Model Context Protocol moderate risk

Codelogic

The CodeLogic MCP server provides AI programming assistants with tools to analyze code impact, manage DevOps integrations, and generate CI/CD pipeline configurations using CodeLogic's software dependency data.

Connections & Capabilities

Connects To

GitHubGitLabDockerAzure

Capabilities

readwriteexec

Quickstart

Config

{
  "mcpServers": {
    "codelogic-mcp-server": {
      "type": "stdio",
      "command": "<PATH_TO_UV>/uv",
      "args": [
        "--directory",
        "<PATH_TO_THIS_REPO>/codelogic-mcp-server-main",
        "run",
        "codelogic-mcp-server"
      ],
      "env": {
        "CODELOGIC_SERVER_HOST": "<url to the server e.g. https://myco.app.codelogic.com>",
        "CODELOGIC_USERNAME": "<my username>",
        "CODELOGIC_PASSWORD": "<my password>",
        "CODELOGIC_WORKSPACE_NAME": "<my workspace>",
        "CODELOGIC_DEBUG_MODE": "true"
      }
    }
  }
}

Exposed MCP Tools (5)

safe

codelogic-method-impact

Analyzes the impact of changes to a specific method within the codebase.

Read-only analysis of code dependencies.

safe

codelogic-database-impact

Analyzes the impact of changes between code and database entities.

Read-only analysis of database relationships.

moderate

codelogic-docker-agent

Generates Docker agent configurations for CodeLogic scanning in CI/CD pipelines.

Generates configurations that could be misconfigured.

moderate

codelogic-build-info

Generates build information and send commands for CodeLogic integration.

Sends build information to CodeLogic, potential for data leakage if misconfigured.

high

codelogic-pipeline-helper

Generates complete CI/CD pipeline configurations for CodeLogic integration.

Generates complete pipeline configurations, which could introduce significant risks if misconfigured.

Safety Assessment

The CodeLogic MCP server offers valuable code analysis and DevOps integration tools, but requires careful management of credentials and CI/CD configurations. It is safe when used to analyze code impacts and generate configurations that are thoroughly reviewed. It is risky if credentials are not securely managed or if generated CI/CD pipelines are deployed without proper testing.

Uses environment variables for authentication, avoiding hardcoded credentials.
Provides tools for code analysis, helping to identify potential risks before deployment.
Supports multiple CI/CD platforms, allowing for flexible integration.

Requires storing credentials (username/password) as environment variables.
Some tools allow for generating CI/CD configurations, which can introduce risks if misconfigured.
Relies on external CodeLogic server for data, introducing a dependency and potential point of failure.