Change Risk Assessor MCP Server
Assesses code change risk with ultra-low token budget (50-100 tokens) and provides structured risk metadata for AI agents in IDEs.
README
Change Risk Assessor MCP Server
Autonomous Model Context Protocol server for code change risk assessment with ultra-low token budget (50-100 tokens).
Installation
Global Install
npm install -g mcp-change-risk-assessor
Using npx (No Install)
npx mcp-change-risk-assessor
Purpose
Provides a single MCP tool (assess_change_risk) that evaluates code changes and returns structured risk metadata for consumption by AI agents in IDEs.
Key Features:
- ✅ No API keys required
- ✅ Works offline
- ✅ Ultra-low token budget (50-100 tokens)
- ✅ 8-word reasoning limit
- ✅ 10-word advice limit
- ✅ Classification-based (not prose-based)
Usage
MCP Client Configuration
Add to your MCP client configuration (e.g., Claude Desktop, Cursor, Cline):
Using npx (recommended):
{
"mcpServers": {
"change-risk-assessor": {
"command": "npx",
"args": ["-y", "mcp-change-risk-assessor"]
}
}
}
If installed globally:
{
"mcpServers": {
"change-risk-assessor": {
"command": "mcp-change-risk-assessor"
}
}
}
Tool Interface
Tool Name: assess_change_risk
Input Schema:
{
"diff": "string (optional)",
"files_changed": ["array of strings (optional)"],
"language": "string (optional)",
"context_hint": "string (optional)"
}
Output Schema:
{
"risk_level": "low | medium | high",
"risk_types": ["data_loss", "auth", "perf", "breaking_change", "infra", "unknown"],
"confidence": 0.0,
"reasoning": "max 8 words, fragments only",
"agent_advice": "max 10 words, imperative"
}
Reasoning Examples:
"auth logic changed, rollback unclear""schema mutation, irreversible""refactor only, no behavior delta"
Advice Examples:
"run full test suite before deploy""verify rollback plan exists""standard review, check build"
Architecture
This MCP server acts as a pure tool definition that relies entirely on the host IDE's built-in LLM (Claude Code, Cursor, etc.) to perform risk analysis.
Ultra-Low Token Budget
Token Target: 50-100 tokens per invocation
Reasoning Limit: 8 words maximum
Advice Limit: 10 words maximum
The server enforces strict word limits to minimize token usage while preserving classification accuracy.
Responsibility Split
The MCP Server:
- Defines the tool name and classification framework
- Enforces strict word limits (8 words reasoning, 10 words advice)
- Validates and normalizes output schema
- Truncates overlong responses
The Host IDE's LLM:
- Reads the tool description
- Classifies risk immediately (single-pass, no chain-of-thought)
- Returns fragmented reasoning (no full sentences)
- Provides imperative advice (no explanations)
No External Dependencies
✅ No API keys required
✅ No external LLM calls
✅ No network requests
✅ No configuration needed
✅ Works offline
Classification Approach
Classification over explanation:
- Immediate risk judgment (HIGH/MEDIUM/LOW)
- Fragmented reasoning only (≤8 words)
- Bounded vocabulary (no file descriptions, no diff repetition)
- Single-pass judgment (no step-by-step reasoning)
Risk Classification
High Risk
- Irreversible data changes
- Auth/security logic modifications
- Infrastructure changes
- Breaking external contracts
Medium Risk
- Behavior changes with unclear test coverage
- Configuration or dependency updates
- Performance-sensitive logic modifications
Low Risk
- Comments only
- Formatting changes
- Renames without behavior change
- Test-only changes
- Refactors with no semantic delta
How It Works
// 1. IDE detects code change and calls the MCP tool
{
"diff": "- const user = getUser()\n+ const user = await getUser()",
"files_changed": ["src/auth/login.js"],
"context_hint": "pre-commit"
}
// 2. Host IDE's LLM reads the tool description and analyzes the change
// (The MCP server does NOT perform this analysis)
// 3. Host IDE's LLM generates assessment following the schema
// 4. MCP server validates and normalizes the output
{
"risk_level": "medium",
"risk_types": ["auth"],
"confidence": 0.65,
"reasoning": "auth logic changed, async pattern",
"agent_advice": "verify test coverage, check integration impacts"
}
Design Philosophy
- Pure MCP tool definition
- No external LLM calls or API keys
- Analysis performed by host IDE's LLM
- Schema validation and normalization only
- No data persistence or state
- Deterministic output schema
- Machine-readable output only
- Autonomous operation in IDE context
- Works offline
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.