Audit Bridge

AI-Powered C/C++ code audit platform

mcp-audit-bridge is a Model Context Protocol (MCP) server that empowers AI assistants to perform comprehensive code quality analysis. By bridging the gap between AI clients and industry-standard static analysis tools, it enables automated security auditing, code quality validation, and vulnerability detection—all through a unified, AI-friendly interface.

Whether you're reviewing C/C++ codebases for security flaws, enforcing coding standards, or integrating static analysis into your AI-powered development workflow, MCP Audit Bridge provides the infrastructure to leverage multiple linter and audit tools seamlessly. Currently supports cppcheck and flawfinder, with an extensible architecture designed for additional tools.

🎯 What is MCP Audit Bridge?

MCP Audit Bridge transforms how AI assistants interact with code quality tools. Instead of manual tool invocation and output parsing, your AI client gains direct access to powerful static analysis capabilities through a clean, standardized protocol.

Key Capabilities:

• Automated Security Auditing — Detect buffer overflows, format string vulnerabilities, race conditions, and other security flaws
• Code Quality Validation — Enforce coding standards and identify potential bugs before they reach production
• Asynchronous Analysis — Queue large codebases for analysis without blocking your workflow
• AI-Optimized Output — Results formatted in Markdown with severity summaries, making it easy for AI to interpret and act on findings
• Extensible Architecture — Built to support additional linters and audit tools as your needs grow

🎯 Quick Start

Prerequisites

• .NET 8.0 Runtime or SDK
• cppcheck and/or flawfinder installed
• Service mode note: If running as a Windows Service, install linters system-wide or set an explicit linter Path in appsettings.json / appsettings.local.json (the service account may not inherit your user PATH or user-local Python Scripts folder).

Run Modes

MCP Audit Bridge supports three operating modes:

Mode	Command	Description
STDIO	--stdio	Default mode for AI client integration (Cursor, etc.)
HTTP	--http	HTTP-based MCP transport for web clients
Service	--service	Run as a Windows Service with HTTP transport

Logging

• STDIO mode: Logs go to stderr (to keep stdout clean for MCP JSON-RPC)
• HTTP mode: Logs go to <app>/logs/
• Service mode: Logs go to C:\ProgramData\AuditBridge\Logs\

🤖 AI Integration (Cursor IDE / STDIO)

Add this to your Cursor MCP configuration:

{
  "mcpServers": {
    "audit-bridge": {
      "type": "stdio",
      "command": "dotnet",
      "args": [
        "exec",
        "C:\\path\\to\\mcp-audit-bridge\\build\\bin\\audit_bridge\\Debug\\net8.0\\audit_bridge.dll",
        "--stdio"
      ]
    }
  }
}

🌐 Cursor / MCP client config (HTTP)

Add this to your Cursor MCP configuration:

{
  "mcpServers": {
    "auditbridge": {
      "url": "http://localhost:5512/",
      "headers": {
        "Content-Type": "application/json"
      }
    }
  }
}

🪟 Windows Service Mode (install / update / uninstall)

Service mode runs the HTTP server as a Windows Service. Service install/update/uninstall uses sc.exe, so you must run these commands in an elevated (Administrator) shell.

Install

dotnet run --project .\auditbridge\audit_bridge.csproj -- --install

Update

dotnet run --project .\auditbridge\audit_bridge.csproj -- --update

Uninstall

dotnet run --project .\auditbridge\audit_bridge.csproj -- --uninstall

Service configuration & logs

• Install path: Service:InstallPath (default: C:\Program Files\AuditBridge)
• Service name: Service:ServiceName (default: AuditBridge)
• HTTP bind: Server:Host / Server:Port
• Logs (Service mode): C:\ProgramData\AuditBridge\Logs\

After install, edit the config in the install folder (for example C:\Program Files\AuditBridge\appsettings.json, plus optional appsettings.local.json) and restart the service for changes to take effect.

🛠️ Available MCP Tools

Tool	Description	Parameters
enqueue_audit_scan	Enqueue a multi-tool audit scan (async)	targetPath
get_audit_scan_status	List runs and their state (polling)	runId (optional)
read_audit_scan_result	Read results for a run	runId, maxWaitSeconds (1–30)

📊 Example Workflow

1. Enqueue: Call enqueue_audit_scan with targetPath
2. Poll: Call get_audit_scan_status (optionally filter by runId)
3. Read results: Call read_audit_scan_result with runId + maxWaitSeconds

🧪 Testing & Quality

Test Statistics

• 141 total tests (all passing)
• ~80.1% line coverage (target: 75%)
• ~76.5% branch coverage (target: 75%)
• Last verified: 2026-02-01

📄 License

This project is licensed under the Apache License 2.0 — see LICENSE for details.

The Apache License 2.0 allows you to:

• ✅ Use the software commercially
• ✅ Modify and distribute
• ✅ Sublicense
• ✅ Use patent claims
• ⚠️ Include copyright notice

🙏 Acknowledgments

• Model Context Protocol - MCP specification
• C# SDK for MCP - MCP implementation
• cppcheck - static analysis engine
• flawfinder - static analysis engine
• NLog - logging framework