Labsco
notasandy logo

mcp-code-sanitizer

β˜… 1

from notasandy

Strict AI code reviewer powered by Groq. Finds bugs, SQL injections, hardcoded secrets and vulnerabilities. Scores code 0–100 with concrete fixes.

πŸ”₯πŸ”₯βœ“ VerifiedPaid serviceNeeds API keys

mcp-code-sanitizer

Strict AI-powered code reviewer for Claude Desktop, Cursor, VS Code, and Claude Code CLI. Finds bugs, vulnerabilities, and security issues β€” powered by Groq (free API).

Claude / Cursor / VS Code  ──MCP──►  code-sanitizer  ──REST──►  Groq API
                                        (server.py)              (llama-3.3-70b)

demo


Features

ToolWhat it does
analyze_codeStrict review β€” bugs, security issues, score 0–100
compare_codeCompares two versions, detects regressions, recommends merge/request_changes
explain_codeStep-by-step explanation for junior / middle / senior audience
generate_testsGenerates pytest / jest / go test β€” happy path, edge cases, security
analyze_fileAnalyzes a whole file from disk with parallel chunking
generate_reportBuilds an HTML report from any analysis result
cache_infoCache statistics and clearing

Example output

{
  "summary": "Critical SQL injection and secret exposed in logs",
  "score": 23,
  "issues": [
    {
      "severity": "critical",
      "line": 2,
      "title": "SQL Injection",
      "description": "f-string directly interpolates user_id into query",
      "fix": "cursor.execute('SELECT * FROM users WHERE id = %s', (user_id,))"
    }
  ],
  "warnings": [{"title": "No exception handling", "description": "..."}],
  "suggestions": ["Consider using an ORM instead of raw SQL"]
}

GitHub Action β€” automatic PR review

Add AI code review to any repository in 5 lines. The action posts a structured comment on every PR with score, issues, and fix suggestions.

# .github/workflows/ai-review.yml
name: AI Code Review
on:
  pull_request:
    types: [opened, synchronize]

permissions:
  contents: read
  pull-requests: write

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: notasandy/mcp-code-sanitizer@v1
        with:
          groq_api_key: ${{ secrets.GROQ_API_KEY }}

Add GROQ_API_KEY to your repository secrets β†’ Settings β†’ Secrets β†’ Actions.

The action automatically:

  • Reviews only changed files (up to 10 per PR)
  • Posts a score and structured issue list as a PR comment
  • Fails the check if critical issues are found

Architecture

mcp-code-sanitizer/
β”œβ”€β”€ server.py          # FastMCP entry point
β”œβ”€β”€ config.py          # Constants β€” keys, limits, extension map
β”œβ”€β”€ groq_client.py     # Async Groq client with auto-retry on 429
β”œβ”€β”€ cache.py           # In-memory LRU cache with TTL
β”œβ”€β”€ prompts.py         # System prompts for all tools
└── tools/
    β”œβ”€β”€ analyze.py     # analyze_code
    β”œβ”€β”€ compare.py     # compare_code
    β”œβ”€β”€ explain.py     # explain_code
    β”œβ”€β”€ tests.py       # generate_tests
    β”œβ”€β”€ file_tool.py   # analyze_file β€” chunking + parallel analysis
    β”œβ”€β”€ cache_tool.py  # cache_info
    └── report.py      # generate_report β€” HTML output