logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

codacy-mcp-server-gateway

Facilitates interaction with the Codacy backend service, providing comprehensive programmatic access to code quality metrics, security vulnerability reports, repository metadata, and deep static analysis results. This component integrates deeply into development environments to automate code governance and quality enforcement checks.

Author

codacy-mcp-server-gateway logo

codacy

Other

Quick Info

GitHub GitHub Stars 50
NPM Weekly Downloads 0
Tools 1
Last Updated 2026-02-19

Actions

GitHub View on GitHub

Tags

codacyrepositorytoolscodacy apitools codacycodacy mcp

Codacy Central Analysis Server Interface

Codacy Grade Status

This intermediary server component connects to the primary Codacy API, unlocking the ability to query repository structures, source file contents, quality assessment scores, test coverage percentages, security threat intelligence, and more.

Functional Capabilities Overview

Initialization Procedures

Functional Capabilities Overview

The following granular operational tools are exposed via the Codacy MCP Server:

Setup and Repository Registration Tools

  • codacy_setup_repository: Programmatically enroll or subscribe a target repository within the Codacy ecosystem if it lacks registration. This action ensures the repository is indexed for subsequent metric gathering and oversight.

Organizational and Project Indexing Tools

  • codacy_list_organizations: Retrieve a catalog of accessible organizational units, fully supporting iterative data fetching via pagination.
  • codacy_list_organization_repositories: Fetch the collection of repositories associated with a specified organization, also incorporating pagination for large sets.
  • codacy_get_repository_with_analysis: Obtain the aggregated analysis summary for a specific project, encompassing key performance indicators like Overall Grade, Issue Count, Code Duplication Ratios, Cyclomatic Complexity figures, and Test Coverage percentages.

Source Code Health Assessment Tools

  • codacy_list_repository_issues: Enumerates and permits granular filtering of general code quality defects within a project context. This is the canonical endpoint for investigating structural concerns (e.g., adherence to standards, performance bottlenecks, complexity overload, stylistic deviations), explicitly excluding security findings (use the SRM tools for those).

Advanced Filtering Capabilities: - Multi-criteria filtering based on severity level, classification tag, and programming language. - Accountability assignment via author-centric filtering. - Branch-specific scope definition for analysis. - Pattern matching for targeted defect identification.

Typical Applications: - Comprehensive code quality audits. - Quantifying accumulated technical debt. - Validating compliance against established style guides. - Deep-dive investigation into runtime performance inhibitors. - Structural complexity metrics derivation.

File-Level Analysis Retrieval

  • codacy_list_files: Generate a manifest of source files contained within the repository, with pagination enabled.
  • codacy_get_file_issues: Fetch the specific list of quality defects flagged within a single source file.
  • codacy_get_file_coverage: Retrieve the test coverage data pertaining to a file in the repository's current head commit for a designated branch.
  • codacy_get_file_clones: Obtain the computed set of code segments exhibiting high textual similarity (duplication) identified within a specific file.
  • codacy_get_file_with_analysis: Retrieve an exhaustive analysis profile for an individual file, aggregating metrics for Grade, Issues, Duplication, Complexity, and Coverage status.

Security Vulnerability Scanning Interface

  • codacy_search_organization_srm_items: The principal endpoint for querying security alerts, findings, and vulnerabilities across all projects within an organization, mapping directly to the Organization's Security Risk Management (SRM) dashboard data.
  • codacy_search_repository_srm_items: Retrieve security findings specific to an individual source code repository.

Both endpoints provide detailed security posture information covering:

  • Static Application Security Testing (SAST)
  • Detection of Sensitive Credentials/Secrets
  • Software Composition Analysis (SCA) for dependencies
  • Infrastructure as Code (IaC) vulnerability checks
  • CI/CD pipeline security assessment
  • Dynamic Application Security Testing (DAST) results
  • Penetration Testing reports aggregation

Version Control Workflow Evaluation

  • codacy_list_repository_pull_requests: Retrieve the roster of pending or merged pull requests accessible to the configured user identity.
  • codacy_get_repository_pull_request: Fetch comprehensive metadata for a designated pull request.
  • codacy_list_pull_request_issues: Return the collection of code quality defects introduced (new) or resolved (fixed) within the scope of a pull request.
  • codacy_get_pull_request_files_coverage: Calculate and retrieve the differential test coverage metrics across all modified files in a pull request.
  • codacy_get_pull_request_git_diff: Present the standardized, human-readable Git patch/diff representation for the contents of a pull request.

Analysis Engine and Rule Configuration Access

  • codacy_list_tools: Obtain a complete registry of all code analysis modules supported by the Codacy platform.
  • codacy_list_repository_tools: Query the current configuration status and enablement settings for analysis tools applied to a specific project.
  • codacy_get_pattern: Retrieve the detailed definition and specification for any recognized analysis pattern or rule.
  • codacy_list_repository_tool_patterns: List all active rule patterns associated with a specific analysis tool configured for a repository.
  • codacy_get_issue: Access the full, detailed record for an individual quality or security finding.

Local Execution Environment Analysis

  • codacy_cli_analyze: Initiate an on-demand, local code quality assessment utilizing the Codacy Command Line Interface. Key features include:
  • Selective targeting of directories or individual source files for scanning.
  • Ability to invoke a subset of tools or execute the full analysis suite.
  • Provision of immediate feedback results, bypassing scheduled cloud processing latency.
  • Support for applying configuration-driven remediation suggestions.

