🔱 Argus MCP

December 25, 2025 · View on GitHub

AI-powered code review MCP server with Zero-Trust approach

Argus MCP is a Model Context Protocol (MCP) server that provides rigorous code review through multiple AI models. Named after the all-seeing guardian of Greek mythology, it watches over your code with vigilance.

Works with any MCP-compatible client:

Windsurf IDE
Claude Desktop
Other MCP clients

Multilingual support:

Russian, English, Chinese, and more
Responds in the language of your request

Features

Zero-Trust Code Review - Senior QA Engineer & Security Auditor approach
Multiple AI Models - GLM 4.7, Gemini 3 Flash Preview, MiniMax M2.1
Smart Retry & Fallback - Exponential backoff with automatic model switching
Intelligent Caching - 1-hour TTL cache for faster repeated checks
Language-Aware - Specialized checks for 10+ programming languages
Three Review Modes - Single file, Git diff, Multiple files
Security First - OWASP checks, performance analysis, architecture review

Review Categories

Must Fix - Critical bugs, security flaws, crashes
Should Fix - Logic gaps, risky patterns, poor UX
Suggestions - Code style, optimizations, best practices

Compatibility & Setup

Argus works with any MCP-compatible client.

Windsurf

File: ~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "argus": {
      "command": "/absolute/path/to/argus-mcp/venv/bin/python",
      "args": ["/absolute/path/to/argus-mcp/server_v2.py"]
    }
  }
}

Reload: Cmd+Shift+P → "Reload Window"

Claude Desktop (Mac)

File: ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "argus": {
      "command": "/absolute/path/to/argus-mcp/venv/bin/python",
      "args": ["/absolute/path/to/argus-mcp/server_v2.py"]
    }
  }
}

Reload: Restart Claude Desktop application

Cursor

Setup via UI:

Go to Cursor Settings → Features → MCP
Click + Add New MCP Server
Fill in the fields:
- Name: argus
- Type: stdio
- Command: /absolute/path/to/argus-mcp/venv/bin/python /absolute/path/to/argus-mcp/server_v2.py

Reload: Restart Cursor

Other MCP Clients

Use standard MCP stdio protocol configuration.

Important: Replace /absolute/path/to/argus-mcp with your actual installation path!

Quick Start

1. Installation

git clone https://github.com/lokafinnsw/argus-mcp.git
cd argus-mcp
python3 -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate
pip install -r requirements.txt

2. Configuration

Create .env file:

cp .env.example .env

Edit .env with your API keys:

GLM_API_KEY=your_glm_api_key
OPENROUTER_API_KEY=your_openrouter_api_key
DEFAULT_MODEL=glm-4.7

Get API Keys:

GLM 4.7: https://api.z.ai
OpenRouter: https://openrouter.ai/keys

3. Windsurf Setup

Add to ~/.codeium/windsurf/mcp_config.json:

{
  "mcpServers": {
    "argus": {
      "command": "/path/to/argus-mcp/venv/bin/python",
      "args": ["/path/to/argus-mcp/server_v2.py"],
      "env": {}
    }
  }
}

4. Reload Your MCP Client

Windsurf: Cmd+Shift+P → "Reload Window"

Claude Desktop: Restart the application

Other MCP clients: Follow their reload instructions

How to Use

Quick Start

Simply type natural language commands in your IDE:

Review my code
Check this file
Verify my changes

Argus MCP automatically detects what to review based on your IDE context.

How It Works

You write a command - "Review my code" or "Check this file"
Your IDE sends context - Open files, git changes, file paths
Argus determines mode:
- 1 open file → Single File mode (deep review)
- Git changes detected → Git Diff mode (only changes)
- Multiple modified files → Multiple Files mode (cross-file analysis)
AI analyzes code - Using language-specific checks
You get structured report - Must Fix / Should Fix / Suggestions

Review Modes Explained

Single File Mode

Full context analysis of one file
Deep security, performance, and architecture review
Best for: New features, refactoring

Git Diff Mode

Analyzes only your changes
Faster, uses fewer tokens
Best for: Pre-commit checks, PR reviews

