I built an MCP server that reviews your code with Groq — here's what it found

Sandy — Mon, 04 May 2026 20:35:27 +0000

The problem

AI-generated code is everywhere. GitHub Copilot, Claude, ChatGPT — they all write code fast. But they also introduce subtle bugs, SQL injections, and insecure patterns that look totally fine at first glance.

I wanted a tool that sits inside my AI agent and reviews code before I ship it. Not a linter. Not a static analyzer. A strict senior engineer who actually explains why something is wrong and shows the fix.

What I built

mcp-code-sanitizer — an MCP server that plugs into Claude Desktop or Cursor and gives you a strict AI code review powered by Groq's free API (llama-3.3-70b).

Claude Desktop ──MCP──► code-sanitizer ──REST──► Groq API

Tools available

Tool	What it does
`analyze_code`	Finds bugs, vulnerabilities, rates 0–100
`compare_code`	Compares versions, detects regressions
`explain_code`	Step-by-step explanation for any level
`generate_tests`	Writes pytest/jest tests automatically
`analyze_file`	Analyzes whole files with parallel chunking
`generate_report`	Builds an HTML report

Real example

I gave it this code:

def get_user(user_id):
    query = f"SELECT * FROM users WHERE id = {user_id}"
    return db.execute(query)

It returned in 2 seconds:

{
  "summary": "Critical SQL injection vulnerability",
  "score": 23,
  "issues": [{
    "severity": "critical",
    "line": 2,
    "title": "SQL Injection",
    "description": "f-string directly interpolates user_id into SQL query",
    "fix": "cursor.execute('SELECT * FROM users WHERE id = %s', (user_id,))"
  }]
}

Score 23/100. Ouch. But accurate.

Why Groq?

Free tier — generous limits, no credit card needed
Fast — llama-3.3-70b responds in ~1-2 seconds
JSON mode — structured output without parsing hacks

Architecture

The codebase is split into focused modules:

server.py       # FastMCP entry (39 lines)
config.py       # Constants
groq_client.py  # API client with auto-retry on rate limits
cache.py        # In-memory cache with TTL
prompts.py      # System prompts
tools/          # One file per tool

The cache layer means identical code isn't sent to Groq twice — useful when reviewing the same function repeatedly during debugging.

GitHub Action included

The repo includes a GitHub Action that automatically reviews every PR and posts a structured comment:

- uses: actions/checkout@v4
# ... runs review_pr.py on changed files
# posts comment with issues, warnings, suggestions
# fails check if critical issues found

Get started in 3 commands

git clone https://github.com/notasandy/mcp-code-sanitizer
pip install -r requirements.txt
fastmcp dev inspector server.py

Get a free Groq key at console.groq.com and you're done.

Published everywhere

GitHub: notasandy/mcp-code-sanitizer
PyPI: pip install mcp-code-sanitizer
Official MCP Registry: io.github.notasandy/mcp-code-sanitizer
Glama catalog: glama.ai/mcp/servers

Would love to hear what you think — especially if you find bugs the sanitizer missed 😄

I built a VS Code extension in 3 days because copy-pasting into ChatGPT was annoying

Sandy — Fri, 24 Apr 2026 18:01:46 +0000

Three days ago I was sitting on yet another ChatGPT session, spending more time explaining where my code lives than actually asking the question. Not a tragedy — just annoying. I don't have a lot of time, and I didn't want to waste it on copy-paste rituals.

Googled for something that already solved this. Nothing useful. So I spent three evenings building it myself.

The extension is called Copy Code to ChatGPT. It adds a right-click menu in VS Code that copies your code the way AI actually needs it — with the file path, line numbers, and proper Markdown formatting. Not just the raw snippet.

So instead of pasting this:

export function formatOutput(code, filePath) {
  // ...
}

...and then typing "this is from utils/formatter.ts around line 45, it's TypeScript, the context is..." — you just paste and the AI already knows where it came from.

You can also copy entire folders as a single block, grab the project structure as a tree, and see the token count before sending so you don't hit the limit mid-conversation. There's also basic import-following — point at a file and it pulls in related files by tracing dependencies. Not perfect, but already way more useful than copying things manually.

I published it on the VS Code Marketplace and on GitHub. It's free, open source, no telemetry.

If you work with AI assistants daily and have a better approach to this — genuinely curious what you're doing.

DEV Community: Sandy