# Roslyn CodeLens > Roslyn-based MCP server providing semantic code intelligence for .NET codebases. - **Type:** MCP server - **Install:** `agentstack add mcp-marcelroozekrans-roslyn-codelens-mcp` - **Verified:** Pending review - **Seller:** [MarcelRoozekrans](https://agentstack.voostack.com/s/marcelroozekrans) - **Installs:** 0 - **Latest version:** 1.1.6 - **License:** MIT - **Upstream author:** [MarcelRoozekrans](https://github.com/MarcelRoozekrans) - **Source:** https://github.com/MarcelRoozekrans/roslyn-codelens-mcp ## Install ```sh agentstack add mcp-marcelroozekrans-roslyn-codelens-mcp ``` Requires the [AgentStack CLI](https://agentstack.voostack.com/docs/cli). Works with Claude Code, Cursor, and any MCP-compatible agent. ## About # Roslyn CodeLens MCP Server [](https://www.nuget.org/packages/RoslynCodeLens.Mcp) [](https://www.nuget.org/packages/RoslynCodeLens.Mcp) [](https://github.com/MarcelRoozekrans/roslyn-codelens-mcp/actions) [](https://github.com/MarcelRoozekrans/roslyn-codelens-mcp/blob/main/LICENSE) [](https://marcelroozekrans.github.io/roslyn-codelens-mcp/) [](https://github.com/sponsors/MarcelRoozekrans) A Roslyn-based MCP server that gives AI agents deep semantic understanding of .NET codebases — type hierarchies, call graphs, DI registrations, diagnostics, refactoring, and more. --- ## Hosted deployment A hosted deployment is available on [Fronteir AI](https://fronteir.ai/mcp/marcelroozekrans-roslyn-codelens-mcp). ## Features - **find_implementations** — Find all classes/structs implementing an interface or extending a class - **find_callers** — Find every call site for a method, property, or constructor - **find_event_subscribers** — Every += / -= site for an event symbol, with resolved handler and subscribe/unsubscribe tag - **find_tests_for_symbol** — List xUnit/NUnit/MSTest methods that exercise a production symbol; opt-in transitive walk through helpers - **get_test_summary** — Per-project inventory of test methods with framework, attribute kind, data-row count, location, and production symbols referenced - **find_uncovered_symbols** — Public methods and properties no test transitively reaches; sorted by cyclomatic complexity for prioritization - **generate_test_skeleton** — Emit a compilable test-class skeleton (as text) for a method or type. Auto-detects xUnit/NUnit/MSTest; surfaces constructor dependencies as TodoNotes; returns a suggested file path. Closes the loop with `find_uncovered_symbols` - **get_type_hierarchy** — Walk base classes, interfaces, and derived types - **get_di_registrations** — Scan for DI service registrations - **get_project_dependencies** — Get the project reference graph - **get_symbol_context** — One-shot context dump for any type - **get_public_api_surface** — Enumerate every public/protected type and member in production projects; flat, deterministically-sorted list suitable for API review or breaking-change baselines. - **find_breaking_changes** — Diff the current API against a baseline JSON or DLL; report removed members, kind changes, and accessibility changes with Breaking/NonBreaking severity. - **find_reflection_usage** — Detect dynamic/reflection-based usage - **find_references** — Find all references to any symbol (types, methods, properties, fields, events) - **go_to_definition** — Find the source file and line where a symbol is defined - **get_diagnostics** — List compiler errors, warnings, and Roslyn analyzer diagnostics - **get_code_fixes** — Get available code fixes with structured text edits for any diagnostic - **search_symbols** — Fuzzy workspace symbol search by name - **get_nuget_dependencies** — List NuGet package references per project - **find_attribute_usages** — Find types and members decorated with a specific attribute - **find_obsolete_usage** — Every `[Obsolete]` call site grouped by deprecation message and severity, errors first; for planning migrations - **find_circular_dependencies** — Detect cycles in project or namespace dependency graphs - **get_complexity_metrics** — Cyclomatic complexity analysis per method - **find_naming_violations** — Check .NET naming convention compliance - **find_async_violations** — Sync-over-async, `async void` misuse, missing awaits, fire-and-forget tasks; per-violation report with severity - **find_disposable_misuse** — `IDisposable`/`IAsyncDisposable` instances not wrapped in `using`/`await using`/returned/assigned to field; severity error/warning per violation. - **find_large_classes** — Find oversized types by member or line count - **find_god_objects** — Types combining high size with high cross-namespace coupling; sharper signal than raw size for SRP violations - **find_unused_symbols** — Dead code detection via reference analysis. Auto-filters test methods (xUnit/NUnit/MSTest), MCP tool entry points, source-generator output, MEF-composed services, and interop-laid-out fields; filter counts surface in `summary.filteredOut` - **get_project_health** — Composite audit aggregating 7 quality dimensions per project (complexity, large classes, naming, unused symbols, reflection, async violations, disposable misuse) with counts and top-N hotspots inline - **get_source_generators** — List source generators and their output per project - **get_generated_code** — Inspect generated source code from source generators - **inspect_external_assembly** — Browse types, members, and XML docs from closed-source NuGet packages and referenced assemblies - **peek_il** — Decompile any method to ilasm-style IL bytecode from closed-source or generated assemblies - **get_code_actions** — Discover available refactorings and fixes at any position (extract method, rename, inline variable, and more) - **apply_code_action** — Execute any Roslyn refactoring by title, with preview mode (returns a diff before writing to disk) - **list_solutions** — List all loaded solutions and which one is currently active - **set_active_solution** — Switch the active solution by partial name (all subsequent tools operate on it) - **load_solution** — Load an additional .sln/.slnx at runtime and make it the active solution - **unload_solution** — Unload a loaded solution to free memory - **rebuild_solution** — Force a full reload of the analyzed solution - **start_background_task** — Queue a long-running tool (currently `rebuild_solution`) to run in the background; returns a `taskId` to poll - **get_task_status** — Get the current status, result, or error of a background task by its `taskId` - **list_running_tasks** — List background tasks running or completed within the last 5 minutes - **trust_solution** — Authorize a solution to run Roslyn analyzers (required before `get_diagnostics` with `includeAnalyzers: true`) - **list_trusted_paths** — Inspect the persistent trust store + session-trusted solutions - **revoke_trust** — Revoke a previously-granted trust for a solution path - **analyze_data_flow** — Variable read/write/capture analysis within a statement range (declared, read, written, always assigned, captured, flows in/out) - **analyze_control_flow** — Branch/loop reachability analysis within a statement range (start/end reachability, return statements, exit points) - **analyze_change_impact** — Show all files, projects, and call sites affected by changing a symbol — combines find_references and find_callers - **get_type_overview** — Compound tool: type context + hierarchy + file diagnostics in one call - **analyze_method** — Compound tool: method signature + callers + outgoing calls in one call - **get_overloads** — Every overload of a method/constructor (source + metadata) with full parameter and modifier detail in one call - **get_operators** — Every user-defined operator and conversion operator on a type (source + metadata) with kind, signature, parameters, and source location. Includes synthesized record equality and .NET 7+ checked variants - **get_call_graph** — Transitive caller/callee graph for a method, depth-bounded with cycle detection - **get_file_overview** — Compound tool: types defined in a file + file-scoped diagnostics in one call ## Response shape All list-returning tools wrap their results in a uniform envelope: ```json { "items": [ ... ], "totalCount": 142, "truncated": false, "limit": 500, "summary": { ... } } ``` When `truncated` is `true`, the items are the **top N by the tool's natural sort order** (severity-first, worst-first, by-project, etc.) — usually that's exactly what you want. Raise `limit` only if the missing tail items matter for the task. Tools that include a `summary` aggregate today: - `get_diagnostics` — `{ error, warning, info, hidden }` counts - `find_references`, `find_callers`, `find_attribute_usages` — `{ byProject: { name: count } }` - `search_symbols`, `find_reflection_usage` — `{ byKind: {...