codeql_n1ght_mcp_server

This MCP server provides a standardized interface for AI assistants to orchestrate the CodeQL N1ght toolchain. It exposes tools to install dependencies, create CodeQL databases from various bundle formats, and run security scans with configurable query packs and parallel processing options. Use the provided tools to automate end-to-end code analysis workflows: set up the environment, prepare databases, and execute scans, all through the MCP protocol.

Available tools include version (to fetch version or help from the CodeQL N1ght executable), install_environment (to install required dependencies such as JDK, Ant, and CodeQL), create_database (to generate CodeQL databases from JAR/WAR/ZIP files with options for decompiler choice, dependency handling, and caching), scan_database (to run security scans with configurable paths, query packs, and parallelism), and run_codeql_n1ght (a generic interface to run arbitrary CodeQL N1ght commands). These tools return standardized JSON responses indicating return codes, stdout, stderr, and timeouts, enabling reliable integration with AI assistants and automation pipelines.

Prerequisites:

• Python 3.8+ installed on your system
• Access to install Python packages (pip)

1. Clone or download the MCP server repository and navigate to its directory.
2. Create and activate a Python virtual environment (recommended):

python -m venv venv
source venv/bin/activate  # on Unix
venv\Scripts\activate     # on Windows

3. Install required Python packages:

pip install -r requirements.txt

4. Ensure the CodeQL N1ght executable is available at the configured path (default: J:\mcp\codeql-n1ght.exe). If you need to point to a different location, set CODEQL_N1GHT_EXECUTABLE_PATH in the environment or adjust configuration accordingly.
5. Run the MCP server in STDIO mode:

python codeql_n1ght_mcp_server.py

6. Verify the server starts and is ready to accept MCP requests from your AI assistant or orchestrator.

Tips and notes:

• The server supports Windows and Unix-style paths. If you migrate paths, ensure your environment resolves them consistently.
• Timeouts are configurable per operation (default generally 10 minutes for operations, 20 hours for database/scan related tasks). Adjust as needed for large databases or long-running scans.
• If the CodeQL N1ght executable is missing or misconfigured, the server will return an error indicating the executable was not found.
• You can customize decompilers (procyon/fernflower), dependency handling, parallelism, and cache behavior via the respective tool options.
• Monitoring and logging are provided through the standard return object with stdout and stderr to help diagnose issues like parameter validation failures or path resolution problems.