Advanced Analysis Tools
These tools provide deeper code analysis capabilities beyond navigation and inspection: complexity metrics, data flow, control flow, duplicate detection, and external source resolution.
get_complexity_metrics
Compute cyclomatic complexity, cognitive complexity, maximum nesting depth, and logical lines of code for methods.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
name |
string | yes | Method, type, or project name |
scope |
string | no | method, type, or project (default method) |
className |
string | no | Containing class for method disambiguation |
threshold |
int | no | Minimum cyclomatic complexity to include (default 0) |
maxResults |
int | no | Max results (default 50) |
Metrics explained
| Metric | What it measures | Threshold guidance |
|---|---|---|
| Cyclomatic | Number of linearly independent paths. Counts if, while, for, foreach, case, &&, ||, ??, catch, ternary. Base = 1. |
< 10 good, 10-20 moderate, > 20 high risk |
| Cognitive | Human-readability cost (SonarSource model). Nesting structures add 1 + nesting level as penalty. else if does not increase nesting. |
< 15 good, 15-30 moderate, > 30 refactor |
| Max nesting | Deepest nesting level of control flow blocks. | < 3 good, 4 yellow, 5+ refactor |
| Logical LOC | Non-blank, non-comment lines. | < 30 good, 30-60 moderate, > 60 split |
Example: scan a project for hotspots
name: "MyProject"
scope: "project"
threshold: 10
Returns methods sorted by cyclomatic complexity (descending), filtered to those above the threshold.
{
"Methods": [
{
"Method": "ProcessOrder",
"ContainingType": "OrderService",
"File": "OrderService.cs",
"Line": 45,
"Metrics": { "Cyclomatic": 18, "Cognitive": 24, "MaxNesting": 4, "LogicalLoc": 52 }
},
{
"Method": "ValidateInput",
"ContainingType": "InputValidator",
"File": "InputValidator.cs",
"Line": 12,
"Metrics": { "Cyclomatic": 12, "Cognitive": 15, "MaxNesting": 3, "LogicalLoc": 28 }
}
],
"Total": 2
}
analyze_data_flow
Analyze variable data flow within a method using Roslyn's SemanticModel.AnalyzeDataFlow().
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
methodName |
string | yes | Name of the method |
className |
string | no | Containing class to disambiguate |
Response fields
| Field | Description |
|---|---|
VariablesDeclared |
Variables declared inside the method body |
DataFlowsIn |
Variables whose values flow into the region from outside |
DataFlowsOut |
Variables whose values flow out of the region |
ReadInside |
Variables read inside the method |
WrittenInside |
Variables written inside the method |
AlwaysAssigned |
Variables always assigned before the method exits |
Captured |
Variables captured by lambdas or local functions |
When to use
- Understanding side effects — which variables escape the method?
- Refactoring — can a block be safely extracted?
- Lambda analysis — which variables are captured (closures)?
analyze_control_flow
Analyze control flow within a method using Roslyn's SemanticModel.AnalyzeControlFlow().
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
methodName |
string | yes | Name of the method |
className |
string | no | Containing class to disambiguate |
Response fields
| Field | Description |
|---|---|
StartReachable |
Whether the first statement is reachable |
EndReachable |
Whether the end of the method is reachable (no guaranteed return/throw) |
ReturnStatements |
Number of return statements |
ExitPoints |
Total exit points (returns, throws, breaks) |
When to use
- Dead code detection — is the end of a method reachable?
- Complexity assessment — how many exit points?
- Refactoring — ensuring all paths return
detect_duplicates
Detect structurally similar code blocks using AST fingerprinting.
How it works
- Extract all method bodies as statement sequences
- Normalize each: replace identifiers with
ID, literals withLIT(creates a structural fingerprint) - Hash the normalized form (SHA-256)
- Group methods with identical hashes (exact structural duplicates)
Two methods that differ only in variable names or literal values will produce the same fingerprint.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
projectFilter |
string | no | Scope to a specific project |
minStatements |
int | no | Minimum statements to consider (default 5) |
maxResults |
int | no | Maximum duplicate groups (default 20) |
Example response
{
"Groups": [
{
"Occurrences": [
{ "Method": "ValidateEmail", "ContainingType": "UserService", "File": "UserService.cs", "Line": 34 },
{ "Method": "ValidatePhone", "ContainingType": "ContactService", "File": "ContactService.cs", "Line": 22 }
],
"Similarity": 1.0,
"StatementCount": 8
}
],
"TotalGroups": 1,
"TotalDuplicates": 2
}
When to use
- Before a refactoring sprint — find extraction candidates
- Code review — spot copy-paste patterns
- Technical debt assessment — quantify duplication
resolve_external_source
Resolve source code for external (NuGet/framework) symbols via SourceLink or decompilation.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
symbolName |
string | yes | External symbol name |
assemblyName |
string | no | Assembly name to narrow search |
Resolution hierarchy
- SourceLink — if the symbol has source in the solution or SourceLink metadata in the PDB
- Decompilation — using ICSharpCode.Decompiler as a fallback
- None — if neither method succeeds
Example response
{
"Symbol": "Microsoft.Extensions.Logging.ILogger",
"Assembly": "Microsoft.Extensions.Logging.Abstractions",
"SourceLinkUrl": null,
"DecompiledSource": "using System;\n\nnamespace Microsoft.Extensions.Logging\n{\n public interface ILogger\n {\n ...\n }\n}",
"ResolutionMethod": "decompilation"
}
Decompiled source is truncated to 60 lines for token efficiency.
When to use
- Understanding a third-party API's implementation details
- Debugging framework behavior without leaving the MCP server
- Verifying NuGet package behavior