} }` - `find_unused_symbols` — `{ byKind, filteredOut: { testMethod, testContainer, mcpTool, generated, composition, interop } }` - `find_naming_violations` — `{ byRule: {...} }` - `get_complexity_metrics` — `{ max, avg, overThreshold }` Single-object tools (`get_type_overview`, `get_symbol_context`, `apply_code_action`, etc.) return their bespoke shape directly — the envelope only wraps list-returning tools. ## Error responses When a tool can't proceed (symbol not resolved, solution not trusted, file not found, ambiguous match, etc.), the response is an `isError: true` content block carrying a structured JSON body: ```json { "code": "SolutionNotTrusted", "message": "Solution 'Foo.sln' is not trusted for analyzer execution. ...", "details": { "solutionPath": "C:\\Foo.sln" } } ``` Error codes (switch on `code` to handle each): - `SymbolNotFound` — type / method / property could not be resolved. - `SolutionNotTrusted` — `get_diagnostics` or `get_code_fixes` requested analyzers but the solution hasn't been authorized via `trust_solution`. - `AmbiguousMatch` — `set_active_solution` / `unload_solution` matched multiple solutions; `details.matches` lists them. - `FileNotFound` — file path or baseline doesn't exist (or isn't in any loaded project). - `ProjectNotFound` — solution name didn't match any loaded solution. - `InvalidArgument` — caller-supplied input was malformed, unsupported, or out of range. - `Internal` — unexpected error not modeled above; `message` carries the underlying exception text. **Cancellation:** the MCP framework's native cancellation is honored. Cancelling a `tools/call` request mid-flight terminates the operation; long-running tools (`get_diagnostics` with analyzers, `get_code_actions`, `apply_code_action`, `get_code_fixes`) check the token at hot-loop boundaries. ## External Assemblies Metadata-origin symbols (from NuGet packages and referenced assemblies) are first-class citizens: - **Tier 1 — Navigation** (`find_references`, `find_callers`, `find_implementations`): Accepts closed-source type and member names. Resolves them from assembly metadata and reports all source-level usage sites. - **Tier 2 — Inspection** (`inspect_external_assembly`): Browse namespaces, types, members, and XML doc comments from any referenced assembly without decompiling. - **Tier 3 — IL** (`peek_il`): Decompile a specific method to annotated ilasm-style IL using ICSharpCode.Decompiler — useful for understanding the internals of NuGet libraries. Location-returning results include an `Origin` field (`source` or `metadata`) and an `IsGenerated` flag to distinguish hand-written code from closed-source or generated output. ## Runtime configuration - `ROSLYN_CODELENS_OPEN_PROJECT_TIMEOUT_SECONDS` — per-project MSBuild load timeout (default `300`). When a project exceeds this duration during workspace open, it's recorded as a `SkippedProjects` entry with `kind: "Timeout"` and the rest of the solution still loads. Useful when a legacy or malformed project wedges the `BuildHost-net472` subprocess. ## Security: Trust Model `get_diagnostics` and `get_code_fixes` can load Roslyn analyzers — DLLs that execute in-process. To prevent untrusted analyzers from running automatically, this server uses a VS/Rider-style trust model: - **Solutions passed on the CLI at startup** are auto-trusted for the current session. - **Other solutions** must be explicitly trusted via the `trust_solution` MCP tool. - **Analyzer DLLs** must come from the user's NuGet global packages folder, the dotnet SDK install dir, or the solution's own `bin`/`obj`. Other paths are skipped. Use the `list_trusted_paths` and `revoke_trust` tools to inspect and manage trust state. Persistent trust is stored at `%APPDATA%\roslyn-codelens\trust.json`. See [SECURITY.md](SECURITY.md) for the full threat model. ## Quick Start ### VS Code / Visual Studio (via dnx) Add to your MCP settings (`.vscode/mcp.json` or VS settings): ```json { "servers": { "roslyn-codelens": { "type": "stdio", "command": "dnx", "args": ["RoslynCodeLens.Mcp", "--yes"] } } } ``` ### Claude Code Plugin ```bash claude install gh:MarcelRoozekrans/roslyn-codelens-mcp ``` ### .NET Global Tool ```bash dotnet tool install -g RoslynCodeLens.Mcp ``` Then add to your MCP client config: ```json { "mcpServers": { "roslyn-codelens": { "command": "roslyn-codelens-mcp", "args": [], "transport": "stdio" } } } ``` ## Usage