io.github.BenAHammond/code-auditor-mcp
编码与调试by benahammond
代码质量审计工具:分析代码是否符合 SOLID 原则、存在 DRY 违例,并发现更多可维护性问题。
什么是 io.github.BenAHammond/code-auditor-mcp?
代码质量审计工具:分析代码是否符合 SOLID 原则、存在 DRY 违例,并发现更多可维护性问题。
README
Code Auditor: AI-Powered Multi-Language Code Intelligence
Your AI understands your code across languages. Code Auditor indexes your entire codebase (TypeScript, JavaScript, and Go) and provides real-time analysis that AI assistants like Claude can actually use to help you write better code.
The Problem It Solves
AI coding assistants are powerful, but they're flying blind. They can't search your codebase, don't know your patterns, and miss critical context. Code Auditor changes that by creating a searchable index of every function, component, and pattern in your code.
How It Works
- Index - Automatically catalogs functions, React components, Go structs, and dependencies
- Analyze - Detects SOLID violations, code duplication, and security issues across multiple languages
- Connect - AI assistants access your code index via MCP (Model Context Protocol)
- Iterate - Get intelligent suggestions based on your actual codebase patterns
Quick Start (2 minutes)
# Add to your project with Claude Code CLI
claude mcp add code-auditor -- npx code-auditor-mcp
# That's it! Now ask Claude:
# "What authentication functions exist in my codebase?"
# "Find all API endpoints and check for rate limiting"
# "Show me Go structs that handle user data"
# "Compare TypeScript and Go implementations of the same feature"
Core Features That Matter
🔍 Multi-Language Code Search
"Find all functions that validate user input"
"Show me where we're calling the payment API"
"What Go structs implement the User interface?"
"Compare error handling patterns between TypeScript and Go"
🎯 Smart Code Analysis
- SOLID Principles - Catch architecture issues before they spread
- DRY Violations - Find duplicate code that should be refactored
- Security Patterns - Verify auth, rate limiting, SQL injection protection
- Dead Code - Identify unused imports and functions
🤖 AI Tool Integration
Auto-generates configurations for:
- Claude (via MCP)
- Cursor
- Continue
- GitHub Copilot
- 10+ other AI assistants
⚙️ Persistent Configuration
Set your analyzer preferences once:
You: "Set SOLID analyzer to allow 3 responsibilities for components"
Claude: Configuration saved! All future audits will use this setting.
📋 Project task queue (MCP)
Use the project_tasks tool to keep a per-project task list in the local database (titles, status, priorities, due dates, blockers, related files/symbols, and more). Tasks survive sync_index reset: clearing the analysis index removes indexed functions, cached audits, code maps, and schema overlays so you do not keep “ghost” references to deleted code—it does not delete your task list or analyzer configs.
Real Examples
Example 1: Finding Authentication Patterns
You: "Show me all authentication-related functions"
Claude: Found 23 functions across 8 files:
- `validateToken()` in auth/tokens.ts:45
- `requireAuth()` in middleware/auth.ts:12
- `checkPermissions()` in auth/permissions.ts:78
...
Example 2: Analyzing Code Quality
You: "Audit the user service for issues"
Claude: Found 3 critical issues:
- Single Responsibility violation: UserService handles both auth and profile updates
- SQL injection risk: Raw query in getUserByEmail() at line 234
- Missing rate limiting on password reset endpoint
Example 3: Discovering Patterns
You: "Find React components similar to DataTable"
Claude: Found 4 similar components:
- `UserTable` - extends DataTable with user-specific columns
- `OrderGrid` - implements similar pagination pattern
- `ProductList` - uses same filtering approach
Installation Options
Published package (npm / pnpm / yarn)
npm install -g code-auditor-mcp
# or: pnpm add -g code-auditor-mcp
code-audit # Run analysis
Project install
npm install --save-dev code-auditor-mcp
npx code-audit
Developing from this repository
Requires Node.js 18+. From the app/ directory:
pnpm install
pnpm run build
pnpm test
The package manager in use is pnpm (see packageManager in package.json). Use pnpm run test:parity only if you need the legacy vs universal analyzer parity suite.
CI/CD Integration
# GitHub Actions
- name: Code Audit
run: npx code-audit --fail-on-critical
MCP server: where the index is stored
The Loki index file defaults to <current working directory>/.code-index/index.db. If your MCP host runs with an unexpected or shared cwd, point at a dedicated folder:
- Environment variable
CODE_AUDITOR_DATA_DIR— directory to use as the storage root (absolute or relative to the process cwd when the server starts). The database file is<resolved>/index.db(no extra.code-indexsegment). - CLI —
node dist/mcp-index.js --data-dir /path/to/data(equivalent to setting the env var). The published binarycode-auditor-mcpalso accepts--data-dirbecause it loads the same bootstrap.
