docsgrep
docsgrep is a developer tool MCP server providing 26 tools for documentation search, code quality auditing, security scanning, bug detection, and architectural analysis on local and remote codebases.
Discovery & Setup
Initialize workspaces, detect technology stacks, identify coding conventions, discover documentation files, and clone remote repositories (with auth support)
Content & Search
Read files, perform regex and semantic/natural-language searches across docs, summarize documentation, and find related content by topic
Auditing & Quality
Run enterprise-grade code quality audits (scoring, code smells, recommendations), security scans (OWASP Top 10, secrets/credentials, PII, dependency vulnerabilities), and bug detection (race conditions, memory leaks, logic flaws, performance issues)
Use interactive prompts (
lint_interactive,security_interactive) to guide linting and scanning workflows
Architecture
Detect architectural patterns (MVC, Repository, etc.) and identify refactoring candidates
Documentation Maintenance & Sync
Check for stale docs, measure docblock coverage (JS, TS, Python, Go, Rust, PHP, etc.), auto-generate/update doc stubs, verify documented methods match actual code, compare doc claims against implementation, and prioritize updates based on git history
Context & Help
Surface relevant documentation based on the file currently being worked on, access comprehensive help with examples, and clear cached repositories
It is accessible via CLI or as an MCP server for AI-assisted workflows, and supports custom plugins to extend functionality.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@docsgrepsearch docs for 'rate limiting' with context"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
docsgrep
docsgrep is a developer tool for documentation search, code quality auditing, security scanning, and bug detection. Run it from the command line during development, or integrate it as an MCP server for AI-assisted coding workflows.
Table of Contents
Related MCP server: Axon.MCP.Server
Features
Documentation Intelligence -- Semantic search, summarization, and topic-based discovery across your docs.
Code Quality Auditing -- Enterprise-grade audits with code smell detection, convention analysis, and quality scoring.
Security Scanning -- OWASP Top 10 coverage, secret/credential detection, PII scanning, and dependency vulnerability auditing.
Bug Detection -- Runtime error detection, race condition analysis, memory leak identification, and performance issue discovery.
Architectural Analysis -- Pattern detection (MVC, Repository, etc.), dependency mapping, and refactoring candidate identification.
Documentation Integrity -- Staleness detection, coverage measurement, doc-vs-code delta analysis, and automated sync.
Remote Repository Support -- Clone and analyze remote repositories with smart caching and authentication (HTTPS, SSH).
Plugin System -- Extend docsgrep with community or custom plugins via
docsgrep-plugin-*packages.
Quick Start
# Run without installing
npx docsgrep run analyze_code
# Or install globally
npm install -g docsgrep
docsgrep run audit_security --format jsonRun show_help for a full list of available tools:
npx docsgrep run show_helpInstallation
Global install
npm install -g docsgrepLocal install (per-project)
npm install --save-dev docsgrepRun without installing
npx docsgrep run <tool_name> [--param value]Requirements
Node.js >= 18
pnpm (recommended), npm, or yarn
CLI Usage
docsgrep run <tool_name> [--param value ...] [--format text|json]Arguments
Flag | Description |
| Plain text output (default) |
| Pretty-printed JSON output |
| Target directory (defaults to cwd) |
| Search pattern for |
| Number of results for |
| Staleness threshold in days |
Comma-separated values | Automatically parsed as arrays (e.g., |
Examples
# Code quality audit on the current directory
npx docsgrep run analyze_code
# Security scan with JSON output
npx docsgrep run audit_security --format json
# Regex search in documentation
npx docsgrep run search_docs --pattern "authentication" --contextLines 2
# Detect bugs and potential runtime errors
npx docsgrep run catch_bugs --dirPath ./src
# Semantic search for documentation
npx docsgrep run semantic_search --query "how to handle errors" --topK 5
# Find docs related to a topic
npx docsgrep run find_related --topic "database migration"
# Measure documentation coverage
npx docsgrep run measure_coverage --publicOnly true
# Detect project technology stack
npx docsgrep run detect_stack
# Check for stale documentation
npx docsgrep run check_stale --maxAgeDays 30
# Clone and analyze a remote repo
npx docsgrep run clone_repo --repoUrl https://github.com/user/reponpm Script Shortcuts
When docsgrep is installed locally, these shortcuts are available:
Script | Runs |
|
|
|
|
|
|
|
|
|
|
MCP Server
docsgrep functions as a Model Context Protocol (MCP) server, giving AI agents and MCP-compatible IDEs access to all 25 tools.
