Skip to content

Code Scalpel

Surgical Precision for AI Code Operations

Give your AI assistant the power to analyze, extract, and modify code with zero hallucination risk.

What is Code Scalpel?

Code Scalpel is an MCP (Model Context Protocol) server that provides AI assistants like Claude, GitHub Copilot, and Cursor with surgical code operation tools. Instead of guessing at line numbers or hallucinating code structure, AI agents can use Code Scalpel to:

  • Analyze with Certainty

    Real AST parsing, not regex pattern matching. Get accurate function signatures, class hierarchies, and import maps.

    analyze_code

  • Extract Without Hallucination

    Request functions and classes by name. The server reads the file and returns exactly what you need.

    extract_code

  • Detect Vulnerabilities

    Taint-based security analysis finds SQL injection, XSS, command injection, and more—across file boundaries.

    security_scan

  • Modify Safely

    Replace specific functions or classes without touching surrounding code. Automatic backups included.

    update_symbol

New to Coding? We've Got You! 💜

Vibe coder who uses AI to code for you? We wrote a special guide just for you – no technical jargon, just friendly step-by-step instructions to get Code Scalpel working with your AI assistant.

Vibe Coder's Guide

Why Code Scalpel?

The Problem with AI Code Assistants

When AI assistants work with code, they often:

  • Guess at line numbers → Edits land in the wrong place
  • Hallucinate function names → Code that doesn't exist
  • Miss context → Changes break dependencies
  • Skip security checks → Vulnerabilities slip through

The Code Scalpel Solution

Code Scalpel gives AI agents tools, not guesses:

Without Code Scalpel With Code Scalpel
"I think the function is around line 150..." extract_code(target_name="process_order") → exact code
"This might have SQL injection..." security_scan() → confirmed vulnerability with line number
"Let me replace lines 100-150..." update_symbol(target_name="process_order", new_code=...) → surgical replacement
"I'll guess at the imports..." get_cross_file_dependencies() → complete dependency chain

Two Ways to Use Code Scalpel

Code Scalpel offers two usage modes to fit your workflow:

MCP Mode (AI Assistant Integration)

Perfect for AI-powered development workflows. Your AI assistant (Claude, Copilot, Cursor) uses Code Scalpel tools automatically.

Best for: - Working with AI assistants - Natural language code operations - Conversational development workflows

Installation: Add to your AI assistant's MCP configuration (see Quick Start below)

CLI Mode (Command Line)

Direct command-line access to all 23 tools. Perfect for scripting, CI/CD, and manual analysis.

Best for: - Build pipelines and CI/CD - Shell scripts and automation - Manual code analysis - Quick one-off operations

Installation: 

# Option 1: uvx (recommended - no installation needed)
uvx codescalpel --help

# Option 2: pip install
pip install codescalpel
codescalpel --help

Example: 

# Extract a function with dependencies
uvx codescalpel extract-code src/api.py --function process_payment --include-deps

# Security scan
uvx codescalpel scan src/ --json > security-report.json

# Generate call graph
uvx codescalpel get-call-graph src/main.py --format mermaid

Complete CLI reference

Quick Start

Get started in under 5 minutes:

claude_desktop_config.json
{
  "mcpServers": {
    "code-scalpel": {
      "command": "uvx",
      "args": ["codescalpel", "mcp"]
    }
  }
}
settings.json
{
  "servers": {
    "code-scalpel": {
      "command": "uvx",
      "args": ["codescalpel", "mcp"],
      "env": {
        "CODE_SCALPEL_LICENSE_PATH": "${workspaceFolder}/.code-scalpel/license/"
      }
    }
  }
}

pip install codescalpel
codescalpel --help

Full installation guide

Tools Overview

Code Scalpel provides 23 MCP tools organized by category:

All Tools Available at All Tiers

Every tool below is available in Community, Pro, and Enterprise tiers. What differs are the limits and capabilities - Pro and Enterprise provide enhanced limits, cross-file analysis, and advanced features.

Analysis & Context

Tool Description
analyze_code Parse code structure (functions, classes, imports)
crawl_project Inventory all files in a project
get_file_context Quick file overview without full read
get_symbol_references Find all usages of a symbol

Code Extraction & Modification

Tool Description
extract_code Surgically extract functions/classes by name
update_symbol Safely replace code with automatic backup
rename_symbol Rename across entire codebase

Security

Tool Description
security_scan Taint-based vulnerability detection
unified_sink_detect Polyglot sink detection
cross_file_security_scan Cross-module taint tracking
scan_dependencies Check for CVEs in dependencies
type_evaporation_scan TypeScript type safety analysis

Graph Analysis

Tool Description
get_call_graph Build function call graphs
get_project_map High-level project structure
get_graph_neighborhood K-hop graph traversal
get_cross_file_dependencies Cross-file import chains

Symbolic Execution

Tool Description
symbolic_execute Z3-based path exploration
generate_unit_tests Auto-generate test cases
simulate_refactor Verify refactors preserve behavior

Policy & Governance

Tool Description
validate_paths Docker-aware path validation
verify_policy_integrity Cryptographic policy verification
code_policy_check Compliance rule checking

Complete tool reference

Supported Languages

Code Scalpel v2.0 provides full parsing support for 7 languages:

Python

JavaScript

TypeScript

Java

JSX / TSX

C / C++ (new in v2.0)

C# (new in v2.0)

Tiers

Code Scalpel offers three tiers to match your needs:

Feature Community Pro Enterprise
All 23 Tools Available
Basic analysis Single file Multi-file (1K) Unlimited
Security scanning 10 paths 100 paths + cross-file Unlimited
Code extraction ✅ Full ✅ Full ✅ Full
Graph analysis 3 depth, 50 nodes 50 depth, 500 nodes Unlimited
Symbolic execution 10 paths, depth 3 100 paths, depth 10 Unlimited
Cross-file analysis Single file* Up to 100 files Unlimited
Custom policies
Governance controls
Price Free Free (Beta) Contact

* Some tools support basic cross-file operations in Community with limits

Compare tiers

Next Steps

  • Quick Start

    Get up and running in 5 minutes with our step-by-step guide.

    Quick start

  • Tutorials

    Learn by doing with hands-on tutorials for all skill levels.

    Tutorials

  • Configuration

    Customize Code Scalpel for your team's workflow.

    Configuration

  • FAQ

    Find answers to common questions.

    FAQ

Ready to give your AI assistant surgical precision?

Get Started View on GitHub