code-pathfinder

Name: code-pathfinder
Rating: 2.5 (130 reviews)
Author: shivasurya

by shivasurya·★ 130·Score 49

MCP server for Code Pathfinder, providing AI assistants with access to cross-file code analysis and security scanning capabilities.

securitydeveloper-tools

Forks

Open issues

this month

Last commit

2d ago

Indexed

Overview

Code Pathfinder is an open-source static analysis engine that traces data flows across files and functions. The MCP server exposes tools for querying the code graph, finding callers/callees, tracing data flows, and running security rules—making these powerful analysis capabilities available to AI assistants during code review or development. It supports Python, Docker, and Docker Compose analysis with 190+ security rules that can be automatically downloaded.

Try asking AI

After installing, here are 3 things you can ask your AI assistant:

you:AI assistants performing security-focused code reviews with cross-file vulnerability detection

you:Development teams using AI to understand complex code data flows and dependencies

you:Security professionals scanning codebases for vulnerabilities through AI-powered interfaces

When to choose this

Choose this when you need AI assistants to have deep code security analysis capabilities beyond basic syntax checking, particularly for tracing data flows across files in complex applications.

When NOT to choose this

Don't choose this if you need support for languages other than Python, Docker, or Go, or if you require commercial support with SLAs as this is an open-source project without formal backing.

Tools this server exposes

12 tools extracted from the README

find_callers
Find callers of a specific function in the codebase
find_callees
Find functions called by a specific function
trace_dataflow
Trace data flow between source and sink points
search_patterns
Search for specific code patterns across the codebase
run_security_rule
Run a specific security rule on the codebase
analyze_project
Perform complete security analysis of the project
get_code_graph
Retrieve the call graph representation of the code
query_taint_flows
Query for tainted data flows across the codebase
list_rules
List available security rules for the codebase
get_function_info
Get detailed information about a specific function
find_vulnerabilities
Find vulnerabilities based on predefined security rules
get_project_summary
Get a summary of the project structure and analysis

Note: Tool names inferred from the MCP server description which mentions tools for 'querying the code graph: find callers/callees, trace data flows, search for patterns, and run security rules'. The specific tool names were constructed based on t

Comparable tools

semgrepsonarqubeveracodebandit

Installation

brew install shivasurya/tap/pathfinder

Start the MCP server:

pathfinder serve --project .

For Claude Desktop, add this to your configuration.json:

{
  "mcpServers": {
    "code-pathfinder": {
      "command": "pathfinder",
      "args": ["serve", "--project", "."]
    }
  }
}

On Hacker News

Recent discussion from the developer community.

Show HN: Open-Source CodeQL Alternative▲ 3
Story by shivasurya · 2024-11-23

Compare code-pathfinder with

code-pathfinder vs mcp-server-chart code-pathfinder vs everything code-pathfinder vs filesystem code-pathfinder vs time code-pathfinder vs sequentialthinking

GitHub →

Last updated 2026-05-17 · Auto-generated from public README + GitHub signals.