Claude Desktop / Cursor / VS Code
{
"mcpServers": {
"docsgrep": {
"command": "npx",
"args": ["-y", "docsgrep"]
}
}
}OpenCode
Already configured via opencode.json in this repository:
{
"mcp": {
"docsgrep": {
"type": "local",
"command": ["npx", "tsx", "src/index"]
}
}
}Local Development (from source)
{
"mcpServers": {
"docsgrep": {
"command": "npx",
"args": ["tsx", "src/index"]
}
}
}How It Works
On startup, docsgrep initializes the tool registry and discovers any installed plugins.
When an MCP client connects, it lists all available tools (core + plugin tools).
When a tool is called, docsgrep validates inputs, executes the handler, and returns a structured
McpToolResponse.The server communicates over stdio transport.
Tools
docsgrep ships with 25 tools organized into five categories.
Discovery & Setup
Tool | Description | Key Arguments |
| Initialize a docsgrep workspace (.docsgrep/) and update .gitignore |
|
| Identify project technology stack from package manager files |
|
| Detect coding conventions and implicit patterns from codebase samples |
|
| Discover README files and documentation folders |
|
| Clone a remote git repository with caching and auth support |
|
Content & Search
Tool | Description | Key Arguments |
| Read a documentation file with binary detection |
|
| Regex search with relevance ranking and context lines |
|
| Natural language search across documentation |
|
| Automatic summarization of a documentation file |
|
Auditing & Quality
Tool | Description | Key Arguments |
| Full code quality audit with scoring and recommendations |
|
| OWASP Top 10, secret scanning, PII analysis, dependency audit |
|
| Detect runtime errors, race conditions, memory leaks, logic flaws |
|
| Interactive prompt showing detected stack and linting options |
|
| Interactive prompt showing scan options before execution |
|
Maintenance & Sync
Tool | Description | Key Arguments |
| Identify documentation not updated in N days or out of sync with code |
|
| Measure docblock coverage across source code (language-agnostic) |
|
| Generate or update documentation stubs from code changes |
|
| Verify documented methods/params match actual implementation |
|
| Compare documentation claims against code reality |
|
| Prioritize documentation updates from git diff history |
|
Context & Help
Tool | Description | Key Arguments |
| Proactively provide relevant docs based on current file context |
|
| In-app help for all tools with examples and pro tips |
|
| Clean cached repositories older than N days |
|
Plugin System
docsgrep supports plugins that add custom tools to the CLI and MCP server.
Installing Plugins
Plugins are discovered automatically from node_modules:
# Install a plugin
npm install docsgrep-plugin-laravel
# It's now available as a tool
npx docsgrep run laravel_check_relationsPlugin Naming Convention
docsgrep-plugin-<name>-- auto-discovered@docsgrep/plugin-<name>-- auto-discoveredAny path/package listed in
docsgrep.config.json-- explicit
Writing a Plugin
A plugin is an ESM module that default-exports a DocsgrepPlugin object:
import type { DocsgrepPlugin } from "docsgrep";
const plugin: DocsgrepPlugin = {
name: "my-plugin",
version: "1.0.0",
tools: {
definitions: [
{
name: "my_custom_tool",
description: "Does something custom",
inputSchema: {
type: "object",
properties: {
dirPath: { type: "string", description: "Target directory" },
},
required: ["dirPath"],
},
},
],
handlers: {
my_custom_tool: async (args) => {
return {
content: [{ type: "text", text: JSON.stringify({ result: "done" }) }],
};
},
},
},
onLoad: async () => {
console.log("My plugin loaded!");
},
};
export default plugin;See docs/PLUGIN_GUIDE.md for the full guide.
Developer Guide
Prerequisites
pnpm >= 9.0
Node.js >= 18
Setup
git clone https://github.com/reasvyn/docsgrep.git
cd docsgrep
pnpm installCommon Commands
Command | Description |
| Compile TypeScript to |
| Run from source via |
| Run all Vitest tests |
| Run tests with V8 coverage report |
| Run |
| Run |
| Run |
| Run |
| Run |
Note: The
lint,audit,bugs,docs:check, anddocs:stalescripts run docsgrep on its own source code. They requirepnpm buildfirst.
Running a Single Test
pnpm vitest run tests/unit/tools/documentation.test.tsProject Structure
docsgrep/
├── src/
│ ├── index.ts # Entry point (MCP server + plugin discovery)
│ ├── cli.ts # CLI argument parsing and display
│ ├── core-tools.ts # Class-based tools (AnalyzeCodeTool, etc.)
