Plugs a full SAST engine into Claude as an MCP server. You get call graph queries, cross-file dataflow tracing, and symbol search for Python and Go codebases. The underlying engine builds ASTs with tree-sitter, constructs call graphs across files, and runs taint analysis to track data from sources to sinks. When you ask Claude to review code or trace a vulnerability, it can query the graph directly: find all callers of a function, trace where user input flows, search for specific patterns. Ships with 190+ security rules covering Django, Flask, Docker, and more. Useful when you want Claude to reason about code structure and security flows instead of just pattern matching on text.
claude mcp add --transport stdio dev.codepathfinder-pathfinder uvx pathfinder