This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
This is an MCP (Model Context Protocol) server that provides AI-powered code auditing using local Ollama models. It's designed as a globally installable npm package with a comprehensive CLI interface.
# Build TypeScript project
npm run build
# Run in development mode with hot reload
npm run dev
# Run all quality checks (lint, format, type-check)
npm run quality-check
# Auto-fix linting and formatting issues
npm run quality-fix
# Run unit tests
npm run test-audit
# Test local package installation
npm run test-local
# Full test suite (clean, install, test)
npm run full-test# Test individual CLI commands during development
./bin/code-audit.js start --stdio
./bin/code-audit.js health
./bin/code-audit.js models --list# Clean build artifacts
npm run clean
# Pack for local testing
npm pack
# Test global installation locally
npm run pack-testThe server implements the Model Context Protocol with the following key components:
-
Server Core (
src/server/index.ts):- MCP-compliant server with StdioServerTransport
- Tool registration:
audit_code,health_check,list_models,update_config - Request handling with parallel audit support
- Configuration management and hot-reloading
-
Auditor System (
src/server/auditors/):BaseAuditor: Abstract class providing common audit workflow- Specialized auditors: Security, Completeness, Performance, Quality, Architecture, Testing, Documentation
- Each auditor uses different AI models optimized for their specific analysis type
- Pattern-based static analysis combined with AI insights
-
Ollama Integration (
src/server/ollama/):OllamaClient: HTTP client with retry logic and health monitoringModelManager: Model selection strategies (Performance, Quality, Balanced)prompts.ts: Context-aware prompt generation for each audit type
The CLI provides a comprehensive interface for server management:
-
CLI Entry (
bin/code-audit.js):- Executable entry point with proper shebang
- Routes to TypeScript CLI implementation
-
Command Structure (
src/cli/commands/):start.ts: Server lifecycle management (foreground/daemon)setup.ts: Interactive setup wizardmodels.ts: AI model managementconfig.ts: Configuration managementhealth.ts: System health checksupdate.ts: Auto-update functionality
-
Utilities (
src/cli/utils/):ollama.ts: Platform-specific Ollama detection and managementconfig.ts: Type-safe configuration with Conf package
- Factory Pattern:
AuditorFactorycreates appropriate auditor instances - Strategy Pattern: Model selection strategies for different optimization goals
- Abstract Factory:
BaseAuditorprovides template for all auditors - Singleton: Configuration management uses singleton pattern
- Observer: Health monitoring and metrics collection
All tools follow MCP protocol with proper schema validation:
- Request validation using Zod schemas
- Structured error responses with MCP error codes
- Streaming support for large code analysis
{
"mcpServers": {
"code-audit": {
"command": "/path/to/code-audit-mcp/bin/code-audit.js",
"args": ["start", "--stdio"],
"env": {}
}
}
}codellama:7b- Fast general-purpose analysisgranite-code:8b- Security-focused analysis
- Security:
granite-code:8b,deepseek-coder:33b - Performance:
deepseek-coder:6.7b,codellama:13b - Testing:
starcoder2:7b,starcoder2:15b - Documentation:
qwen2.5-coder:7b,llama3.1:8b
~/.code-audit/config.json- Global configuration.code-audit.json- Project-specific overrides
ollama.host: Ollama server URLaudit.rules.<type>: Enable/disable audit typesserver.transport: MCP transport (stdio/http)models.primary: Default model selection
- Ollama Connection: Graceful fallback with clear user messages
- Model Availability: Automatic fallback to available models
- Audit Failures: Partial results with error details
- CLI Errors: Actionable error messages with recovery steps
- Located in
tests/directory - Run with
npm run test-audit - Focus on auditor logic and utility functions
test-local.js: Comprehensive CLI testing- Tests all commands and error scenarios
- Validates package installation
Husky runs automatic checks on commit:
- ESLint for code quality
- Prettier for formatting
- TypeScript compilation check
The project includes comprehensive VS Code settings:
- Auto-formatting on save
- ESLint integration
- TypeScript IntelliSense
- Debug configurations for server and CLI
- Model Selection: Fast mode uses smaller models for quick feedback
- Parallel Audits: Configurable concurrency limits
- Caching: Request deduplication for repeated analyses
- Streaming: Large file support with chunking
- File Permissions: Config files use 0o600 permissions
- Input Validation: All user inputs validated
- No Hardcoded Secrets: Configuration-based credentials
- Process Isolation: Daemon mode with proper cleanup
The project uses a knowledge base system to track issues, implementations, and documentation:
kb/active/- Current issues, ongoing work, and planning documentskb/completed/- Finished implementations, resolved issues, and historical documentation
- Regular Audits: Check kb/active/ for completed work that should be moved
- Status Indicators: Look for "COMPLETE", "✅", "IMPLEMENTED" in documents
- Feature Verification: Always verify implementation in src/ before moving to completed
- New Issues: Create new documents in kb/active/ for unimplemented features
- Naming Convention: Use UPPERCASE_WITH_UNDERSCORES.md for issue tracking files
- Setup command enhancements (SETUP_COMMAND_REMAINING_FIXES.md)
- GitHub CI/CD implementation
- Various analysis documents for ongoing improvements