Axivion MISRA C:2012 Compliance Agent — MCP Server
An MCP (Model Context Protocol) server that turns GitHub Copilot into a MISRA C:2012 compliance assistant. It loads Axivion static-analysis reports, performs cross-file AST analysis using tree-sitter, explains violations with full rule rationale, and proposes concrete, confidence-scored fixes — all within your editor.
Disclaimer: The MISRA rule knowledge in this tool is derived from publicly available summaries and documentation. It is not a substitute for the official MISRA C:2012 standard. For authoritative rule text, consult your licensed copy.
Features
| Capability | Description |
|---|---|
| Preprocessor Support | Handles macro expansion and conditional compilation (#ifdef) before analysis, ensuring accurate symbol resolution and dead code elimination |
| Report parsing | Auto-detects multiple Axivion JSON formats (issues, findings, warnings, results, bare arrays) |
| Cross-file AST analysis | tree-sitter-powered workspace indexing: include graph, symbol table, call graph, typedef registry |
| Rule knowledge base | 29 MISRA C:2012 rules (2.x, 8.x, 10.x) with rationale, compliant/non-compliant examples, and fix strategies |
| AST-informed fix engine | Structural analysis (parameter usage, pointer writes, scope, reachability) for precise fixes |
| Confidence scoring | Each fix suggestion is rated HIGH / MEDIUM / LOW based on AST evidence depth |
| Cross-file impact | Side-effect warnings showing which files and callers are affected by a change |
| Windows compatible | POSIX-normalised path handling with case-insensitive matching for Windows filesystems |
Architecture
┌──────────────────────────────────────────────────────┐
│ GitHub Copilot │
│ (MCP Client / LLM Host) │
└──────────────┬───────────────────────────────────────┘
│ stdio (JSON-RPC)
┌──────────────▼───────────────────────────────────────┐
│ fastmcp_server.py (6 tools) │
│ ┌──────────┐ ┌──────────┐ ┌──────────────────────┐ │
│ │load_report│ │list_viols│ │ analyze_violation │ │
│ └──────────┘ └──────────┘ └──────────────────────┘ │
│ ┌────────────┐ ┌────────────┐ ┌──────────────────┐ │
│ │explain_rule│ │propose_fix │ │cross_file_impact │ │
│ └────────────┘ └────────────┘ └──────────────────┘ │
├──────────────────────────────────────────────────────┤
│ core/ │
│ ├── axivion_parser.py JSON → violations │
│ ├── context_provider.py code context retrieval │
│ ├── c_analyzer.py tree-sitter AST analysis │
│ ├── workspace_index.py cross-file index engine │
│ ├── misra_knowledge_base.py 29 rules with examples │
│ └── fix_engine.py AST-informed fixes │
└──────────────────────────────────────────────────────┘
Cross-File Analysis Pipeline
When load_report is called, the server builds a WorkspaceIndex that scans all .c and .h files:
workspace_root/
├── *.c, *.h files
│
▼
┌─────────────┐ ┌─────────────┐ ┌───────────┐ ┌──────────────┐
│IncludeGraph │ │SymbolTable │ │ CallGraph │ │TypeRegistry │
│ │ │ │ │ │ │ │
│#include │ │declarations │ │caller → │ │typedef chain │
│resolution + │ │definitions │ │callee │ │resolution │
│transitive │ │linkage info │ │mapping │ │ │
│closure │ │per file │ │ │ │ │
└─────────────┘ └─────────────┘ └───────────┘ └──────────────┘
This enables 15+ MISRA rules that require cross-translation-unit context (8.3, 8.4, 8.5, 8.6, 8.8, 8.13, etc.).
Prerequisites
- Python 3.10+ (required by the
mcpSDK) - VS Code with GitHub Copilot extension
- An Axivion JSON report (or use the included mock reports for testing)
Setup
# 1. Clone
git clone https://github.com/varunjain-byte/MISRA-MCP.git
cd MISRA-MCP
# 2. Create virtual environment
python3.10 -m venv venv
source venv/bin/activate # macOS / Linux
# venv\Scripts\activate # Windows
# 3. Install dependencies
pip install -r requirements.txt
VS Code Configuration
Add the following to your VS Code settings.json (User or Workspace):
{
"mcpServers": {
"axivion-misra": {
"command": "/absolute/path/to/venv/bin/python",
"args": [
"/absolute/path/to/fastmcp_server.py"
],
"env": {}
}
}
}
Windows: use
venv\\Scripts\\python.exefor the command path.
