ast-mcp-server
Verified Safeby angrysky56
Overview
Provides an MCP (Model Context Protocol) server for code structure and semantic analysis using ASTs and ASGs, integrated with external AI clients like Claude Desktop.
Installation
uv run ast-mcp-serverEnvironment Variables
- NEO4J_URI
- NEO4J_USER
- NEO4J_PASSWORD
- NEO4J_DB
- OPENROUTER_API_KEY
- OPENROUTER_CHAT_MODEL
- OPENROUTER_EMBED_MODEL
- AST_CACHE_SIZE
Security Notes
The project uses `subprocess.run` to execute the `ast-grep` CLI tool for code transformation. This is handled by passing arguments as a list (not `shell=True`), which mitigates direct shell injection risks. However, executing external binaries with user-provided patterns/replacements inherently carries a risk, which depends on the trustworthiness of the `ast-grep` tool itself and the sanitization of user input by the client. Neo4j and OpenRouter API keys are correctly managed via environment variables. Multiple development-related scripts utilize `sys.path.insert(0, os.getcwd())`, a practice that can introduce path-based vulnerabilities if the current working directory is untrusted, though in a local development context, this is less critical.
Similar Servers
Delphi-MCP-Server
Implements the Model Context Protocol (MCP) in Delphi to enable AI-powered development workflows and integrate with clients like Claude Code.
consult-llm-mcp
An MCP server that allows AI agents like Claude Code to consult stronger, more capable AI models (e.g., GPT-5.2, Gemini 3.0 Pro) for complex code analysis, debugging, and architectural advice.
treesitter-mcp
Provides a Model Context Protocol (MCP) server and CLI for static code analysis using Tree-sitter.
claude-faf-mcp
Optimizes AI understanding of software projects by providing persistent context, fixing context-drift, and enabling bi-directional synchronization between project metadata and AI documentation.