Content
# Tool List
## Overview
Fenrir is a code audit tool based on the MCP protocol and AST technology, designed to solve the problems of low efficiency and poor accuracy in traditional code search and analysis methods when facing large-scale, complex, or decompiled code.
The project uses AST (Abstract Syntax Tree) as its core, combined with MCP protocol and advanced technologies like go-tree-sitter, to achieve structured parsing, indexing, and efficient retrieval of Java source code. Its main features include:
* Precise code segment search based on AST, such as class, method, field, parent class, and subclass searches
* Persistent caching of AST indexes
* Intelligent tool registration and AI collaboration under the MCP protocol
* Good compatibility with decompiled code
The project innovatively integrates AST structure with AI intelligent dialogue, greatly improving the practicality and intelligence of large models in code security analysis scenarios. The overall architecture is modular and easy to extend, making it suitable for integration into larger automated security platforms with high engineering practical value and industry promotion prospects.
## Features
### 1. AST Abstract Syntax Tree
The core principle of this tool's code search function is to build an AST abstract syntax tree for the code.
### 2. Code Structure Analysis
Based on the AST syntax tree, the tool achieves precise code segment search functions for classes, methods, properties, parent classes, and subclasses, enabling large models to accurately search for desired code segments.
### 3. MCP Protocol
The tool uses the popular MCP protocol to empower AI, providing powerful MCP tools that enable large models to converse equally with security researchers in the same code context, fully leveraging AI's "subjective initiative."
### 4. Efficient AST Cache Mechanism
The tool supports persistent caching of AST indexes, avoiding repeated parsing of source code for each analysis and significantly improving analysis speed for large projects. The cache mechanism is configurable and supports automatic rebuilding and manual cleaning.
## Installation
### System Requirements
- Build version: Go 1.23.0 (use Go 1.23.0 if version issues occur)
- Other dependencies: see go.mod file
- New go-tree-sitter compatibility issue: undefined: Node (occurs when using import "C" and cgo)
### Installation Steps
1. Clone the repository
```bash
git clone https://github.com/yourusername/Fenrir-CodeAuditTool.git
cd Fenrir-CodeAuditTool
```
2. Install dependencies
```bash
go mod download
```
3. Compile the project
```bash
go build -o fenrir
```
## Usage
Step 1: Run the exe file or application/server/main.go file, specifying the code repository path using the -i parameter in the command line or in resources\config.yaml (use double slashes). Start the MCP server.
Example command line specification:
```bash
.\Fenrir-CodeAuditTool.exe -i "D:\CodeAudit\Apache Sling CMS 1.1.8\apache-sling-cms-1.1.8"
```
Step 2: Use Cherry Studio or other client tools to configure the MCP server, configure the large model API key, and start the dialogue. (Purchase the large model's API key yourself.)
Note: You can view the AST cache file for the corresponding code repository in the cache directory.
## Project Structure
```
Fenrir-CodeAuditTool/
├── application/ # Server-side startup program, including MCP tools and prompt word registration
├── cache/ # AST cache file directory
├── configs/ # Configuration program
├── docs/ # Demo pictures
├── internal/ # AST parsing core program
├── prompts/ # Code audit prompt words
├── resources/ # Configuration files
├── test/ # Test program
└── tools/ # Cache file management program
```
## Live Demo
Select the Apache open-source project Sling CMS as the project to be audited, project address: https://github.com/apache/sling-org-apache-sling-app-cms
Import maven dependencies, find the sling dependency in the local repository, for example: C:\Users\miaoj\.m2\repository\org\apache\sling:
These dependencies contain the core code of Sling CMS, all of which need to be decompiled and copied to the code repository.
After completing the above steps, specify the code repository as the project root path of Sling CMS, run the server-side code, start building the AST index for the code repository, save it to the cache file, and enable an SSE listener:
Use Cherry Studio as the MCP client to connect to this server. Let's analyze from the login logic LoginServlet, which is located in the decompiled code of the org.apache.sling.auth.core dependency:
Let's see how the large model performs:
- Firstly, we can see that for large projects like Apache Sling CMS, AST parsing can be performed correctly.
- Secondly, decompiled code can also be correctly parsed and found.
- Thirdly, deepseek drew a call graph showing the chain call process, demonstrating the powerful function of this tool's automated chain search and analysis.
- Finally, deepseek pointed out the code segments with security risks and provided repair suggestions, completing the code audit.
## Tips
- Currently, only Java code is supported for building AST indexes (including decompiled code)
- Actual audit effects depend on the capabilities of large models
- Actual use should involve purposeful fine-tuning of prompt words
## Contribution Guide
1. Fork the project
2. Create a feature branch (`git checkout -b feature/AmazingFeature`)
3. Commit changes (`git commit -m 'Add some AmazingFeature'`)
4. Push to the branch (`git push origin feature/AmazingFeature`)
5. Create a Pull Request
## License
This project uses the Apache 2.0 license - see [LICENSE](LICENSE) file
## Acknowledgements
- [Tree-sitter](https://tree-sitter.github.io/tree-sitter/) - for code parsing
- [Go AST](https://golang.org/pkg/go/ast/) - Go language AST support
- [Java Parser](https://github.com/smacker/go-tree-sitter-java) - Java language parsing support
## New Feature Addition
Function design
Support for multiple code sources:
ZIP archive URL download
Git repository cloning
Local path direct analysis
Automation process:
Automatic download/cloning of code
Automatic decompression (if it's an archive)
Automatic setting of configuration file paths
Automatic construction/loading of AST
Return audit results
-----------------------------------
Main modifications and new features:
Server status management: Added ServerState structure to manage server status, including readiness status, AST indexes, and query engines
Condition waiting: Use sync.Cond to implement condition variables, allowing other tools to wait until AST initialization is complete
Dynamic initialization: If code_audit.repository_path is empty, the server waits for users to provide a remote repository address through MCP calls after startup
Tool dependencies:
remote_code_audit: always available for setting up remote repositories and initializing AST
code_search and class_hierarchy: only available after AST initialization, waiting until ready
Complete error handling: Ensure correct error handling in various situations
Usage:
Start the server (without a local repository):
bash
./fenrir
Provide a remote repository through MCP client:
json
{
"tool": "remote_code_audit",
"arguments": {
"repository_url": "zip:https://example.com/project.zip"
}
}
Then use other tools for code audit:
json
{
"tool": "code_search",
"arguments": {
"className": "LoginServlet",
"methodName": "",
"fieldName": ""
}
}
This design makes the server more flexible, dynamically accepting remote code repositories and performing audits.
