io.github.notasandy/mcp-code-sanitizer
Strict AI code reviewer powered by Groq. Finds bugs and vulnerabilities.
Ask AI about io.github.notasandy/mcp-code-sanitizer
Powered by Claude Β· Grounded in docs
I know everything about io.github.notasandy/mcp-code-sanitizer. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Reviews
Documentation
π mcp-code-sanitizer
A strict AI-powered code reviewer that runs your code through Groq LLM directly from Claude Desktop, Cursor, or any MCP-compatible agent.
Claude Desktop ββMCPβββΊ code-sanitizer ββRESTβββΊ Groq API
(server.py) (llama-3.3-70b)
β¨ Features
| Tool | Description |
|---|---|
analyze_code | Strict code review β bugs, vulnerabilities, score 0β100 |
compare_code | Compares two versions, finds regressions, recommends merge/request_changes |
explain_code | Step-by-step explanation for junior/middle/senior audience |
generate_tests | Generates pytest/jest/go test with happy path, edge cases, security tests |
analyze_file | Analyzes a whole file from disk with parallel chunking |
generate_report | Builds a beautiful HTML report from any analysis result |
cache_info | Cache statistics and clearing |
Example response
{
"summary": "Critical SQL injection and secret exposed in logs",
"score": 23,
"issues": [
{
"severity": "critical",
"line": 2,
"title": "SQL Injection",
"description": "f-string directly interpolates user_id into query",
"fix": "cursor.execute('SELECT * FROM users WHERE id = %s', (user_id,))"
}
],
"warnings": [{"title": "No exception handling", "description": "..."}],
"suggestions": ["Consider using an ORM instead of raw SQL"]
}
π Quick Start
1. Clone the repository
git clone https://github.com/YOUR_USERNAME/mcp-code-sanitizer
cd mcp-code-sanitizer
2. Create virtual environment and install dependencies
python -m venv venv
# macOS / Linux
source venv/bin/activate
# Windows
venv\Scripts\activate
pip install -r requirements.txt
3. Add your Groq API key
Get a free key at console.groq.com/keys
cp .env.example .env
# Open .env and set GROQ_API_KEY=gsk_...
4. Test the server
python server.py
Silence means it's working β the server is listening for MCP requests via stdio.
π Connect to Claude Desktop
Find your config file and add the mcpServers section:
| OS | Config path |
|---|---|
| macOS | ~/Library/Application Support/Claude/claude_desktop_config.json |
| Windows | %APPDATA%\Claude\claude_desktop_config.json |
| Linux | ~/.config/Claude/claude_desktop_config.json |
{
"mcpServers": {
"code-sanitizer": {
"command": "/full/path/to/venv/bin/python",
"args": ["/full/path/to/server.py"],
"env": {
"GROQ_API_KEY": "gsk_your_key_here"
}
}
}
}
Restart Claude Desktop β you'll see the π§ icon in chat.
π Connect to Cursor
Create .cursor/mcp.json in your project root:
{
"mcpServers": {
"code-sanitizer": {
"command": "/full/path/to/venv/bin/python",
"args": ["/full/path/to/server.py"],
"env": {"GROQ_API_KEY": "gsk_your_key_here"}
}
}
}
π§ͺ Testing via MCP Inspector
source venv/bin/activate # or venv\Scripts\activate on Windows
fastmcp dev inspector server.py
A browser UI opens with full tool testing interface.
π¬ Usage in chat
After connecting to Claude Desktop, just write:
Review this code for vulnerabilities:
def get_user(user_id):
query = f"SELECT * FROM users WHERE id = {user_id}"
return db.execute(query)
Or explicitly call a tool:
Use analyze_file on /path/to/my_script.py
Generate tests for this function: ...
Compare these two versions and tell me if it got better: ...
ποΈ Architecture
mcp-code-sanitizer/
βββ server.py # FastMCP entry point (39 lines)
βββ config.py # Constants β keys, limits, mappings
βββ groq_client.py # Groq API client with auto-retry on rate limits
βββ cache.py # In-memory cache with TTL
βββ prompts.py # System prompts for all tools
βββ tools/
βββ analyze.py # analyze_code
βββ compare.py # compare_code
βββ explain.py # explain_code
βββ tests.py # generate_tests
βββ file_tool.py # analyze_file (chunking + parallel analysis)
βββ cache_tool.py # cache_info
βββ report.py # generate_report (HTML)
βοΈ Configuration
All settings via environment variables or .env:
| Variable | Default | Description |
|---|---|---|
GROQ_API_KEY | β | Required. Get at console.groq.com |
GROQ_MODEL | llama-3.3-70b-versatile | Groq model |
CACHE_TTL | 3600 | Cache TTL in seconds |
CACHE_MAX | 200 | Max cache entries |
Available Groq models
| Model | Speed | Quality |
|---|---|---|
llama-3.3-70b-versatile | β‘β‘ | βββββ (default) |
llama-3.1-8b-instant | β‘β‘β‘ | βββ |
mixtral-8x7b-32768 | β‘β‘ | ββββ |
π¦ Requirements
fastmcp>=2.3.0
httpx>=0.27.0
python-dotenv>=1.0.0
π€ Contributing
PRs and Issues are welcome! Especially interested in:
- Support for other LLM providers (OpenAI, Anthropic)
- New tools (security audit, dependency check, complexity analysis)
- Prompt improvements
π License
MIT β do whatever you want. A GitHub star would be appreciated β