Python Code Review MCP Agent 🐍🔍
A comprehensive Model Context Protocol (MCP) server designed specifically for backend developers working with Python. This agent provides detailed code quality and security analysis with consistent, actionable reporting.
🎯 Key Features
🔒 Security-First Analysis
- SQL Injection Detection - String formatting, concatenation, f-strings
- Command Injection Prevention - os.system(), subprocess with shell=True
- Code Injection Scanning - eval(), exec() usage detection
- Secrets Detection - Hardcoded passwords, API keys, tokens
- Crypto Security - Weak random number generation, SSL issues
📊 Code Quality Assessment
- PEP 8 Compliance - Naming conventions, style guidelines
- Exception Handling - Bare except, broad exceptions
- Performance Patterns - Inefficient loops, list operations
- Import Management - Wildcard imports, multiple imports
- Code Complexity - Function length, maintainability
📋 Detailed Reporting
- Executive Summaries - Risk assessment, deployment readiness
- Quality Scorecards - 0-100 scoring for quality and security
- Severity Levels - Critical, High, Medium, Low prioritization
- Actionable Suggestions - Specific fix recommendations
- Comparison Reports - Before/after improvement tracking
🛠️ Available MCP Tools
1. review_python_code
Comprehensive analysis with detailed, summary, or security-focused reports.
{
"code": "your_python_code_here",
"filename": "optional_filename.py",
"reportType": "detailed" // "detailed", "summary", or "security"
}
2. security_audit
Focused security vulnerability scanning with threat analysis.
{
"code": "your_python_code_here",
"filename": "optional_filename.py"
}
3. analyze_code_quality
Deep code quality analysis with configurable focus areas.
{
"code": "your_python_code_here",
"filename": "optional_filename.py",
"includeStyle": true,
"includeMaintainability": true
}
4. compare_code_versions
Compare original vs. revised code to track improvements.
{
"originalCode": "original_version_here",
"revisedCode": "improved_version_here",
"filename": "optional_filename.py"
}
5. get_improvement_suggestions
Get targeted suggestions for specific areas of concern.
{
"code": "your_python_code_here",
"filename": "optional_filename.py",
"focusArea": "security" // "security", "quality", "performance", "style", "all"
}
🚀 Quick Start
Installation
npm install
npm run build
Running Tests
npm test
Starting the MCP Server
npm start
Running Demo
node dist/demo.js
⚙️ MCP Client Configuration
Add to your MCP client configuration:
{
"mcpServers": {
"python-code-review": {
"command": "node",
"args": ["/path/to/python_code_review_mcp/dist/index.js"]
}
}
}
📖 Usage Examples
Security Analysis
"Audit this Python Flask endpoint for security vulnerabilities"
@app.route('/user/<user_id>')
def get_user(user_id):
query = f"SELECT * FROM users WHERE id = {user_id}"
cursor.execute(query)
return cursor.fetchone()
Result: Detects SQL injection vulnerability, provides secure parameterized query solution.
Code Quality Review
"Review this data processing function for quality issues"
def process_data(items):
result = []
for i in range(len(items)):
result += [items[i].upper()]
return result
Result: Identifies performance issues, suggests enumerate() and list comprehensions.
Improvement Tracking
"Compare my original code with the improved version"
Result: Shows quality score improvements, security enhancements, and resolved issues.
🎯 Perfect for Backend Developers
🏗️ Framework Support
- Django - Models, views, security best practices
- Flask - Route handlers, authentication, security
- FastAPI - Async patterns, data validation
- SQLAlchemy - Query security, ORM patterns
🔧 Development Workflow
- Pre-commit Analysis - Catch issues before they reach production
- Code Review Assistant - Comprehensive analysis for pull requests
- Security Auditing - Regular vulnerability assessments
- Refactoring Guide - Systematic improvement tracking
📊 Quality Metrics
- Security Score (0-100) - Vulnerability risk assessment
- Quality Score (0-100) - Code quality measurement
- Issue Density - Problems per 100 lines of code
- Risk Level - Overall deployment readiness
🧪 Comprehensive Testing
- 40/40 Tests Passing - 100% test coverage
- Security Detection - All major vulnerability types
- Quality Analysis - PEP 8, best practices, performance
- Report Generation - Multiple formats and detail levels
- Edge Cases - Empty code, comments, mixed indentation
- Real-World Examples - Flask apps, Django models, data processing
🔍 Detection Capabilities
🚨 Critical Security Issues
- SQL injection vulnerabilities
- Command injection risks
- Code injection through eval/exec
- Hardcoded secrets and credentials
⚠️ High Priority Issues
- SSL verification disabled
- Subprocess with shell=True
- Broad exception handling
📋 Quality Improvements
- PEP 8 naming conventions
- Performance anti-patterns
- Import organization
- Documentation completeness
📈 Scoring System
Security Score Calculation
- 100: No security vulnerabilities detected
- 70-99: Minor security concerns
- 30-69: Moderate security risks
- 0-29: Critical security vulnerabilities
Quality Score Calculation
- 90-100: Excellent code quality
- 80-89: Good code quality
- 70-79: Fair code quality
- 60-69: Poor code quality
- 0-59: Critical quality issues
🎉 Production Ready
- ✅ Zero Dependencies - No external APIs required
- ✅ Fast Analysis - Local pattern matching
- ✅ Consistent Reports - Standardized output format
- ✅ TypeScript - Full type safety and IntelliSense
- ✅ Error Handling - Graceful failure and recovery
- ✅ MCP Standards - Compatible with all MCP clients
Transform your Python code review process with intelligent, automated analysis focused on the specific needs of backend developers! 🐍✨