code-scalpel
Verified Safeby 3D-Tech-Solutions
Overview
Code Scalpel provides a robust, multi-language code analysis and transformation platform for AI agents, integrating deep static analysis, security scanning, refactoring, and project-wide insights to enable AI to understand and modify code effectively.
Installation
scalpel-server --host 127.0.0.1 --port 8080 --transport httpEnvironment Variables
- SCALPEL_ROOT
- CODE_SCALPEL_LICENSE_KEY_PATH
- CODE_SCALPEL_LICENSE_KEY
- CODE_SCALPEL_TIER
- CODE_SCALPEL_GOVERNANCE_CONFIG_DIR
- CODE_SCALPEL_AUDIT_SECRET
- SCALPEL_LOG_LEVEL
- PATH
- PYTHONPATH
- DOCKER_HOST
- MCP_SERVER_HTTP_ALLOW_LAN_HOST
Security Notes
The server implements extensive internal security controls, including a robust policy engine (OPA-based with Rego rules), cryptographic verification of policies, tamper resistance for critical configurations, strict input validation, and secure path resolution. It proactively analyzes security vulnerabilities *in* the code it processes rather than exposing direct code execution risks. However, processing arbitrary code strings and file paths, even for analysis, carries inherent risks such as potential resource exhaustion (DoS) or exploitation of parser vulnerabilities if not adequately sandboxed and monitored externally.
Similar Servers
code-index-mcp
Intelligent code indexing and analysis for Large Language Models, enabling tasks such as code review, refactoring, documentation generation, debugging assistance, and architectural analysis.
CodeGraphContext
This MCP Server acts as an expert AI pair programmer's backend, providing real-time, accurate code analysis, indexing, and relationship information from a local codebase to assist with understanding, writing, and refactoring code.
VibeShift
VibeShift is an intelligent security agent that integrates with AI coding assistants to analyze AI-generated code for vulnerabilities, suggest remediations, and facilitate web test recording, crawling, and execution.
CodeMCP
Provides deep code intelligence (symbol navigation, impact analysis, architecture maps, ownership, risk assessment) to AI assistants, CLI, and HTTP API.