Back to MCP Trust Indexm8ven
74
grade C
4 days ago
glama

codeviewer-mcp

A stateful, AST-aware MCP server for structured code review workflows. It enables iterative review sessions with AST-based context localization and provides structured feedback with verdicts and patch suggestions for JavaScript/TypeScript code.

Master0fFate/codeviewer-mcp· listed on glama

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
⚠️
Tests do not pass
Either the test suite is broken or the code regressed. Either way the published behaviour can’t be verified by the publisher’s own tests.
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 1 credential: MCP_AUTH_TOKEN
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configLOG_LEVELLog level (trace, debug, info, warn, error) info
🔐 secretMCP_AUTH_TOKENOptional bearer token for shared environments. If set, every tool call must include auth_token. unset
configMCP_CLEANUP_ON_STARTUPCleanup expired sessions on process start (true or false) false
configMCP_DEFAULT_PROMPT_PROFILEDefault prompt profile ID used when register_plan omits prompt_profile universal-auditor-general-v2.1 if present, else first profile
configMCP_PROJECT_PATHProject root for AST indexing and path containment checks Current working directory
configMCP_PROMPTS_DIRDirectory containing .md prompt profiles <server_root>/prompts
configMCP_REVIEWER_DB_PATHSQLite database path <MCP_PROJECT_PATH>/.codeviewer-mcp.sqlite
configMCP_SESSION_TTL_HOURSSession TTL in hours, positive integer only 168
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 6 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/master0ffate-codeviewer-mcp-limk2n)](https://m8ven.ai/mcp/master0ffate-codeviewer-mcp-limk2n)
commit: 6fed8b47a5c704d75ebb42c0c7f1ccc73cb69c54
code hash: d542127c1eff3ccddb0ccc2ca00b98e19688debf2794dac279de57984620ba7f
verified: 4/18/2026, 6:14:31 PM
view raw JSON →