MCP.so
登录

概览

What is Codesentinel?

Codesentinel is a Model Context Protocol (MCP) server that analyzes source code for security vulnerabilities, deceptive patterns, placeholder code, code smells, and good practices. It integrates with Claude Code and other MCP-compatible clients to serve as a quality gate before issues reach production.

How to use Codesentinel?

Install globally via npm (npm install -g code-sentinel-mcp) and add to Claude Code using claude mcp add code-sentinel -- npx code-sentinel-mcp, or manually configure the MCP server in ~/.claude/claude_desktop_config.json. Use the provided tools by asking Claude Code to analyze code snippets or files.

Key features of Codesentinel

  • Detects 93 distinct patterns across 5 categories
  • Security analysis: hardcoded secrets, SQL injection, XSS, command injection
  • Deceptive pattern detection: empty catch blocks, silent failures, linter suppression
  • Placeholder detection: TODOs, lorem ipsum, incomplete implementations
  • Error and code smell detection: type coercion, null references, async anti‑patterns
  • Strength recognition: highlights proper typing, error handling, testing patterns

Use cases of Codesentinel

  • Audit AI‑generated code for hardcoded secrets, empty catch blocks, and placeholders before merging
  • Review pull requests for security vulnerabilities and error‑hiding patterns
  • Scan existing codebases for missing error handling and risky patterns during refactoring
  • Generate visual HTML reports for team review of code quality

FAQ from Codesentinel

Which languages does Codesentinel support?

Codesentinel supports TypeScript, JavaScript, Python, Go, Rust, Java, Kotlin, Swift, C#, C/C++, PHP, Vue, and Svelte, with language detection based on file extension.

How is the quality score calculated?

The score (0–100) is 100 - (critical × 25) - (high × 15) - (medium × 5) - (low × 1) + (strengths × 2). Critical issues deduct 25 points, strengths add 2 points each.

What tools does Codesentinel provide?

Tools include analyze_code, generate_report, check_security, check_deceptive_patterns, check_placeholders, analyze_patterns, and analyze_design_patterns. Each accepts code and filename parameters and returns structured JSON or HTML reports.

Can I add custom detection patterns?

Yes. Edit files in src/analyzers/ (security.ts, deceptive.ts, placeholders.ts, errors.ts, strengths.ts) following the existing pattern structure with regex, severity, and optional verification logic.

How does the verification feature work?

Many patterns include a verification object with assumption, confirmIf, and falsePositiveIf fields to reduce false positives by confirming only when the pattern matches certain contextual conditions.

标签

来自「开发工具」的更多内容