Strict AI code reviewer MCP server powered by Groq — finds bugs, vulnerabilities and security issues
Project description
🔍 mcp-code-sanitizer
A strict AI-powered code reviewer that runs your code through Groq LLM directly from Claude Desktop, Cursor, or any MCP-compatible agent.
Claude Desktop ──MCP──► code-sanitizer ──REST──► Groq API
(server.py) (llama-3.3-70b)
✨ Features
| Tool | Description |
|---|---|
analyze_code |
Strict code review — bugs, vulnerabilities, score 0–100 |
compare_code |
Compares two versions, finds regressions, recommends merge/request_changes |
explain_code |
Step-by-step explanation for junior/middle/senior audience |
generate_tests |
Generates pytest/jest/go test with happy path, edge cases, security tests |
analyze_file |
Analyzes a whole file from disk with parallel chunking |
generate_report |
Builds a beautiful HTML report from any analysis result |
cache_info |
Cache statistics and clearing |
Example response
{
"summary": "Critical SQL injection and secret exposed in logs",
"score": 23,
"issues": [
{
"severity": "critical",
"line": 2,
"title": "SQL Injection",
"description": "f-string directly interpolates user_id into query",
"fix": "cursor.execute('SELECT * FROM users WHERE id = %s', (user_id,))"
}
],
"warnings": [{"title": "No exception handling", "description": "..."}],
"suggestions": ["Consider using an ORM instead of raw SQL"]
}
🚀 Quick Start
1. Clone the repository
git clone https://github.com/YOUR_USERNAME/mcp-code-sanitizer
cd mcp-code-sanitizer
2. Create virtual environment and install dependencies
python -m venv venv
# macOS / Linux
source venv/bin/activate
# Windows
venv\Scripts\activate
pip install -r requirements.txt
3. Add your Groq API key
Get a free key at console.groq.com/keys
cp .env.example .env
# Open .env and set GROQ_API_KEY=gsk_...
4. Test the server
python server.py
Silence means it's working — the server is listening for MCP requests via stdio.
🔌 Connect to Claude Desktop
Find your config file and add the mcpServers section:
| OS | Config path |
|---|---|
| macOS | ~/Library/Application Support/Claude/claude_desktop_config.json |
| Windows | %APPDATA%\Claude\claude_desktop_config.json |
| Linux | ~/.config/Claude/claude_desktop_config.json |
{
"mcpServers": {
"code-sanitizer": {
"command": "/full/path/to/venv/bin/python",
"args": ["/full/path/to/server.py"],
"env": {
"GROQ_API_KEY": "gsk_your_key_here"
}
}
}
}
Restart Claude Desktop — you'll see the 🔧 icon in chat.
🔌 Connect to Cursor
Create .cursor/mcp.json in your project root:
{
"mcpServers": {
"code-sanitizer": {
"command": "/full/path/to/venv/bin/python",
"args": ["/full/path/to/server.py"],
"env": {"GROQ_API_KEY": "gsk_your_key_here"}
}
}
}
🧪 Testing via MCP Inspector
source venv/bin/activate # or venv\Scripts\activate on Windows
fastmcp dev inspector server.py
A browser UI opens with full tool testing interface.
💬 Usage in chat
After connecting to Claude Desktop, just write:
Review this code for vulnerabilities:
def get_user(user_id):
query = f"SELECT * FROM users WHERE id = {user_id}"
return db.execute(query)
Or explicitly call a tool:
Use analyze_file on /path/to/my_script.py
Generate tests for this function: ...
Compare these two versions and tell me if it got better: ...
🏗️ Architecture
mcp-code-sanitizer/
├── server.py # FastMCP entry point (39 lines)
├── config.py # Constants — keys, limits, mappings
├── groq_client.py # Groq API client with auto-retry on rate limits
├── cache.py # In-memory cache with TTL
├── prompts.py # System prompts for all tools
└── tools/
├── analyze.py # analyze_code
├── compare.py # compare_code
├── explain.py # explain_code
├── tests.py # generate_tests
├── file_tool.py # analyze_file (chunking + parallel analysis)
├── cache_tool.py # cache_info
└── report.py # generate_report (HTML)
⚙️ Configuration
All settings via environment variables or .env:
| Variable | Default | Description |
|---|---|---|
GROQ_API_KEY |
— | Required. Get at console.groq.com |
GROQ_MODEL |
llama-3.3-70b-versatile |
Groq model |
CACHE_TTL |
3600 |
Cache TTL in seconds |
CACHE_MAX |
200 |
Max cache entries |
Available Groq models
| Model | Speed | Quality |
|---|---|---|
llama-3.3-70b-versatile |
⚡⚡ | ⭐⭐⭐⭐⭐ (default) |
llama-3.1-8b-instant |
⚡⚡⚡ | ⭐⭐⭐ |
mixtral-8x7b-32768 |
⚡⚡ | ⭐⭐⭐⭐ |
📦 Requirements
fastmcp>=2.3.0
httpx>=0.27.0
python-dotenv>=1.0.0
🤝 Contributing
PRs and Issues are welcome! Especially interested in:
- Support for other LLM providers (OpenAI, Anthropic)
- New tools (security audit, dependency check, complexity analysis)
- Prompt improvements
📄 License
MIT — do whatever you want. A GitHub star would be appreciated ⭐
🔗 Links
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mcp_code_sanitizer-0.1.0.tar.gz.
File metadata
- Download URL: mcp_code_sanitizer-0.1.0.tar.gz
- Upload date:
- Size: 19.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8e692be79092e210f776cba7350f36a5fee47d86349d12a771b7bd758067853a
|
|
| MD5 |
5e916d6fd60de71903710d8ae6092456
|
|
| BLAKE2b-256 |
48eb185446e392401af61175f738859dc40ca7e596b162cff48a01e9ba4bdd8a
|
File details
Details for the file mcp_code_sanitizer-0.1.0-py3-none-any.whl.
File metadata
- Download URL: mcp_code_sanitizer-0.1.0-py3-none-any.whl
- Upload date:
- Size: 31.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
94a16e844e283626f540e967974c46b95e77291cffce0a7a681bbd471876bc50
|
|
| MD5 |
b9a5dc02f27928e047883289b1307c42
|
|
| BLAKE2b-256 |
a2722dc5183968b83604426068a5df59b2c0fa3642d084bbd843e79457b4044f
|
