Codacy
Codacy is an automated code review tool that helps developers monitor code quality, track technical debt, and enforce coding standards across multiple programming languages.
Verdict
Common use cases
- Audit code coverage before sprint kickoff
- List instrumented repos across GitHub and GitLab
- Confirm project health during roadmap planning
- Enumerate team organizations for access review
- Rotate API tokens after security incidents
Integration
- Vendor
- Codacy
- Category
- developer-tools
- Auth
- API_KEY
- Tools
- 6
- Composio slug
codacy
Tools
- Create API Token
Tool to create a new api token for the authenticated user's account. use after authenticating when you need to generate a fresh token for integrations.
- Delete API Tokendestructive
Tool to delete a specific api token from the authenticated user's account. use after confirming the token id.
- Get Account Details
Tool to retrieve details of the authenticated user's account. use when confirming authentication before user-level operations.
- Get Organization Repositories
Tool to list all repositories under a specific organization and provider. use when you need to enumerate organization-scoped repositories.
- Get User Organizations
Tool to list all organizations the authenticated user belongs to. use after authenticating and need to discover accessible organizations.
- List Projects
Tool to list all projects accessible to the authenticated user. use when you need a list of repositories after confirming api token validity.
Setup
Setup guide
- 11. In Switchy, open your workspace settings and navigate to the Integrations tab. 2. Click 'Add MCP Integration' and select Codacy from the developer tools category. 3. Log into your Codacy account at app.codacy.com and go to Account Settings > Access Tokens. 4. Generate a new API token with 'read:organizations' and 'read:projects' scopes, then copy it. 5. Paste the token into Switchy's configuration modal and click 'Connect'. 6. Switchy will verify the token by fetching your account details. 7. Open any Space, type '@Codacy list my projects', and confirm you see your repositories. 8. If the connection fails, check the token hasn't expired and that your Codacy plan allows API access. 9. To test organization-level queries, try '@Codacy get repositories for [org-name] on GitHub' using an org you belong to.
What teammates see: by default, memories from Codacy are scoped to the Space (PROJECT visibility) - you can mark any memory PRIVATE or share it ORG-wide.
Works well with
Top models
Compatibility data appears once enough Spaces have used this MCP together with a given model.
How Switchy teams use it
Starter prompts
List All Projects
@Codacy list all projects I have access to, grouped by organization if possible.Open in a Space →
Check Account Details
@Codacy get my account details and confirm which organizations I'm a member of.Open in a Space →
Enumerate Org Repos
@Codacy get all repositories for the 'acme-corp' organization on GitHub.Open in a Space →
Discover Organizations
@Codacy list all organizations I'm part of and tell me how many projects each one has.Open in a Space →
Rotate API Token
@Codacy create a new API token named 'switchy-integration-2025', then list my existing tokens so I can delete the old one.Open in a Space →
Example outputs
Illustrative - representative of the model's voice and quality, not literal recordings.
@codacy show me all repositories in our main organization and highlight any with critical code quality issues
Found 12 repositories under your organization. Three have critical issues flagged: `api-gateway` (8 critical security vulnerabilities in dependencies), `payment-service` (4 code complexity hotspots above threshold), and `user-auth` (2 unaddressed SQL injection risks). The remaining 9 repositories are within acceptable quality thresholds. All data reflects the latest commit analysis as of this morning.
This example demonstrates read-heavy discovery across an organization's codebase. Requires an API token with organization-level read permissions. Codacy's analysis is only as current as the last push — if commits haven't been analyzed yet, issues won't appear. Useful for daily standup prep or sprint planning.
@codacy create a new API token for our CI pipeline integration and confirm it has project read access
Created API token `cdy_prod_ci_20250124_a8f3`. Token has read access to all projects under your account. Confirmed scope includes repository listing and quality metrics retrieval, but excludes write operations like ignoring issues or changing quality settings. Store this token securely — it won't be displayed again after this session.
This example shows credential management for automation workflows. The MCP can generate tokens but cannot assign granular scopes beyond account defaults — verify permissions in Codacy's dashboard if your pipeline needs specific access levels. Deleting old tokens before creating new ones prevents token sprawl.
