ai-code-review-mcp
Verified Safeby physics91
Overview
This project provides a Model Context Protocol (MCP) server for AI-powered code analysis, leveraging both Codex and Gemini CLIs to perform and aggregate code reviews.
Installation
npx ai-code-agent-mcpEnvironment Variables
- CODEX_CLI_PATH
- GEMINI_CLI_PATH
- CODEX_MODEL
- GEMINI_MODEL
- CODE_REVIEW_MCP_LOG_LEVEL
- CODEX_ENABLED
- GEMINI_ENABLED
- ANALYSIS_MAX_CODE_LENGTH
- ANALYSIS_INCLUDE_CONTEXT
- CONTEXT_AUTO_DETECT
- CONTEXT_ACTIVE_PRESET
- WARNINGS_ENABLED
- WARNINGS_SHOW_TIPS
- LOG_LEVEL
- LOG_PRETTY
- ENABLE_CACHE
Security Notes
The project demonstrates a very strong security posture. It employs extensive input validation using Zod schemas, critical CLI path whitelisting for both Codex and Gemini services, utilizes 'execa' with 'shell: false' to prevent shell injection, and implements comprehensive sensitive data redaction (code, API keys, secrets) from logs and error messages. Codex CLI execution is further hardened with '--sandbox read-only' and dangerous argument filtering. Control characters are stripped from inputs for display safety. A test for prototype pollution is present, indicating awareness. Overall, a highly security-conscious design.
Similar Servers
codex-mcp-rs
This server acts as an MCP (Model Context Protocol) wrapper for the Codex CLI, enabling AI-assisted coding tasks through compatible clients like Claude Code.
claude-power-pack
Provides distributed locking and session coordination for Claude Code sessions via Redis, preventing conflicts during concurrent development activities.
Ops-Tools
A Rust-based command-line interface (CLI) toolset designed for DevOps workflows, offering features like infrastructure-as-code cache cleanup, AI code assistant management, system package installation, security scanning, LLM prompt generation, container image building, and Kubernetes configuration management.
photon
A multi-tenant platform for hosting and executing AI/ML "Photons" (modular tools/services) with robust authentication, session management, and OAuth capabilities, supporting various data stores.