│ ├── tools/ # Tool handlers (one module per logical group)
│ │ ├── base.ts # BaseTool<T> abstract class
│ │ ├── registry.ts # Tool registry (name → handler mapping)
│ │ ├── doc-find.ts # find_docs
│ │ ├── doc-search.ts # search_docs, semantic_search, find_related
│ │ ├── doc-inspect.ts # read_file, summarize_doc, check_stale, get_context
│ │ ├── doc-coverage.ts # measure_coverage
│ │ ├── doc-verify.ts # verify_docs, check_delta
│ │ ├── doc-sync.ts # sync_documentation, check_artefacts
│ │ ├── help.ts # show_help
│ │ ├── repo-analysis.ts # detect_stack, check_style
│ │ ├── repo.ts # clone_repo
│ │ ├── workspace.ts # init_workspace, clear_cache
│ │ ├── archetypes.ts # detect_patterns
│ │ └── audit-ask.ts # lint_interactive, security_interactive
│ ├── utils/ # Shared utilities
│ │ ├── file.ts # FileScanner, getIgnorePatterns
│ │ ├── git.ts # Git operations + repo cache
│ │ ├── validation.ts # Input validation
│ │ ├── semaphore.ts # Concurrency limiter
│ │ ├── logger.ts # Dual output: stderr + file logs
│ │ ├── workspace.ts # .docsgrep/ path resolution
│ │ ├── cache.ts # TTL-based file cache
│ │ ├── plugin-manager.ts
│ │ └── app-info.ts # AppInfo (version, name from package.json)
│ ├── types/ # TypeScript interfaces
│ │ ├── tools.ts # McpToolResponse + all tool arg interfaces
│ │ └── plugins.ts # DocsgrepPlugin interface
│ └── config/ # JSON configuration
│ ├── tools.json # MCP tool definitions (JSON Schema)
│ ├── patterns.json
│ └── *.json # Per-language configs (js, py, go, rs, etc.)
├── tests/
│ ├── unit/ # Unit tests (vi.mock for IO)
│ └── integration/ # E2E tests (StdioClientTransport)
├── docs/
│ ├── overview.md # Project overview
│ ├── architecture.md # System design
│ ├── requirements.md # Runtime prerequisites
│ ├── conventions.md # Coding standards
│ ├── index.md # Documentation index
│ ├── README.md # Tool documentation index
│ ├── PLUGIN_GUIDE.md # Plugin authoring guide
│ └── tools/ # Per-tool documentation (*.md)
├── plugins/ # Local plugin directory
├── scripts/ # Build/publish scripts
├── .agents/ # OpenCode agent skills
├── package.json
├── tsconfig.json
├── vitest.config.ts
├── AGENTS.md # AI agent instructions
└── opencode.json # OpenCode MCP configArchitecture Notes
ESM-only: all local imports must include the
.jsextension.BaseTool pattern: tool handlers extend
BaseTool<T>for concurrency control, logging, credential masking, and error wrapping.ToolRegistry: static class mapping tool names to handler functions. Falls back to
PluginManagerfor plugin tools.Input validation: every handler validates
dirPathwithvalidateDirPathand string params withvalidateStringParam.FileScanner: all filesystem scanning goes through
FileScanner.findFiles()which respects.gitignore,includePath, andexcludePath.Concurrency: a
Semaphore(5)limits parallel operations viaoperationLimiterinBaseTool.App metadata: always use
AppInfofromutils/app-info.ts-- never hardcode version or name.
Security
Path traversal prevention: all file operations resolve against strict base paths.
Credential masking:
BaseToolautomatically redactsauthTokenfields in logs. New sensitive params must be added tomaskSensitive.No secret leakage: credentials are detected but never logged or included in responses.
Concurrency protection: built-in semaphore prevents system saturation from parallel tool execution.
Binary detection: binary files are automatically detected and skipped during scanning.
Contributing
See CONTRIBUTING.md for setup instructions, coding conventions, and PR expectations.
Quick Reference
pnpm install-- install dependenciesCreate a feature branch
Write code + tests
pnpm build && pnpm test-- verifyOpen a PR with a clear description of intent and impact
License
MIT -- Copyright (c) 2026 Reasvyn
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Appeared in Searches
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/reasvyn/docsgrep'
If you have feedback or need assistance with the MCP directory API, please join our Discord server