Example Cursor .cursor/mcp.json fragment:
{
"mcpServers": {
"code-auditor": {
"command": "node",
"args": ["/absolute/path/to/code-auditor/app/dist/mcp-index.js", "--stdio"],
"env": {
"CODE_AUDITOR_DATA_DIR": "/Users/you/Library/Application Support/code-auditor"
}
}
}
}
Key Commands
code-audit # Full analysis with HTML report
code-audit -f json # JSON output for CI/CD
code-audit -a solid,dry # Run specific analyzers
code-audit --health # Quick health score (0-100)
The Feedback Loop
- Write Code → Code Auditor indexes it automatically
- Ask AI → "Is there a function to validate emails?"
- Get Context → AI finds
validateEmail()and similar patterns - Improve → AI suggests using existing validation instead of duplicating
- Repeat → Your AI gets smarter about YOUR codebase
Configuration
Set custom thresholds for your architecture:
// Via MCP
mcp.set_analyzer_config({
analyzerName: "solid",
config: {
maxUnrelatedResponsibilities: 4,
patternThresholds: {
"Dashboard": { maxResponsibilities: 6 }
}
}
});
Advanced Search Operators
| What You Want | Search Query |
|---|---|
| Complex functions | complexity:>10 |
| Go functions only | lang:go |
| TypeScript components | lang:typescript component:functional |
| Undocumented exports | exported:true jsdoc:false |
| React hooks usage | component:functional hook:useState |
| Go struct methods | lang:go entity:struct |
| Find dependencies | calls:validateUser |
| Cross-language patterns | name:validateEmail |
| Unused imports | unused-imports file:src |
Performance
- Indexes 10,000+ functions in seconds
- Incremental updates on file changes
- LokiJS for fast in-memory search
- FlexSearch for intelligent queries
Contributing
See CONTRIBUTING.md for guidelines.
License
MIT - Use it anywhere, anytime.
Ready to give your AI x-ray vision into your code?
claude mcp add code-auditor -- npx code-auditor-mcp
常见问题
io.github.BenAHammond/code-auditor-mcp 是什么?
代码质量审计工具:分析代码是否符合 SOLID 原则、存在 DRY 违例,并发现更多可维护性问题。
相关 Skills
网页构建器
by anthropics
面向复杂 claude.ai HTML artifact 开发,快速初始化 React + Tailwind CSS + shadcn/ui 项目并打包为单文件 HTML,适合需要状态管理、路由或多组件交互的页面。
✎ 在 claude.ai 里做复杂网页 Artifact 很省心,多组件、状态和路由都能顺手搭起来,React、Tailwind 与 shadcn/ui 组合效率高、成品也更精致。
前端设计
by anthropics
面向组件、页面、海报和 Web 应用开发,按鲜明视觉方向生成可直接落地的前端代码与高质感 UI,适合做 landing page、Dashboard 或美化现有界面,避开千篇一律的 AI 审美。
✎ 想把页面做得既能上线又有设计感,就用前端设计:组件到整站都能产出,难得的是能避开千篇一律的 AI 味。
网页应用测试
by anthropics
用 Playwright 为本地 Web 应用编写自动化测试,支持启动开发服务器、校验前端交互、排查 UI 异常、抓取截图与浏览器日志,适合调试动态页面和回归验证。
✎ 借助 Playwright 一站式验证本地 Web 应用前端功能,调 UI 时还能同步查看日志和截图,定位问题更快。
相关 MCP Server
GitHub
编辑精选by GitHub
GitHub 是 MCP 官方参考服务器,让 Claude 直接读写你的代码仓库和 Issues。
✎ 这个参考服务器解决了开发者想让 AI 安全访问 GitHub 数据的问题,适合需要自动化代码审查或 Issue 管理的团队。但注意它只是参考实现,生产环境得自己加固安全。
Context7 文档查询
编辑精选by Context7
Context7 是实时拉取最新文档和代码示例的智能助手,让你告别过时资料。
✎ 它能解决开发者查找文档时信息滞后的问题,特别适合快速上手新库或跟进更新。不过,依赖外部源可能导致偶尔的数据延迟,建议结合官方文档使用。
by tldraw
tldraw 是让 AI 助手直接在无限画布上绘图和协作的 MCP 服务器。
✎ 这解决了 AI 只能输出文本、无法视觉化协作的痛点——想象让 Claude 帮你画流程图或白板讨论。最适合需要快速原型设计或头脑风暴的开发者。不过,目前它只是个基础连接器,你得自己搭建画布应用才能发挥全部潜力。