Skip to main content

Features Overview

Bob the Fixer is an intelligent MCP (Model Context Protocol) server that brings enterprise-grade code quality analysis to AI assistants.

Core Capabilities

Automated Code Analysis

Bob the Fixer integrates with SonarQube to provide comprehensive code analysis:

Analysis TypeWhat It Detects
BugsLogic errors, null pointer issues, resource leaks
VulnerabilitiesSQL injection, XSS, insecure configurations
Code SmellsComplex code, duplications, maintainability issues
Security HotspotsCode requiring security review

AI-Assisted Fixing

Through the MCP protocol, AI assistants can:

  1. Scan projects automatically with a single command
  2. Analyze issues with full context and rule explanations
  3. Fix problems using the AI's code editing capabilities
  4. Verify fixes by re-scanning the project

20 MCP Tools

Bob the Fixer exposes 20 specialized tools organized by function:

CategoryToolsPurpose
Scanning2Project scanning and auto-setup
Analysis4Issue details, patterns, security hotspots
Metrics4Quality gate, technical debt, coverage
Duplication2Code duplication analysis
Reporting1Comprehensive quality reports
Management7Project configuration and maintenance

Key Features

Intelligent Project Discovery

Automatically detects:

  • Languages: JavaScript, TypeScript, Java, Python, Go, Rust, C#
  • Frameworks: React, Vue, Angular, Next.js, Express, Spring Boot
  • Build Tools: npm, Maven, Gradle, pip, Poetry, Cargo
  • Package Managers: npm, yarn, pnpm, pip, pipenv

Learn more: Project Discovery

Quality Gate Management

Three pre-configured quality gate templates:

TemplateUse CaseCoverage Threshold
StrictProduction code80%+
BalancedMost projects60%+
PermissiveLegacy codebasesNo minimum

Learn more: Quality Gates

Deep SonarQube Integration

Full integration with SonarQube APIs:

  • Issue tracking and management
  • Rule information with code examples
  • Technical debt calculation
  • Coverage gap analysis
  • Security hotspot review

Learn more: SonarQube Integration

Multi-AI Support

Works with multiple AI assistants:

CLI ToolMCP SupportStatus
Claude CodeNative CLIFully Supported
GitHub Copilot CLINative CLIFully Supported
Gemini CLINative CLIFully Supported
OpenAI Codex CLINative CLIFully Supported

Learn more: AI-Assisted Fixing

Architecture

┌─────────────────────────────────────────────────────────┐
│                    AI Assistant                         │
│            (Claude, Copilot, Gemini, OpenAI)           │
└────────────────────────┬────────────────────────────────┘
                         │ MCP Protocol

┌─────────────────────────────────────────────────────────┐
│              Bob the Fixer MCP Server                   │
│  ┌─────────────────────────────────────────────────┐   │
│  │              Tool Router (20 tools)              │   │
│  └─────────────────────────────────────────────────┘   │
│  ┌──────────────┐ ┌──────────────┐ ┌──────────────┐   │
│  │   Scanning   │ │   Analysis   │ │  Reporting   │   │
│  │  Orchestrator│ │   Services   │ │  Generator   │   │
│  └──────────────┘ └──────────────┘ └──────────────┘   │
│  ┌─────────────────────────────────────────────────┐   │
│  │            Project Manager / Config              │   │
│  └─────────────────────────────────────────────────┘   │
└────────────────────────┬────────────────────────────────┘
                         │ HTTP/REST

┌─────────────────────────────────────────────────────────┐
│                  SonarQube Server                       │
│              (Containerized with PostgreSQL)            │
└─────────────────────────────────────────────────────────┘

Workflow Example

Security Features

  • Rate Limiting: 60 requests/minute per client
  • Input Sanitization: Path traversal and injection prevention
  • Token Encryption: AES-256 encryption for stored tokens
  • Secure Defaults: HTTPS, no anonymous access

Performance

MetricValue
Scan timeout300 seconds
Health check interval30 seconds
Rate limit60 req/min
Supported file sizeNo hard limit

Next Steps