Cocode
Verified Safeby hrayleung
Overview
Provides a high-performance MCP server for semantic codebase search, featuring real-time incremental indexing and intelligent ranking.
Installation
cocodeEnvironment Variables
- COCOINDEX_DATABASE_URL
- OPENAI_API_KEY
- JINA_API_KEY
- MISTRAL_API_KEY
- EMBEDDING_PROVIDER
- USE_LATE_CHUNKING
- COHERE_API_KEY
- EMBEDDING_MODEL
- JINA_MODEL
- MISTRAL_EMBED_MODEL
- EMBEDDING_DIMENSIONS
- RERANK_MODEL
- CHUNK_SIZE
- CHUNK_OVERLAP
- DEFAULT_TOP_K
- RERANK_CANDIDATES
- BM25_K1
- BM25_B
- VECTOR_WEIGHT
- BM25_WEIGHT
- IMPLEMENTATION_WEIGHT
- DOCUMENTATION_WEIGHT
- TEST_WEIGHT
- CONFIG_WEIGHT
- DIVERSITY_LAMBDA
- CENTRALITY_WEIGHT
- MAX_GRAPH_HOPS
- MAX_GRAPH_RESULTS
- ENABLE_SYMBOL_INDEXING
- SYMBOL_WEIGHT
- CHUNK_WEIGHT
Security Notes
The codebase demonstrates robust security practices. It explicitly uses environment variables for API keys and database credentials, preventing hardcoded secrets. Database interactions use parameterized queries with `psycopg.sql.SQL` to mitigate SQL injection risks. Path validation is implemented to prevent directory traversal attacks and ensure proper file access. External API calls (Jina, Mistral, OpenAI, Cohere) are rate-limited and have timeouts configured to prevent resource exhaustion. There are no obvious `eval` or `exec` calls, and it uses well-known, peer-reviewed libraries. Overall, the risk of common vulnerabilities appears low for a local MCP server.
Similar Servers
codegraph-rust
Transforms codebases into a semantically searchable knowledge graph, enabling AI agents to reason about code relationships, architecture, and impact rather than just performing text-based searches.
treesitter-mcp
Provides a Model Context Protocol (MCP) server and CLI for static code analysis using Tree-sitter.
codebase-RAG
A Retrieval-Augmented Generation (RAG) server designed to assist AI agents and developers in understanding and navigating codebases through semantic search.
viberag
Local codebase semantic search (RAG) for AI coding assistants via MCP server.