Initialization Procedures

Prerequisites

Verify that the underlying host environment satisfies these software dependencies:

  • git version control system installed.
  • Node.js runtime environment active, ensuring the npx command executes correctly.

For localized code evaluation jobs, the MCP Server mandates the presence of the Codacy CLI Utility. If absent, the server attempts an automatic installation during runtime. Note: The Codacy CLI v2 runtime is validated for use on macOS, Linux, and Windows (via the Windows Subsystem for Linux).

Authentication Credential Requirement

Secure your personal access token directly from the Codacy Account Management Portal.

This token is crucial for subsequent environment configuration steps.

Deployment Steps

Within supported integrated development environments such as VS Code, Cursor, or Windsurf, the most streamlined installation pathway involves leveraging the official Codacy extension. If the extension is not yet present, procure it from the respective marketplace (Microsoft VSC Marketplace, OpenVSX Registry). Subsequently, navigate to the extension management panel and select the 'Install Codacy MCP Server' action. A subsequent IDE restart is required.

Manual installation methods remain available for environments where extension integration is impractical:

IDE Integration (Cursor, Windsurf, etc.)

For Cursor environments, a direct installation link is provided:

Install MCP Server via Cursor

For other configurations, modify the relevant configuration file specific to your client:

  • Cursor: Update the .cursor/mcp.json manifest.
  • Windsurf: Update the .codeium/windsurf/mcp_config.json definition.
  • Claude Desktop: Update the claude_desktop_config.json file.

Employ the following structure, substituting <YOUR_TOKEN> with the actual credential:

{ "mcpServers": { "codacy": { "command": "npx", "args": ["-y", "@codacy/codacy-mcp"], "env": { "CODACY_ACCOUNT_TOKEN": "" } } } }

VS Code/Copilot Integration Strategy

One-click deployment for VS Code users:

Deploy Codacy Server to VS Code Deploy Codacy Server to VS Code Insiders

For manual configuration within VS Code, inject the following block into your global settings file:

{ "mcp": { "inputs": [], "servers": { "codacy": { "command": "npx", "args": ["-y", "@codacy/codacy-mcp"], "env": { "CODACY_ACCOUNT_TOKEN": "" } } } } }

Access the user settings JSON via View > Command Palette > Preferences: Open User Settings (JSON). The configuration file path varies by operating system:

  • macOS: ~/Library/Application Support/Code/User/settings.json
  • Windows: %APPDATA%\Code\User\settings.json
  • Linux: ~/.config/Code/User/settings.json

Crucially, replace <YOUR_TOKEN> with your actual authentication credential.

  1. Ensure that the system setting for Agent mode is toggled 'On': vscode://settings/chat.agent.enabled

  2. Activate the Copilot chat interface and set the operational mode to 'Agent'. Verification of successful server enablement is confirmed by inspecting the 'Select tools' control, which should list all available Codacy integration tools.

Error Resolution Guidance

Claude Desktop and NVM Conflicts

If utilizing Node Version Manager (NVM) alongside Claude Desktop leads to npx execution failures, a reliable workaround is to perform a global installation of the MCP Server via npm, then invoke Node directly:

bash npm install -g @codacy/codacy-mcp

Adjust the configuration manifest to point to the globally installed executable:

{ "mcpServers": { "codacy": { "command": "/Users/yourusername/.nvm/versions/node/vXX.X.X/bin/node", "args": ["/path-to/codacy-mcp/dist/index.js"], "env": { "CODACY_ACCOUNT_TOKEN": "" } } } }

Community Contribution Guidelines

To initiate local development and modification of the MCP Server source code:

bash npm install npm run update-api npm run build

Local Testing with Inspector

Development testing can be performed using the dedicated inspector tool. You may either set the CODACY_ACCOUNT_TOKEN as an environment variable externally or inject it directly into the execution command:

bash CODACY_ACCOUNT_TOKEN=your_token_here npm run inspect

This command compiles the project and launches the MCP inspector interface, pre-configured with your security token.

Local Testing with an Agent

To validate your locally built server instance as if it were actively serving requests from an agent environment, configure it as follows:

"codacy": { "command": "/path/to/bin/node", "args": [ "/path/to/codacy-mcp-server/dist/index.js" ], "env": { "CODACY_ACCOUNT_TOKEN": "" } }

Support for Codacy Command Line Utility

The functionality relying on the Codacy-CLI necessitates its installation. Upon receipt of an analysis request, the MCP Server autonomously attempts to install and initialize the CLI utility.

If an organization mandates the deployment of a specific CLI revision, this can be enforced by supplying a CODACY_CLI_VERSION environment parameter within the MCP Server's configuration settings.

Licensing Information

This server component is distributed under the permissive MIT License. This grants users the liberty to deploy, modify, and redistribute the software, provided that the original license terms are respected. Comprehensive details are available within the project's LICENSE file.

See Also

MCP
Codacy-mcp-server-gateway Mcp
MCP
Code Mcp
Analysis
Analysis PNG Icons
Installerpedia
sebastianruder/NLP-progress Installerpedia
Tools
JSON Utilities Tools
Filing
Filing PNG Icons
MCP
Servers Mcp
← Back to Business Tools🙏  Credits & Acknowledgments
`