# Codacy MCP for AI Agents MCP

> Codacy MCP lets you manage automated code reviews and track quality metrics using natural conversation. Instead of diving into dashboards, your AI client pulls up a repository's grade, finds specific security issues, or lists all organizations associated with your account instantly.

## Overview
- **Category:** developer-tools
- **Price:** Free
- **Tags:** code-quality, static-analysis, security-scanning, automated-reviews, repository-monitoring, technical-debt

## Description

Stop switching between tabs just to check if the latest commit broke something. This MCP lets you take full control of code quality and maintainability by talking to your agent. You can ask it to pull up the current grade for any repository, search across multiple orgs for specific vulnerability types, or even see which languages Codacy supports natively.

It’s about moving complex audit work into a simple conversation. Your AI client connects through Vinkius, giving you deep visibility into your codebase's health without ever needing to open the main web portal. You can quickly monitor configured webhooks for real-time alerts or list out all members across an entire organization roster.

## Tools

### get_repository_quality_analysis
Retrieves the current grade and key metrics for a specified repository.

### list_supported_languages
Returns a list of all programming languages supported by Codacy analysis.

### get_my_codacy_profile
Pulls user profile information for the authenticated Codacy account.

### list_codacy_organizations
Provides a list of all organizations associated with the connected account.

### list_organization_members
Retrieves the names and profiles of users belonging to a specific organization.

### list_organization_repositories
Lists all repositories that have been analyzed within a given organization.

### list_repository_webhooks
Shows the currently configured webhooks for quality notification purposes on a repository.

### search_repository_issues
Searches and filters code quality issues within a specific repository based on criteria like level or category.

## Prompt Examples

**Prompt:** 
```
What is the overall quality grade for our core services?
```

**Response:** 
```
**Codacy Quality Report**

| Repository | Grade | Primary Concern |
| :--- | :---: | :--- |
| `core-api` | A | Minor refactoring needed |
| `web-frontend` | B | High count of Medium security issues |
| `billing-service` | C+ | Critical vulnerability found (SQL) |

*Summary:* The billing service needs immediate attention due to a critical finding. I recommend starting with `search_repository_issues`.
```

**Prompt:** 
```
I need to know what languages are supported for analysis.
```

**Response:** 
```
**Supported Languages List**

Codacy analyzes over 40 programming languages, including:

*   JavaScript
*   TypeScript
*   Python
*   Go
*   Java
*   PHP
*   Ruby
*   C#
*   And many configuration files (Dockerfile, Terraform).
```

**Prompt:** 
```
Show me all repos in the 'vinkius' org and their current grades.
```

**Response:** 
```
**Organization Repository Status**

I found 5 analyzed repositories under the 'vinkius' organization:
*   `core-api`: Grade A (Excellent)
*   `web-frontend`: Grade B (Needs Review)
*   `mcp-servers`: Grade A (Excellent)
*   `auth-service`: Grade C+ (Action Required)
*   `logging-tool`: Grade N/A (No analysis found)
```

## Capabilities

### Assess overall repository grade and metrics
Get the current quality score and detailed analysis for any specific code repository.

### Search for precise security or technical issues
Find code quality problems by filtering on criteria like severity level, category, or programming language.

### Map out your entire organizational structure
List all organizations connected to your account and retrieve the full membership roster for any of them.

### Audit repository setup and webhooks
View which webhooks are currently configured for a given repository, ensuring you get real-time quality notifications.

### Determine supported coding standards
List every programming language that the Codacy analysis engine can process and grade.

## Use Cases

### Need to check the compliance status for a new team
An Engineering Manager needs to know if all ten microservices have passed their required security checks. They ask the agent, and it runs `list_organization_repositories`, then uses `get_repository_quality_analysis` on each one, delivering a single summary report.

### Finding hardcoded secrets across multiple services
A Security Team member needs to audit ten repos for specific secret leaks. They use `search_repository_issues`, filtering by 'hardcoded' and 'Critical' severity, getting a list of exact locations they need to fix.

### Onboarding new team members quickly
A DevOps Engineer needs to verify which teams are part of the project. They run `list_organization_members` to get the full roster, and then use `get_my_codacy_profile` to confirm their own access level.

### Confirming all necessary alerts are firing
A DevOps Engineer suspects a repository is missing webhook notifications. They check this by running `list_repository_webhooks` and confirming the status for quality analysis updates.

## Benefits

- Instantly check any repo's status. Instead of navigating to a dashboard, you ask the agent for `get_repository_quality_analysis` and get the current grade in one go.
- Audit compliance across teams. Use `list_codacy_organizations` to map out every connected organizational unit without manual enumeration.
- Pinpoint security flaws fast. You can use `search_repository_issues` to filter for 'Critical' vulnerabilities by category or language instantly.
- Understand your scope. Quickly run `list_organization_repositories` to see a full inventory of all analyzed codebases in an organization.
- Stay current with integrations. Use `list_repository_webhooks` to verify that real-time quality notifications are correctly configured.

## How It Works

The bottom line is you use natural language conversation to pull detailed code metrics and audit information without opening a browser tab.

1. Subscribe to this MCP on Vinkius.
2. Input your Codacy Account API Token (you'll find this in User Settings > API).
3. Use the connection through your preferred AI client (Cursor, Claude, etc.) to start asking questions about code quality.

## Frequently Asked Questions

**How does the Codacy MCP help me monitor code quality?**
It lets you ask about your codebase's health using natural language. You can get the current grade for any repository, search for specific security flaws, or audit which languages are supported by Codacy.

**Is this MCP useful for auditing compliance?**
Yes. It allows you to list all organizations and repositories connected to your account, letting you systematically check the status of every service against your internal quality standards.

**Can I find specific security vulnerabilities using Codacy? **
Absolutely. You can run advanced searches that filter issues by severity level (like 'Critical') or category, helping you pinpoint exactly where the code needs fixing.

**What if my team is working on a new service I haven't connected yet?**
You can first use the MCP to list all available organizations and repositories in your account. This gives you a full map of what services are already being monitored.

**What kind of information does Codacy provide about users?**
The MCP lets you retrieve member rosters for any organization, giving you the names and profile details of everyone associated with your project.