{"id":"jordyzomer-codeql-mcp","name":"codeql-mcp","homepage":null,"repo_url":"https://github.com/JordyZomer/codeql-mcp","category":"ai-ml","subcategories":[],"tags":["security","devtools","mcp","codeql","static-analysis","sse","automation","agent-tools"],"what_it_does":"Runs a Model Context Protocol (MCP) server (via FastMCP) that wraps a CodeQL query server, exposing tools to register CodeQL databases, run CodeQL queries, decode .bqrs files to JSON, and locate predicate/class symbol positions.","use_cases":["Integrate CodeQL query execution into an AI agent workflow via MCP","Automate vulnerability research tasks (querying databases, inspecting results)","Decode CodeQL binary result artifacts (.bqrs) into JSON for further processing","Map CodeQL symbols to source locations for code navigation"],"not_for":["Providing a hosted/scalable CodeQL-as-a-service endpoint for untrusted tenants","Use as a secure remote API boundary (no auth/security posture described)","Running in environments where local execution of the CodeQL binary is not permitted"],"best_when":"You have CodeQL installed locally and want an agent-friendly interface (MCP/SSE) to trigger CodeQL queries against local databases.","avoid_when":"You need strong access control, multi-user isolation, or reliable rate-limited remote usage out of the box.","alternatives":["Use CodeQL’s native CLI directly from your agent/tooling","Build a REST/GraphQL wrapper around CodeQL with explicit auth and structured error handling","Use an existing CodeQL automation framework or community MCP servers (if available)"],"af_score":37.8,"security_score":24.8,"reliability_score":26.2,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:42:35.112063+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":"http://localhost:8000/sse","has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":[],"oauth":false,"scopes":false,"notes":"No authentication mechanism is described in the README. Assumed local/loopback usage unless configured otherwise."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Open-source tooling; no pricing information provided."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":37.8,"security_score":24.8,"reliability_score":26.2,"mcp_server_quality":75.0,"documentation_accuracy":55.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":10.0,"rate_limit_clarity":10.0,"tls_enforcement":20.0,"auth_strength":5.0,"scope_granularity":0.0,"dependency_hygiene":50.0,"secret_handling":60.0,"security_notes":"Security posture is not described: no auth, no TLS requirement, and no mention of sanitizing inputs, restricting filesystem paths, or limiting CodeQL execution. Likely intended for local use. Dependency hygiene is unknown; README lists minimal dependencies (fastmcp, httpx) but does not address vulnerabilities, locking, or scanning.","uptime_documented":0.0,"version_stability":40.0,"breaking_changes_history":40.0,"error_recovery":25.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Requires a CodeQL binary in PATH (or hardcoded path), so agent environments must match the runtime requirements","The README indicates Cursor/agents may invoke tools via natural language; without explicit examples of tool schemas/inputs, mapping LLM requests to exact tool parameters may require experimentation","No documented rate limits, auth, or operational safeguards; agent retries could amplify expensive CodeQL executions"]}}