MCP Tools
1. load_report
Loads an Axivion JSON report, normalises file paths against the workspace, and builds the cross-file index.
load_report(report_path="/path/to/report.json", workspace_root="/path/to/source")
→ "Successfully loaded report. Found 55 violations.
Workspace indexed: 12 .c files, 8 .h files, 94 symbols, 37 call sites."
2. list_violations
Lists all violations in a specific file, with rule titles.
list_violations(file_path="src/module.c")
→ **15 violations in src/module.c:**
- [MisraC2012-8.10] Line 92 (medium): Inline without static
*Inline function shall be declared static*
...
3. analyze_violation
Deep analysis: code context + AST findings + rule explanation + fix suggestion in one call.
analyze_violation(rule_id="MisraC2012-8.10", file_path="src/module.c")
→ Violation Analysis table
+ 30-line code snippet
+ Full rule explanation (rationale, examples)
+ AST-informed fix suggestion with confidence score
+ Cross-file impact warnings
4. explain_rule
Full MISRA rule reference: title, category, rationale, compliant/non-compliant examples, and fix strategy.
explain_rule(rule_id="MisraC2012-10.3")
→ ## MisraC2012-10.3 — Assignment to narrower or different essential type
**Category**: Required
### Rationale ...
### Non-Compliant Example ...
### Compliant Example ...
### How to Fix ...
5. propose_fix
AST-informed fix with structural evidence, before/after code, and side-effect warnings.
propose_fix(rule_id="MisraC2012-8.10", file_path="src/module.c", line_number=92)
→ ### Fix Suggestion — MisraC2012-8.10
**Confidence**: HIGH
#### Before: inline int square(int x) { ... }
#### After: static inline int square(int x) { ... }
#### ⚠ Potential Side Effects: ...
6. cross_file_impact
Shows which files are affected by changing a symbol — declarations, definitions, and callers across the project.
cross_file_impact(symbol_name="compute_sum")
→ ### Cross-File Impact: compute_sum
**Declarations**: utils.h:5
**Definitions**: utils.c:12
**Callers**: main.c:25, test_runner.c:40
**Files affected**: 4
Supported Axivion JSON Formats
The parser auto-detects these structures:
// Format 1: {"issues": [...]}
{"issues": [{"ruleId": "...", "location": {"path": "...", "startLine": 10}, ...}]}
// Format 2: {"findings": [...]}
{"findings": [{"rule": "...", "file": "...", "line": 10, ...}]}
// Format 3: Top-level array
[{"ruleId": "...", "location": {"path": "...", "startLine": 10}, ...}]
Each issue can use various key names — the parser normalises them:
- Rule ID:
ruleId,rule_id,rule,checkId - File path:
location.path,location.file,file,path - Line number:
location.startLine,location.line,line,startLine - Severity:
severity,priority,level
MISRA Rules Covered
Rule 2.x — Unused Code (7 rules)
2.1 Unreachable code · 2.2 Dead code · 2.3 Unused type · 2.4 Unused tag · 2.5 Unused macro · 2.6 Unused label · 2.7 Unused parameter
Rule 8.x — Declarations & Definitions (14 rules)
8.1 Explicit types · 8.2 Prototype form · 8.3 Consistent declarations · 8.4 Compatible declaration · 8.5 Single extern · 8.6 One external definition · 8.7 No block-scope extern · 8.8 Static for internal · 8.9 Block scope if single use · 8.10 Static inline · 8.11 Extern array size · 8.12 Unique enum values · 8.13 Pointer to const · 8.14 No restrict
Rule 10.x — Essential Type Model (8 rules)
10.1 Appropriate operand type · 10.2 Character arithmetic · 10.3 Narrowing assignment · 10.4 Same type category · 10.5 Appropriate cast type · 10.6 Composite to wider · 10.7 Composite operand width · 10.8 Composite cast category
Known Limitations
Preprocessor
| Limitation | Detail |
|---|---|
| Macro debugging | Violations found within a macro expansion are mapped back to the macro usage site. Complex multi-line macros may require manual inspection of the expanded code functionality. |
| Partial Config | The preprocessor uses a default configuration. Project-specific defines must be inferred or passed via include_dirs. |
