@astudioplus/codegraph-pro-mcp

v0.18.5

Published

14 days ago

CodeGraph Pro MCP server — semantic code graph + 41 proprietary tools incl. multi-engine security orchestrator and 21 security detectors (CWE-22/78/89/190/208/284/310/326-330/347/426/427/476/611/639/755/798/916/918/1239), SARIF 2.1.0 export, SBOM, taint t

0High
0Medium
0Low

anvanster-personal

mcp model-context-protocol code-intelligence code-graph security sast sarif sbom cwe bounty ai claude cursor copilot

CodeGraph Pro MCP Server

Proprietary extension to CodeGraph — adds 41 pro tools on top of the 34 community tools (75 total), including a multi-engine security orchestrator (codegraph_security_orchestrated_scan) that runs the rule-pattern engine + the calibrated native detector arsenal in parallel, dedups findings via canonicaliser, and applies the attacker-reachability gate uniformly across engines. 21 security detectors + 10 security-adjacent tools (SARIF 2.1.0 export, SBOM, taint tracing, IaC scan, vuln audit, CodeQL warmup, control-flow / data-flow tracing), plus 10 code-quality / similarity / git-intelligence tools. 38 languages.

Install

npm install -g @astudioplus/codegraph-pro-mcp

License

The pro binary requires a license key. First launch without a key starts a 30-day trial.

Purchase / manage license: https://codegraph.astudioplus.com/license
Individual: $19/mo, Team: $39/seat/mo, Enterprise: custom

Provide the key via environment variable:

export CODEGRAPH_LICENSE_KEY=cg-prod-...

Or via CLI flag (persists to ~/.codegraph/license.json):

codegraph-pro-mcp --license cg-prod-...

Usage

Claude Code

Add to ~/.claude.json:

{
  "mcpServers": {
    "codegraph-pro": {
      "command": "codegraph-pro-mcp",
      "args": ["--workspace", "/path/to/project"],
      "env": {
        "CODEGRAPH_LICENSE_KEY": "cg-prod-..."
      }
    }
  }
}

Cursor / Other MCP clients

Same config — the codegraph-pro-mcp command starts the server in MCP (stdio) mode.

Flags

| Flag | Default | Description | |------|---------|-------------| | --workspace <path> | current dir | Directories to index (repeatable) | | --exclude <dir> | — | Directories to skip (repeatable) | | --license <key> | from env | Persist the license key | | --embedding-model <model> | bge-small | bge-small or jina-code-v2 | | --max-files <n> | 5000 | Maximum files to index |

Pro Tools (41)

Security — Aggregators & Output (5)

codegraph_security_scan — aggregate scan across all categories (legacy single-engine)
codegraph_security_orchestrated_scan — multi-engine entrypoint: rule packs + native detector arsenal merged via canonicaliser, cross-engine agreement scoring, reachability gate
codegraph_security_scan_iac — Docker / K8s / Terraform misconfig
codegraph_security_export_sarif — SARIF 2.1.0 aggregation across all detector classes
codegraph_security_generate_sbom — CycloneDX SBOM from 8 lockfile formats

Security — Analysis & Audit (5)

codegraph_security_audit_deps — OSV vulnerability check
codegraph_security_check_licenses — copyleft detection
codegraph_security_codeql_warmup — pre-build CodeQL DB for the dataflow engine (5–15 min cold; cached in ~/.codegraph/codeql-dbs/)
codegraph_security_control_flow — CFG analysis (Rust/Python/TS/Go)
codegraph_security_trace_data_flow — variable taint tracing

Security — Detectors (21)

Heuristic analyzers (5):

codegraph_security_check_unchecked_returns (CWE-252)
codegraph_security_check_resource_leaks (CWE-401, 772)
codegraph_security_check_misconfig (CWE-16, 295, 614, 1004)
codegraph_security_check_input_validation (CWE-20, 129)
codegraph_security_check_error_exposure (CWE-209, 497)

Pattern detectors (4):

codegraph_security_check_secrets_entropy (CWE-798, Shannon-entropy)
codegraph_security_detect_injection (CWE-22/78/79/89/502/1336)
codegraph_security_check_search_path (CWE-426, 427) — macro/constexpr resolution, wrapper-library patterns (lt_dlopen, g_module_open, ENGINE_load_dynamic, Tss2_TctiLdr_Initialize)
codegraph_security_check_crypto (CWE-208/310/326-330/338/347/780/798/916/1239, 113 patterns, 8 languages, context-aware severity + FP filters)

