MCP server that indexes your codebase for AI assistants
Automatically indexes functions and components during code audits. AI assistants can search your codebase with natural language queries before writing new code.
Every function and React component you've ever written, indexed and searchable. Your AI finds existing implementations instead of creating duplicates.
Intelligent analysis that understands singletons, factories, and test patterns. Focus on real issues, not false positives.
Start the MCP server:
npx code-auditor-mcpThen configure it in your AI assistant's MCP settings
Core features: code indexing and quality analysis
Functions and components are indexed during audits, making them searchable via natural language queries.
Without Code Auditor:
"Create a function to validate email addresses"
→ AI writes the 4th email validator in your codebase
With Code Auditor:
"Create a function to validate email addresses"
→ AI follows the workflow guide, searches first, then reports: "Found validateEmail() in utils/validation.ts - it handles RFC 5322 compliance and is already used in 12 places. Here's how to import it..."
Smart analysis that recognizes common patterns like singletons, factories, and test files while checking SOLID principles, DRY violations, and security issues.
You're about to push code:
"Is this ready for PR?"
⚠️ UserService is doing too much (847 lines, 15 public methods)
⚠️ That validation logic? It's in 3 different files
⚠️ React component Button.tsx has 8 different prop combinations
🚨 No rate limiting on login endpoint
✓ But your test coverage is solid!
Health Score: 72/100 - Let's fix those issues first
1. Start the server: npx code-auditor-mcp
2. Configure your AI tool's MCP settings to connect to the server
3. Run get_workflow_guide() to see available workflows including analyzer configuration
4. Use audit() to analyze and index your codebase
5. Search with natural language: search_code(query: "your search") (see operators)
Supports TypeScript, JavaScript, Python, Go, Rust, Java, C#, and more. Enhanced React component analysis.
Common tool interactions showing search, audit, and discovery commands
You:
i need to parse jwt tokens
Code Auditor:
Let me search for existing JWT handling in your codebase.
Found parseJwt in src/utils/auth.ts:34
```typescript
export function parseJwt(token: string): JwtPayload | null {
try {
const base64Url = token.split('.')[1];
const base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');
return JSON.parse(window.atob(base64));
} catch {
return null;
}
}
```
Also found verifyJwt in src/server/auth.ts:89 that validates signatures.You:
audit src/services/
Code Auditor:
Running audit on src/services/ Critical: 0, Warning: 8, Info: 15 src/services/UserService.ts:45 SOLID violation: Single Responsibility - handling auth, database, and email src/services/UserService.ts:123 DRY violation: Duplicate code block (15 lines) also in OrderService.ts:89 src/services/PaymentService.ts:67 Security: No rate limiting on processPayment endpoint Health Score: 72/100
You:
search for try catch blocks that handle axios errors
Code Auditor:
Searching for axios error handling patterns...
Found 7 matches:
api/users.ts:45-52
api/products.ts:78-85
api/orders.ts:112-119
services/external.ts:34-41
utils/fetchData.ts:23-30
components/UserList.tsx:67-74
hooks/useApi.ts:45-52
All using similar pattern:
```typescript
} catch (error) {
if (axios.isAxiosError(error)) {
console.error(error.response?.data);
}
}
```You:
where do we hash passwords
Code Auditor:
Found password hashing in:
src/services/auth/passwordUtils.ts:12-18
```typescript
export async function hashPassword(password: string): Promise<string> {
const saltRounds = 10;
return bcrypt.hash(password, saltRounds);
}
```
Used in:
- src/controllers/auth/register.ts:45
- src/controllers/user/updatePassword.ts:23
- src/services/user/UserService.ts:89You:
find_definition name: validateEmail
Code Auditor:
Found validateEmail in src/utils/validation.ts:23
```typescript
export function validateEmail(email: string): boolean {
const emailRegex = /^[^s@]+@[^s@]+.[^s@]+$/;
return emailRegex.test(email);
}
```
Dependencies: none
Exported: true
Used in 15 filesYou:
search_code query: "entity:component hook:useState hook:useEffect"
Code Auditor:
Found 12 React components: components/UserDashboard.tsx:15 components/tables/DataTable.tsx:28 components/SearchBar.tsx:9 components/forms/UserForm.tsx:41 components/ProductList.tsx:18 pages/admin/Settings.tsx:22 components/modals/ConfirmDialog.tsx:11 components/charts/Analytics.tsx:35 components/layouts/Header.tsx:8 hooks/useAsyncData.ts:5 components/filters/DateFilter.tsx:19 components/widgets/NotificationBell.tsx:12
You:
whitelist_detect autoPopulate: true
Code Auditor:
Detecting whitelist candidates... Found 14 candidates: ✓ express (dependency) - auto-added ✓ @mcp/sdk (dependency) - auto-added ✓ CustomError (error-class) - auto-added ✓ DatabaseFactory (factory-pattern) - auto-added Pending review: - ConfigManager (framework-class) - ServiceLocator (singleton-pattern) Use whitelist_add to manually add entries Use whitelist_get to view all entries
npx code-auditor-mcpCompatible with any MCP-enabled AI assistant
Advanced search operators for precise code discovery
Filter by file path
file:utilsFilter by file type
type:tsxFilter by language
lang:typescriptFilter by entity type
entity:functionFilter async functions
async:trueFilter by export status
exported:trueFilter by function kind
kind:arrowFilter by complexity
complexity:>10Filter by documentation
jsdoc:falseFind complex functions that need refactoring
complexity:>10 -testFind undocumented exported functions
exported:true jsdoc:falseFind React components using hooks
component:functional hook:useStateFind unused imports in src directory
unused-imports file:srcFind what depends on authenticate function
dependents-of:authenticateFind Button components with onClick prop
Button component:functional prop:onClick file:components