PairOfCleats
by doublemover
Overview
Codebase analysis and intelligence server, providing indexing, search, risk analysis, and vulnerability triage capabilities.
Installation
node bin/pairofcleats.js mcp-serverEnvironment Variables
- PAIROFCLEATS_API_TOKEN
- PAIROFCLEATS_UV_THREADPOOL_SIZE
Security Notes
The server has network-exposed APIs (HTTP/MCP) and extensively uses child_process.spawn to interact with external tools and system commands. While there are explicit configuration options for CORS, authentication tokens (PAIROFCLEATS_API_TOKEN), and repository access restrictions, critical security vulnerabilities have been identified in the roadmap, specifically 'risk rules regex compilation is currently mis-wired' and 'risk analysis can crash indexing on long lines'. Although these are actively being addressed (Phase 23 P0 items), the presence of such P0 issues is a concern. The use of ReDoS-safe regex engines (re2/re2js) is a strong positive. Direct execution of user-supplied commands should be carefully audited.
Similar Servers
chunkhound
Provides local-first codebase intelligence, extracting architecture, patterns, and institutional knowledge for AI assistants.
codegraph-rust
Transforms codebases into a semantically searchable knowledge graph, enabling AI agents to reason about code relationships, architecture, and impact rather than just performing text-based searches.
codeweaver
A code intelligence platform that provides semantically rich, context-aware code search for AI agents, aimed at reducing cognitive load and token costs for coding tasks.
bluera-knowledge
Provides a semantic knowledge base and intelligent web crawling capabilities to power coding agents, enabling them to search internal project files, Git repositories, and crawled web documentation.