Cross-File Analysis
| Limitation | Detail |
|---|---|
| No linker-level analysis | The symbol table is built from AST parsing, not from object files. Symbols introduced by the linker or via weak symbols are not visible. |
| Include path resolution | Only #include "..." (relative to current file) and workspace-root includes are resolved. System headers (<stdio.h>) and external library headers are skipped. Custom include paths can be passed via include_dirs parameter. |
| Typedef depth | Typedef chains are resolved iteratively up to a reasonable depth, but deeply nested or recursive typedefs through macros may not fully resolve. |
| Call graph scope | Call sites are identified syntactically (function call expressions in AST). Indirect calls via function pointers are not tracked. |
Parser & Language Support
| Limitation | Detail |
|---|---|
| C only | Supports C89/C99/C11 syntax via tree-sitter-c. C++ features (templates, namespaces, overloading) are not supported. |
| tree-sitter edge cases | Very unusual C constructs (K&R function definitions, computed goto, GCC statement expressions) may not parse identically to a full compiler. |
| Binary files | Files containing null bytes in the first 8 KB are skipped as binary. |
| Large files | Context provider caps file reads at 100,000 lines. |
Fix Engine
| Limitation | Detail |
|---|---|
| Guidance, not auto-fix | The engine provides fix suggestions and structural evidence; it does not automatically modify source files. The LLM (Copilot) generates the actual code change. |
| Rule coverage | Detailed AST-informed analysis is implemented for rules 2.1, 2.7, 8.3–8.14, 10.3. Other rules in the knowledge base use text-based heuristics. |
| No build integration | The tool does not compile the code or invoke a build system. It cannot verify that a proposed fix compiles cleanly. |
Platform
| Limitation | Detail |
|---|---|
| Path normalisation | All internal paths are normalised to POSIX forward slashes. Edge cases with UNC paths (\\\\server\\share) or very long Windows paths (>260 chars) are untested. |
| Encoding | Source files are read as UTF-8 with errors="replace". Non-UTF-8 files will have garbled characters but will not crash. |
Running Tests
source venv/bin/activate
# Unit + integration tests
python -m unittest discover tests -v
# Legacy logic tests
python tests/test_logic.py
The test suite validates:
- Axivion parser loads 55 violations across 29 rules
- Knowledge base has complete entries for all 29 rules
- Fix engine produces suggestions for every violation
- Cross-file analysis (46 tests): workspace indexing, include graph, symbol table, call graph, type registry, and rule-specific checks (8.3, 8.4, 8.5, 8.6, 8.8, 8.13)
Project Structure
MISRA-MCP/
├── fastmcp_server.py # MCP server entry point (6 tools)
├── requirements.txt # Python dependencies
├── README.md
├── LICENSE # MIT
├── .gitignore
├── core/
│ ├── __init__.py
│ ├── axivion_parser.py # Multi-format JSON parser + path normalisation
│ ├── context_provider.py # Code context + function extraction
│ ├── c_analyzer.py # tree-sitter AST analysis (single-file)
│ ├── workspace_index.py # Cross-file index (IncludeGraph, SymbolTable,
│ │ # CallGraph, TypeRegistry)
│ ├── misra_knowledge_base.py # 29 MISRA rules with examples
│ └── fix_engine.py # AST-informed fix suggestions
└── tests/
├── __init__.py
├── test_logic.py # Unit + integration tests
├── test_cross_file.py # Cross-file analysis tests (46 tests)
├── mock_report.json # 55-violation sample report
├── mock_code.c # Basic C mock
├── mock_code_rule2x.c # Rule 2.x edge cases
├── mock_code_rule8x.c # Rule 8.x edge cases
├── mock_code_rule10x.c # Rule 10.x edge cases
└── mock_project/ # Multi-file mock for cross-file tests
├── config.h
├── utils.h
├── utils.c
├── main.c
└── other.c
License
MIT — see LICENSE.