Multiple Files Mode

Cross-file dependency analysis
Checks consistency between files
Best for: Feature spanning multiple files

What Gets Checked

Security (OWASP)

SQL injection, XSS, CSRF vulnerabilities
Insecure API usage, exposed secrets
Authentication/authorization flaws

Logic & Bugs

Edge cases, race conditions
Null pointer exceptions
Incorrect error handling

Performance

N+1 queries, memory leaks
Inefficient algorithms
Unnecessary computations

Architecture

SOLID violations, code smells
Tight coupling, missing abstractions
Inconsistent patterns

Language-Specific

Python: PEP 8, type hints, async/await
JavaScript: ESLint rules, async patterns
TypeScript: Strict types, interfaces
And more for 10+ languages

Output Format

### ❌ Must Fix
- **`auth.py:42`** - SQL injection in user_query
  Fix: Use parameterized queries

### 🟡 Should Fix  
- **`api.py:88`** - N+1 query in loop
  Use select_related() to optimize

### 🟢 Suggestions
- **`utils.py:12`** - Use .capitalize() instead of slicing

Each issue includes:

Exact file path and line number
Clear explanation of the problem
Why it matters
How to fix it (for critical issues)

Available Tools

1. verify_code

Performs comprehensive code review with Zero-Trust mindset.

Commands:

Review my code
Check this file
Verify my changes
Review this code with Gemini
Check code using MiniMax

2. list_models

Shows available AI models and their status.

Usage:

Show available models
What models can I use?

3. set_default_model

Sets default model for the session.

Usage:

Set Gemini as default model
Use MiniMax for all checks

4. cache_stats

Displays cache statistics.

Usage:

Show cache stats
How many results are cached?

Supported Models

Model	Provider	Cost (Input)	Speed	Quality
GLM 4.7	z.ai	$0.40/M ($0.0004/1K)	Fast	Excellent
Gemini 3 Flash Preview	OpenRouter	$0.50/M ($0.0005/1K)	Very Fast	Excellent
MiniMax M2.1	OpenRouter	$0.30/M ($0.0003/1K)	Medium	Good

Language Support

Specialized checks for:

Python (PEP 8, type hints, async/await)
JavaScript (ESLint, async patterns, null safety)
TypeScript (strict types, interfaces, generics)
Vue.js (Composition API, reactivity, props)
React (Hooks, props typing, event handlers)
Go (error handling, goroutines, defer)
Rust (ownership, borrowing, lifetimes)
Java (SOLID, exceptions, streams)
PHP (PSR standards, type declarations)

Architecture

argus-mcp/
├── config.py          # Configuration & API keys
├── validators.py      # Input validation (200KB limit)
├── models.py          # Model providers with retry/fallback
├── prompts.py         # Language-aware prompts
├── cache.py           # Result caching (1h TTL)
├── server_v2.py       # Main MCP server
├── .env               # API keys (gitignored)
├── .env.example       # Template
└── requirements.txt   # Dependencies

Security Features

✅ API keys in .env (not in code)
✅ Input validation (200KB code limit)
✅ Path sanitization
✅ .gitignore protection
✅ OWASP security checks

Testing

# Test all modes
python test_v2.py

# Test specific model
python test_gemini.py

# Test set_default_model
python test_set_model.py

Performance

Metric	Value
Response time (cached)	~50ms
Response time (API)	2-5 sec
Success rate (with retry)	99.9%
Token savings (language hints)	30-50%

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Fork the repository
Create your feature branch (git checkout -b feature/AmazingFeature)
Commit your changes (git commit -m 'Add some AmazingFeature')
Push to the branch (git push origin feature/AmazingFeature)
Open a Pull Request

License

This project is licensed under the MIT License - see the LICENSE file for details.

Credits

GLM 4.7 by Z.AI
Gemini 3 Flash Preview by Google (via OpenRouter)
MiniMax M2.1 by MiniMax (via OpenRouter)
MCP Protocol by Anthropic

Support

Made with ❤️ for better code quality

Version: 2.0.0
Last Updated: December 2025