Bounty round-5/6 — multi-tenant SaaS classes (5):

codegraph_security_check_ssrf (CWE-918) — DataSource/webhook URL → outbound HTTP without IsPrivateIP/safeurl safeguard. Cross-function source tracing, trust-boundary tiering (server-admin / org-admin / authenticated / untrusted), upstream input-validation suppression, admin-gating awareness. Canonical: Grafana CVE-2020-13379 / 2022-31107 / 2024-1442.
codegraph_security_check_idor (CWE-639/284) — handler with object-lookup but no authz call. Recognizes route-level authz middleware (routing.Wrap + authorizeInOrg/@PreAuthorize/etc.), suppresses session-derived ID lookups (c.SignedInUser.UserID etc.). Canonical: Grafana CVE-2022-21713 / 2023-4822.
codegraph_security_check_fail_open_verify (CWE-755 → CWE-347 / CWE-295) — Go verify-call-then-warn shape AND C/C++/Rust "fail-open on null precondition" (CVE-2026-46333 generalization): decision-class function returns success when a precondition is null/missing, skipping a downstream security check. Errno-vs-predicate convention awareness, inverted-condition guard, ≤2-statement strict mode.
codegraph_security_check_integer_overflow (CWE-190 → 120, C/C++)
codegraph_security_check_null_deref (CWE-476, C/C++, 34 nullable allocators)

Bounty round-7 — attestation / CC-target additions (7):

codegraph_security_check_default_crypto (CWE-1188) — relying on language-default crypto (Random without seed, crypto/rand.Reader vs math/rand, etc.)
codegraph_security_check_jwt_completeness — JWT verify call without algorithm allowlist / iss / aud / exp checks
codegraph_security_check_trust_anchor_source — trust anchor loaded from network / writable path / disabled verification
codegraph_security_check_encoding_mismatch — encoding boundary asymmetry (URL-decode vs raw bytes, percent-encode vs HTML)
codegraph_security_check_rest_handler_missing_auth — REST endpoint without authentication middleware
codegraph_security_check_path_join_absolute_rhs (CWE-22) — path.join with absolute RHS silently overrides the LHS prefix
codegraph_security_check_fd_path_asymmetry — same resource accessed via both fd-handle and path-string (race window)

Code Analysis (10)

codegraph_analyze_coupling — afferent/efferent coupling metrics
codegraph_find_unused_code — dead-code candidates via graph analysis
codegraph_find_duplicates / codegraph_find_similar / codegraph_cluster_symbols / codegraph_compare_symbols — similarity analysis via full-body embeddings
codegraph_cross_project_search — search across indexed projects
codegraph_mine_git_history / codegraph_mine_git_history_for_file / codegraph_search_git_history — hotspot analysis & semantic search over git log

Cross-cutting Features

Every codegraph_security_* tool supports:

Attacker-reachability gate — per-finding tri-state (reachable_from_request: true | false | null) with entry-point source attribution (pkg/api/foo.go:57 (gin handler)). BFS scoped to project root so multi-target sweeps don't produce phantom cross-project edges. Scan-level aggregates (reachability: { entry_points, reachable_from_request, unreachable_from_request, unknown }) for triage productivity tracking.
Suppression markers — 25 markers across bandit, flake8, pylint, mypy, NOLINT, codeql, semgrep, coverity, rubocop, eslint, plus SAFETY:/SAFE:/# pragma: allowlist
Path filter — test/sample/vendored/build-or-docs categorization (covers tests/, mocks/, __mocks__/, e2e/, cypress/, storybook/, devenv/, testing.go/testutil.go/conftest.py test helpers, 30+ JS/CSS lib prefixes); include_tests + treat_as_production args
Defensive-gating — findings inside #ifdef X where X isn't defined by CMake/Cargo/Makefile are marked status: "DEFENSIVE_GATED_OFF: X"
Per-finding line attribution — every finding points at the actual matching line, not the function header

SSRF / IDOR / fail-open additionally provide:

Cross-function source tracing — call-graph BFS (depth ≤ 6, project-scoped) so helper functions inherit explicit-source confidence from their callers
Trust-boundary tiering (SSRF) — sources classified as server-admin (demoted to LOW), org-admin (multi-tenant CVE lane, retained), authenticated, or untrusted
Admin-gating awareness — severity downgrades when call chain passes through c.IsGrafanaAdmin / ReqGrafanaAdmin / @Secured("ADMIN") / requireAdmin etc.
Upstream input-validation tracing — suppresses findings when a caller validates the input via regex/allowlist/prefix-bound followed by abort

Supported Languages (38)

Bash, C, C++, C#, Clojure, COBOL, CSS, Dart, Dockerfile, Elixir, Elm, Erlang, Fortran, Go, Groovy, Haskell, HCL/Terraform, Java, Julia, Kotlin, Lua, Objective-C, OCaml, Perl, PHP, Python, R, Ruby, Rust, Scala, Solidity, Swift, Tcl, TOML, TypeScript/JS, Verilog/SystemVerilog, YAML, Zig.

Documentation

Full tool reference (request/response examples, severity rules, FP guards): tool-calling-guide.md.

Feedback & Support

Issues: https://github.com/codegraph-ai/CodeGraph/issues
License support: mailto:[email protected]