explainx.aijoin newsletter3.01k
auth-securitydeveloper-tools

Code Audit (Ollama)

by moikas-code

Scan your website for viruses and vulnerabilities with Code Audit (Ollama). Get a comprehensive site scanner virus check

Provides local code auditing using Ollama models to analyze security vulnerabilities, performance bottlenecks, quality issues, architectural problems, testing gaps, and documentation deficiencies across multiple programming languages with configurable analysis depth and severity classification.

github stars

1

GitHubnpm
Runs entirely locally with OllamaMulti-model AI support with automatic fallbackFramework-specific analysis rules

best for

  • / Developers performing security code reviews
  • / Teams maintaining legacy codebases
  • / Code quality audits before production deployment
  • / Automated CI/CD pipeline integration

capabilities

  • / Analyze code for OWASP Top 10 security vulnerabilities
  • / Detect performance bottlenecks and optimization opportunities
  • / Identify code quality issues and maintainability problems
  • / Check for architectural design pattern violations
  • / Find testing gaps and coverage issues
  • / Generate auto-fix suggestions with confidence scores

what it does

Performs comprehensive code audits using local Ollama AI models to identify security vulnerabilities, performance issues, code quality problems, and architectural flaws across multiple programming languages.

about

Code Audit (Ollama) is a community-built MCP server published by moikas-code that provides AI assistants with tools and capabilities via the Model Context Protocol. Scan your website for viruses and vulnerabilities with Code Audit (Ollama). Get a comprehensive site scanner virus check It is categorized under auth security, developer tools.

how to install

You can install Code Audit (Ollama) in your AI client of choice. Use the install panel on this page to get one-click setup for Cursor, Claude Desktop, VS Code, and other MCP-compatible clients. This server runs locally on your machine via the stdio transport.

license

MIT

Code Audit (Ollama) is released under the MIT license. This is a permissive open-source license, meaning you can freely use, modify, and distribute the software.

readme

MCP Code Audit Server

AI-powered code auditing using local Ollama models with Model Context Protocol (MCP) integration

A comprehensive TypeScript MCP server that performs intelligent code audits for security, completeness, performance, quality, architecture, testing, and documentation using local AI models via Ollama.

🚀 Features

Multi-Dimensional Code Analysis

  • Security: OWASP Top 10 vulnerabilities, authentication flaws, injection attacks
  • Completeness: TODOs, empty functions, missing error handling, unfinished implementations
  • Performance: Algorithmic complexity, memory leaks, optimization opportunities
  • Quality: Code smells, SOLID principles, maintainability issues
  • Architecture: Design patterns, separation of concerns, dependency management
  • Testing: Testability issues, missing coverage, race conditions
  • Documentation: API docs, code comments, compliance standards

Intelligent Model Selection

  • Multi-model support: CodeLlama, DeepSeek-Coder, StarCoder2, Granite-Code, Qwen2.5-Coder
  • Specialization-based routing: Different models for different audit types
  • Fallback strategies: Automatic model fallback on failures
  • Performance optimization: Fast vs. thorough modes

Advanced Features

  • Context-aware analysis: Framework-specific checks (React, Express, Django, etc.)
  • Priority-based auditing: Fast mode (security + completeness) for rapid feedback
  • Language support: 10+ programming languages with language-specific rules
  • Configurable severity: Customizable issue severity thresholds
  • Auto-fix suggestions: Confidence-scored fix recommendations
  • Complexity analysis: Cyclomatic, cognitive, and maintainability metrics

📋 Requirements

  • Node.js: 18.0.0 or higher
  • Ollama: Latest version (Download)
  • RAM: 8GB+ recommended (for larger models)
  • Storage: 10GB+ for essential models, 50GB+ for comprehensive setup

🛠️ Installation

Global Installation (Recommended)

# Install globally from npm
npm install -g @moikas/code-audit-mcp

# Run interactive setup (includes MCP configuration)
code-audit setup

# Or setup with automatic MCP configuration
code-audit setup --auto

# Start the MCP server
code-audit start

Development Installation

# Clone the repository
git clone <repository-url>
cd code-audit-mcp

# Install dependencies
npm install

# Build the package
npm run build

# Test locally
npm run test-local

🚀 Development Setup

Prerequisites

  • Node.js: v18.0.0 or higher
  • npm: v8.0.0 or higher
  • Git: For version control and pre-commit hooks
  • VS Code: Recommended IDE (see .vscode/extensions.json for extensions)

Initial Setup

# Clone and enter directory
git clone https://github.com/warrengates/code-audit-mcp.git
cd code-audit-mcp

# Install dependencies (includes husky setup)
npm install

# Build the project
npm run build

# Run quality checks
npm run quality-check

# Test the setup
npm run test-local

Pre-commit Hooks

This project uses Husky and lint-staged for automatic code quality checks:

  • ESLint: Checks code for errors and style issues
  • Prettier: Formats code consistently
  • TypeScript: Type checks all TypeScript files

Pre-commit hooks run automatically on git commit. To manually run quality checks:

# Run all quality checks
npm run quality-check

# Fix auto-fixable issues
npm run quality-fix

# Individual checks
npm run lint          # ESLint check
npm run format:check  # Prettier check
npm run type-check    # TypeScript check

The setup script will:

  1. ✅ Check prerequisites (Node.js, npm, tsx)
  2. 🩺 Verify Ollama installation and health
  3. 📦 Install recommended AI models
  4. 🧪 Test MCP server functionality
  5. 📝 Generate example configuration

Manual Setup

If you prefer manual installation:

# Install dependencies
npm install

# Install essential models
ollama pull codellama:7b
ollama pull granite-code:8b

# Build the project
npm run build

# Test the server
npm run dev

🎯 Usage

CLI Commands

# Interactive setup wizard
code-audit setup

# Start MCP server (foreground)
code-audit start

# Start as background daemon
code-audit start --daemon

# Stop running server
code-audit stop

# Check system health
code-audit health

# Manage AI models
code-audit models --list
code-audit models --pull codellama:7b

# Configuration management
code-audit config --show
code-audit config --set ollama.host=http://remote:11434

# MCP server management
code-audit mcp status
code-audit mcp configure
code-audit mcp remove

# Check for updates
code-audit update

Development Mode

# Development mode with hot reload
npm run dev

# Build TypeScript
npm run build

# Test package locally
npm run test-local

MCP Integration

Automatic Configuration (Recommended)

The setup wizard now automatically configures code-audit as an MCP server:

# Configure during setup
code-audit setup

# Or configure after installation
code-audit mcp configure

This will automatically add code-audit to:

  • Claude Desktop: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Claude Code (Global): ~/.config/claude/mcp-settings.json
  • Claude Code (Project): .claude/mcp-settings.json

Manual Configuration

If you prefer manual configuration, add to your MCP configuration:

{
  "mcpServers": {
    "code-audit": {
      "command": "code-audit",
      "args": ["start", "--stdio"],
      "env": {}
    }
  }
}

For more details, see:

Available Tools

audit_code - Main audit tool

{
  "name": "audit_code",
  "arguments": {
    "code": "function processPayment(amount) {
  const query = `SELECT * FROM users WHERE id = ${userId}`;
  // TODO: implement payment logic
}",
    "language": "javascript",
    "auditType": "all",
    "priority": "thorough",
    "context": {
      "framework": "express",
      "environment": "production",
      "performanceCritical": true,
      "projectType": "api"
    }
  }
}

Parameters:

  • code (required): Code to audit
  • language (required): Programming language
  • auditType: security | completeness | performance | quality | architecture | testing | documentation | all
  • priority: fast (security + completeness only) | thorough (all audit types)
  • context: Additional context for framework-specific analysis
  • maxIssues: Limit number of issues returned (default: 50)

health_check - Server health status

{
  "name": "health_check",
  "arguments": {}
}

list_models - Available AI models

{
  "name": "list_models",
  "arguments": {}
}

🔧 Configuration

Server Configuration

Create a configuration file or use environment variables:

const config = {
  name: 'code-audit-mcp',
  version: '1.0.0',
  ollama: {
    host: 'http://localhost:11434',
    timeout: 30000,
    retryAttempts: 3,
    retryDelay: 1000,
  },
  auditors: {
    security: {
      enabled: true,
      severity: ['critical', 'high', 'medium'],
      rules: {
        sql_injection: true,
        xss_vulnerability: true,
        hardcoded_secret: true,
      },
    },
    performance: {
      enabled: true,
      severity: ['high', 'medium', 'low'],
      thresholds: {
        cyclomaticComplexity: 10,
        nestingDepth: 4,
      },
    },
  },
  logging: {
    level: 'info',
    enableMetrics: true,
    enableTracing: false,
  },
};

Auditor Configuration

Each auditor can be individually configured:

{
  enabled: boolean;              // Enable/disable auditor
  severity: Severity[];          // Severity levels to include
  rules: Record<string, boolean>; // Specific rules to enable/disable
  thresholds: Record<string, number>; // Numeric thresholds
}

Model Selection

Configure model preferences for different scenarios:

// Performance-critical code
const performanceConfig = {
  strategy: 'PerformanceModelSelectionStrategy', // Always prefer fast models
  fallbackModels: ['codellama:7b', 'granite-code:8b'],
};

// Quality-focused analysis
const qualityConfig = {
  strategy: 'QualityModelSelectionStrategy', // Always prefer accurate models
  fallbackModels: ['deepseek-coder:33b', 'codellama:13b'],
};

🤖 Supported Models

Essential Models (Recommended)

  • CodeLlama 7B: Fast, general-purpose code analysis
  • Granite Code 8B: Excellent for security analysis

Comprehensive Setup

  • CodeLlama 13B: Better accuracy for complex analysis
  • DeepSeek-Coder 6.7B: Superior performance analysis
  • StarCoder2 7B: Specialized for testing analysis
  • Qwen2.5-Coder 7B: Good for documentation analysis

Full Setup (Advanced)

  • DeepSeek-Coder 33B: Highest accuracy (requires 16GB+ RAM)
  • StarCoder2 15B: Advanced testing and architecture analysis
  • Llama 3.1 8B: Excellent for documentation

Model Installation

# Essential models (~7GB)
ollama pull codellama:7b
ollama pull granite-code:8b

# Comprehensive setup (~30GB)
ollama pull codellama:13b
ollama pull deepseek-coder:6.7b
ollama pull starcoder2:7b
ollama pull qwen2.5-coder:7b

# Full setup (~80GB)
ollama pull deepseek-coder:33b
ollama pull starcoder2:15b
ollama pull llama3.1:8b

🌐 Language Support

Fully Supported

  • JavaScript/TypeScript: React, Node.js, Express-specific checks
  • Python: Django, Flask, FastAPI-specific analysis
  • Java: Spring Boot, security-focused analysis
  • Go: Goroutine safety, performance patterns
  • Rust: Memory safety, performance optimization

Well Supported

  • C#: .NET patterns, security analysis
  • PHP: Laravel, WordPress security checks
  • Ruby: Rails-specific patt