// SCAN REPORT

MCP Code Analysis Server

44 tools. 7 can modify or destroy data without limits.

2 destructive tools with no built-in limits. Policy required.

Last updated: 12 Jun 2026

7 can modify or destroy data

37 read-only

44 tools total

Community server · catalogue entry verified 12/06/2026

How to control MCP Code Analysis Server ↓

TOOL MAP

What MCP Code Analysis Server exposes to your agents

Read (37) Write / Execute (5) Destructive / Financial (2)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS

Critical Risk

The most dangerous MCP Code Analysis Server tools

Destructive · Critical delete_repository This tool permanently removes a repository and all associated data without the ability to undo the action. Destructive · High remove_repository Removing a repository from tracking is a destructive action that permanently stops analysis and monitoring of that codebase within the system. Execute · Medium sync_repository This tool triggers an external operation (repository sync) whose effects depend on the repository argument and current state. Write · Medium add_repository This tool creates a new entry in the server's repository tracking system.

7 of MCP Code Analysis Server's 44 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control MCP Code Analysis Server

PolicyLayer is an MCP gateway — it sits between your AI agents and MCP Code Analysis Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations

{
  "delete_repository": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations

{
  "add_repository": {
    "limits": [
      {
        "counter": "add_repository_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

{
  "analyze_bounded_context": {
    "limits": [
      {
        "counter": "analyze_bounded_context_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

Create a free account and register MCP Code Analysis Server — nothing to install.
Add these rules — paste them, or build them visually. Tune the limits to your setup.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

ENFORCE POLICY ON MCP CODE ANALYSIS →

Free to start. No card required.

FULL CATALOGUE

All 44 MCP Code Analysis Server tools

DESTRUCTIVE 2 tools

Destructive delete_repository Delete a repository and all its data Destructive remove_repository Remove a repository from tracking

EXECUTE 1 tools

Execute sync_repository Manually trigger sync for a specific repository

WRITE 4 tools

Write add_repository Add a new repository to track Write update_embeddings Update embeddings for a repository Write update_repository Update repository metadata Write update_repository_settings Update repository settings

READ 37 tools

Read analyze_bounded_context Analyze a bounded context and its relationships Read analyze_coupling Analyze coupling between bounded contexts with metrics and recommendations Read analyze_dependencies Analyze dependencies of a module or file Read analyze_domain_evolution Analyze how the domain model has evolved over time Read analyze_file Analyze a specific file Read analyze_package_structure Analyze the package structure of a repository Read detect_anti_patterns Detect DDD anti-patterns like anemic models, god objects, and circular dependencies Read explain_code Explain what a code element does Read extract_domain_model Extract domain entities and relationships from code using LLM analysis Read find_aggregate_roots Find aggregate roots in the codebase using domain analysis Read find_bounded_contexts Find all bounded contexts in the codebase Read find_circular_dependencies Find circular dependencies between packages Read find_definition Find where a symbol is defined Read find_similar_code Find code similar to a given snippet Read find_usage Find all places where a function/class is used Read find_usages Find where a function or class is used Read get_code Get code for a specific entity Read get_code_structure Get the structure of a code file Read get_dependencies Get dependencies for a code entity Read get_domain_metrics Get comprehensive domain health metrics and insights Read get_file_structure Get the structure of a file Read get_package_coupling_metrics Get coupling metrics for all packages Read get_package_dependencies Get dependencies for a specific package Read get_package_details Get detailed information about a specific package Read get_package_tree Get the hierarchical package structure Read get_repository_stats Get detailed statistics for a repository Read keyword_search Search code using keywords Read list_repositories List all tracked repositories Read scan_repository Scan or rescan a repository Read search_by_business_capability Search for code that implements a business capability Read search_by_code_snippet Search for code similar to a given snippet Read search_code Search for code by natural language query Read semantic_search Search code using natural language Read suggest_context_splits Suggest how to split large bounded contexts based on cohesion analysis Read suggest_ddd_refactoring Suggest Domain-Driven Design refactoring improvements Read suggest_refactoring Suggest refactoring opportunities Read generate_context_map Generate a context map showing relationships between bounded contexts

EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

FAQ

Questions about MCP Code Analysis Server

Can an AI agent delete data through the MCP Code Analysis Server MCP server? +

Yes. The MCP Code Analysis Server server exposes 2 destructive tools including delete_repository, remove_repository. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through MCP Code Analysis Server? +

The MCP Code Analysis Server server has 4 write tools including add_repository, update_embeddings, update_repository. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach MCP Code Analysis Server.

How many tools does the MCP Code Analysis Server MCP server expose? +

44 tools across 4 categories: Destructive, Execute, Read, Write. 37 are read-only. 7 can modify, create, or delete data.

How do I enforce a policy on MCP Code Analysis Server? +

Register the MCP Code Analysis Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every MCP Code Analysis Server tool call.

Deterministic rules across all 44 MCP Code Analysis Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON MCP CODE ANALYSIS →

Free to start. No card required.

44 MCP Code Analysis Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.