CodeCompass
Verified Safeby MihirKosambia
Overview
CodeCompass transforms GitHub repositories into interactive, searchable knowledge bases, allowing users to explore code/documentation and chat with an AI that provides answers based on the repository content.
Installation
python backend/app.pyEnvironment Variables
- GITHUB_TOKEN
- LOG_LEVEL
- HOST
- PORT
- FLASK_DEBUG
- GROQ_API_KEY
Security Notes
The backend Flask application uses `CORS(app, resources={r"/api/*": {"origins": "*"}})` which allows requests from any origin. This is a significant security risk if the server is exposed publicly, as it enables Cross-Origin Resource Sharing for all domains. Additionally, the application relies on a `GITHUB_TOKEN` loaded from environment variables. While this is a good practice for handling secrets, the token's permissions will dictate the scope of access to GitHub repositories. If a highly privileged token is used, and the server is compromised or publicly exposed, this could lead to unauthorized access to sensitive GitHub data. There are no explicit uses of `eval` or obvious obfuscation.
Similar Servers
github-mcp-server
Connects AI tools (agents, assistants, chatbots) directly to GitHub's platform, enabling natural language interactions for repository management, issue/PR automation, code analysis, and workflow automation.
octocode-mcp
Enables AI assistants to conduct deep, secure, and token-efficient code research across GitHub repositories by providing structured access and analysis tools.
chunkhound
Transforms codebases into searchable knowledge bases for AI assistants using semantic search and regex search, with deep research capabilities for code and files.
Context-Engine
A Retrieval-Augmented Generation (RAG) stack for codebases, enabling context-aware AI agents for developers and IDEs through unified code indexing, hybrid search, and local LLM integration.