The server automatically discovers `.sln` files by walking up from the current directory. You can also pass one or more solution paths directly: ```bash # Single solution roslyn-codelens-mcp /path/to/MySolution.sln # Multiple solutions — switch between them with set_active_solution roslyn-codelens-mcp /path/to/A.sln /path/to/B.sln ``` When multiple solutions are loaded, use `list_solutions` to see what's available and `set_active_solution("B")` to switch context. The first path is active by default. ## Performance All type lookups use pre-built reverse inheritance maps, member indexes, and attribute indexes for O(1) access. Benchmarked on an i9-12900HK with .NET 10.0.7: | Tool | Latency | Memory | |------|--------:|-------:| | `go_to_definition` | 2.1 µs | 576 B | | `find_implementations` | 2.5 µs | 720 B | | `get_project_dependencies` | 2.8 µs | 1.5 KB | | `get_type_hierarchy` | 3.5 µs | 1.3 KB | | `find_circular_dependencies` | 3.7 µs | 2.7 KB | | `get_symbol_context` | 4.1 µs | 1.0 KB | | `get_source_generators` | 16 µs | 23 KB | | `analyze_data_flow` | 19 µs | 1.6 KB | | `find_attribute_usages` | 72 µs | 904 B | | `get_generated_code` | 78 µs | 24 KB | | `analyze_control_flow` | 115 µs | 14 KB | | `inspect_external_assembly` (summary) | 159 µs | 35 KB | | `find_large_classes` | 265 µs | 3.5 KB | | `get_di_registrations` | 478 µs | 16 KB | | `inspect_external_assembly` (namespace) | 564 µs | 259 KB | | `find_reflection_usage` | 705 µs | 19 KB | | `get_complexity_metrics` | 781 µs | 25 KB | | `get_code_actions` | 792 µs | 54 KB | | `get_file_overview` | 797 µs | 101 KB | | `get_diagnostics` | 822 µs | 99 KB | | `get_nuget_dependencies` | 849 µs | 48 KB | | `get_public_api_surface` | 885 µs | 247 KB | | `get_type_overview` | 1.1 ms | 104 KB | | `peek_il` | 1.1 ms | 34 KB | | `find_disposable_misuse` | 3.5 ms | 286 KB | | `find_uncovered_symbols` | 3.8 ms | 224 KB | | `search_symbols` | 3.9 ms | 557 KB | | `analyze_method` | 5.8 ms | 333 KB | | `find_async_violations` | 7.0 ms | 335 KB | | `find_tests_for_symbol` (direct) | 8.4 ms | 396 KB | | `find_callers` | 10 ms | 337 KB | | `find_tests_for_symbol` (transitive) | 12 ms | 399 KB | | `find_naming_violations` | 15 ms | 788 KB | | `find_unused_symbols` | 23 ms | 1.0 MB | | `find_references` | 28 ms | 1013 KB | | `analyze_change_impact` | 33 ms | 1.3 MB | | Solution loading (one-time) | ~4.1 s | 16 MB | ## Hot Reload The server watches `.cs`, `.csproj`, `.props`, and `.targets` files for changes. When a change is detected, affected projects are lazily re-compiled on the next tool query — only stale projects and their downstream dependents are re-compiled, not the full solution. Location-returning tools include an `IsGenerated` flag to distinguish source-generator output from hand-written code. ## Requirements - .NET 10 SDK - A .NET solution with compilable projects ## Project compatibility The server analyses every project that MSBuildWorkspace can load under the .NET SDK runtime. **Supported:** SDK-style projects (``), any target framework — `net48`, `net6.0`, `net8.0`, `net10.0`, etc. .NET Framework targets work fine *as long as the csproj uses the SDK-style format*. **Skipped (with a warning, not a crash):** legacy non-SDK-style projects (``, typically `.NET Framework` projects authored in older versions of Visual Studio). These rely on `Microsoft.Common.props` imports from the .NET Framework MSBuild that ships wit … ## Source & license This open-source MCP server is cataloged on AgentStack and links to its original source — we do not rehost the code. - **Author:** [MarcelRoozekrans](https://github.com/MarcelRoozekrans) - **Source:** [MarcelRoozekrans/roslyn-codelens-mcp](https://github.com/MarcelRoozekrans/roslyn-codelens-mcp) - **License:** MIT Install and usage instructions live in the source repository linked above. ## Pricing - **Free** — Free ## Versions - **1.1.6** — security scan: pending review — Imported from the upstream source. ## Links - Listing page: https://agentstack.voostack.com/l/mcp-marcelroozekrans-roslyn-codelens-mcp - Seller: https://agentstack.voostack.com/s/marcelroozekrans - Browse the marketplace: https://agentstack.voostack.com/browse --- Listed on AgentStack — the marketplace for AI agent skills and MCP servers. Every listing is security-reviewed. Creators keep 70%.