@codacy compare code quality trends across all my projects from the last sprint and draft a summary for the engineering team
Analyzed 8 projects with commits in the past two weeks. Overall quality improved: `checkout-flow` reduced complexity by 15%, `analytics-worker` cleared all security warnings. Two projects regressed: `admin-dashboard` added 3 new code duplication blocks, `mobile-app` introduced 2 medium-severity linting violations. Recommendation: prioritize refactoring in `admin-dashboard` before the next release cycle. Quality gate pass rate across all projects: 75%.
This example pairs Codacy's metrics with AI reasoning to surface trends humans might miss in raw dashboards. The synthesis depends on having multiple projects with recent activity — single-repo accounts will see less comparative insight. Useful for retrospectives or quarterly engineering reviews where you need narrative context around numbers.
Use-case deep-dives
When Codacy MCP makes sense for merge-gate enforcement
A 6-person engineering team wants to block PRs that fail coverage or complexity thresholds before they hit main. The Codacy MCP is the wrong tool here—it's designed for account and token management, not for reading quality metrics or triggering CI actions. You'd use this MCP once during onboarding to provision API tokens for your CI runner, then switch to Codacy's webhook or CLI for the actual gate logic. If your workflow is 'set up Codacy access for three new devs and rotate tokens quarterly,' this MCP handles that in two tool calls. If your workflow is 'fail the build when test coverage drops,' you need Codacy's native integrations, not this MCP.
Using Codacy MCP to map developer permissions at scale
A platform team at a 40-person startup needs to audit which engineers have Codacy access across five GitHub organizations and 80 repositories. The Codacy MCP is built for this: authenticate once, call Get User Organizations to enumerate orgs, then call Get Organization Repositories for each org to build a complete access map. The output feeds a spreadsheet or Slack summary showing who can see what. This works cleanly up to about 10 organizations; beyond that, the API's pagination and rate limits make a custom script faster. If you're doing this audit monthly or onboarding contractors who need scoped tokens, the MCP saves 20 minutes of manual clicking. If you're doing it once a year, the Codacy web UI is fine.
When Codacy MCP speeds up token lifecycle management
A DevOps engineer at a SaaS company rotates API tokens every 90 days for compliance and needs to update tokens in four CI environments without losing Codacy integration uptime. The Codacy MCP handles this in a three-step loop: List Projects to confirm current scope, Create API Token to generate the replacement, then Delete API Token to revoke the old one after the new token is deployed. The MCP's value is sequencing these calls in a single chat thread instead of toggling between Codacy's dashboard and your CI config. This matters if you're rotating tokens for more than two services or if the rotation happens quarterly. For annual rotations or single-service setups, the manual flow is faster.
Frequently asked
What does the Codacy MCP do in Switchy?
It connects your Codacy account so AI agents can read your code quality data, list repositories across organizations, and manage API tokens. Agents can pull project metrics, enumerate repos by provider, and check account details without leaving the conversation. It's useful when you want AI to reference coverage stats or quality gates while discussing architecture or reviewing PRs.
Do I need a Codacy API key to set this up?
Yes. You authenticate with a Codacy API key, which you generate from your Codacy account settings. The MCP can then create or delete additional tokens on your behalf, so you can rotate credentials or provision tokens for other integrations without logging into the Codacy UI. The key must have read access to organizations and projects you want agents to see.
Can the Codacy MCP change code quality settings or trigger new analyses?
No. It's read-only for quality data and limited to token management. Agents can list projects, fetch organization repos, and view account details, but they can't modify quality gates, ignore patterns, or kick off new scans. If you need to change Codacy configuration, do it directly in the Codacy dashboard or via their full REST API.
Why use this instead of just checking Codacy in my browser?
Because AI agents can pull quality metrics inline while you're discussing code changes, planning sprints, or reviewing architecture. Instead of context-switching to Codacy's UI, the agent surfaces coverage drops or new issues in the same thread where you're making decisions. It's faster when quality data informs the conversation, not just audits it afterward.
Who on my team should connect the Codacy integration?
Whoever owns your Codacy account and has visibility into all the organizations you want agents to query. If your repos span multiple Codacy orgs, that person needs membership in each. The API key they provide determines which projects agents can see, so choose someone with the right scope—usually a tech lead or DevOps engineer.