spread
DRY Violations - Find duplicate code that should be refactored
Security Patterns - Verify auth, rate limiting, SQL injection protection
Dead Code - Identify unused imports and functions

🤖 AI Tool Integration

Auto-generates configurations for:

Claude (via MCP)
Cursor
Continue
GitHub Copilot
10+ other AI assistants

⚙️ Persistent Configuration

Set your analyzer preferences once:

You: "Set SOLID analyzer to allow 3 responsibilities for components"
Claude: Configuration saved! All future audits will use this setting.

📋 Project task queue (MCP)

Use the project_tasks tool to keep a per-project task list in the local database (titles, status, priorities, due dates, blockers, related files/symbols, and more). Tasks survive sync_index reset: clearing the analysis index removes indexed functions, cached audits, code maps, and schema overlays so you do not keep “ghost” references to deleted code—it does not delete your task list or analyzer configs.

Real Examples

Example 1: Finding Authentication Patterns

You: "Show me all authentication-related functions"
Claude: Found 23 functions across 8 files:
- `validateToken()` in auth/tokens.ts:45
- `requireAuth()` in middleware/auth.ts:12
- `checkPermissions()` in auth/permissions.ts:78
...

Example 2: Analyzing Code Quality

You: "Audit the user service for issues"
Claude: Found 3 critical issues:
- Single Responsibility violation: UserService handles both auth and profile updates
- SQL injection risk: Raw query in getUserByEmail() at line 234
- Missing rate limiting on password reset endpoint

Example 3: Discovering Patterns

You: "Find React components similar to DataTable"
Claude: Found 4 similar components:
- `UserTable` - extends DataTable with user-specific columns
- `OrderGrid` - implements similar pagination pattern
- `ProductList` - uses same filtering approach

Installation Options

Published package (npm / pnpm / yarn)

npm install -g code-auditor-mcp
# or: pnpm add -g code-auditor-mcp
code-audit  # Run analysis

Project install

npm install --save-dev code-auditor-mcp
npx code-audit

Developing from this repository

Requires Node.js 18+. From the app/ directory:

pnpm install
pnpm run build
pnpm test

The package manager in use is pnpm (see packageManager in package.json). Use pnpm run test:parity only if you need the legacy vs universal analyzer parity suite.

CI/CD Integration

# GitHub Actions
- name: Code Audit
  run: npx code-audit --fail-on-critical

MCP server: where the index is stored

The Loki index file defaults to <current working directory>/.code-index/index.db. If your MCP host runs with an unexpected or shared cwd, point at a dedicated folder:

Environment variable CODE_AUDITOR_DATA_DIR — directory to use as the storage root (absolute or relative to the process cwd when the server starts). The database file is <resolved>/index.db (no extra .code-index segment).
CLI — node dist/mcp-index.js --data-dir /path/to/data (equivalent to setting the env var). The published binary code-auditor-mcp also accepts --data-dir because it loads the same bootstrap.

Example Cursor .cursor/mcp.json fragment:

{
  "mcpServers": {
    "code-auditor": {
      "command": "node",
      "args": ["/absolute/path/to/code-auditor/app/dist/mcp-index.js", "--stdio"],
      "env": {
        "CODE_AUDITOR_DATA_DIR": "/Users/you/Library/Application Support/code-auditor"
      }
    }
  }
}

Key Commands

code-audit                    # Full analysis with HTML report
code-audit -f json           # JSON output for CI/CD
code-audit -a solid,dry      # Run specific analyzers
code-audit --health          # Quick health score (0-100)

The Feedback Loop

Write Code → Code Auditor indexes it automatically
Ask AI → "Is there a function to validate emails?"
Get Context → AI finds validateEmail() and similar patterns
Improve → AI suggests using existing validation instead of duplicating
Repeat → Your AI gets smarter about YOUR codebase

Configuration

Set custom thresholds for your architecture:

// Via MCP
mcp.set_analyzer_config({
  analyzerName: "solid",
  config: {
    maxUnrelatedResponsibilities: 4,
    patternThresholds: {
      "Dashboard": { maxResponsibilities: 6 }
    }
  }
});

Advanced Search Operators

What You Want	Search Query
Complex functions	`complexity:>10`
Go functions only	`lang:go`
TypeScript components	`lang:typescript component:functional`
Undocumented exports	`exported:true jsdoc:false`
React hooks usage	`component:functional hook:useState`
Go struct methods	`lang:go entity:struct`
Find dependencies	`calls:validateUser`
Cross-language patterns	`name:validateEmail`
Unused imports	`unused-imports file:src`

Performance

Indexes 10,000+ functions in seconds
Incremental updates on file changes
LokiJS for fast in-memory search
FlexSearch for intelligent queries

Contributing

See CONTRIBUTING.md for guidelines.

License

MIT - Use it anywhere, anytime.

Ready to give your AI x-ray vision into your code?

claude mcp add code-auditor -- npx code-auditor-mcp

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

MarkItDown

Free

by Microsoft · Content & Media

Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption

mcp-creator-typescript

Free

by mcp-marketplace · Developer Tools

Scaffold, build, and publish TypeScript MCP servers to npm — conversationally

FinAgent

Free

by mcp-marketplace · Finance

Free stock data and market news for any MCP-compatible AI assistant.

Code Auditor MCP Server

About

Security Report

Findings (1)

Permissions Required

How to Install

Documentation

Code Auditor: AI-Powered Multi-Language Code Intelligence

The Problem It Solves

How It Works

Quick Start (2 minutes)

Core Features That Matter

🔍 Multi-Language Code Search

🎯 Smart Code Analysis

🤖 AI Tool Integration

⚙️ Persistent Configuration

📋 Project task queue (MCP)

Real Examples

Example 1: Finding Authentication Patterns

Example 2: Analyzing Code Quality

Example 3: Discovering Patterns

Installation Options

Published package (npm / pnpm / yarn)

Project install

Developing from this repository

CI/CD Integration

MCP server: where the index is stored

Key Commands

The Feedback Loop

Configuration

Advanced Search Operators

Performance

Contributing

License

Reviews

No reviews yet

More Developer Tools MCP Servers

Git

Toleno

mcp-creator-python

MarkItDown

mcp-creator-typescript

FinAgent

Code Auditor MCP Server

About

Security Report

Findings (1)

Permissions Required

How to Install

Documentation

Code Auditor: AI-Powered Multi-Language Code Intelligence

The Problem It Solves

How It Works

Quick Start (2 minutes)

Core Features That Matter

🔍 Multi-Language Code Search

🎯 Smart Code Analysis

🤖 AI Tool Integration

⚙️ Persistent Configuration

📋 Project task queue (MCP)

Real Examples

Example 1: Finding Authentication Patterns

Example 2: Analyzing Code Quality

Example 3: Discovering Patterns

Installation Options

Published package (npm / pnpm / yarn)

Project install

Developing from this repository

CI/CD Integration

MCP server: where the index is stored

Key Commands

The Feedback Loop

Configuration

Advanced Search Operators

Performance

Contributing

License

Reviews

No reviews yet

More Developer Tools MCP Servers