claude › hyperanalyzer analyze src/loader.cpp

// src/loader.cpp:142
⚠ HA001 Forbidden Win32 API invoked from DllMain
  │ CreateThread() inside DllMain can deadlock the loader lock.
  │ CWE-667 · severity: high

⚠ HA101 sizeof(pointer) passed to memcpy
  │ memcpy(buf, src, sizeof(buf)) copies 8 bytes, not N.
  │ fix: use sizeof(*buf) * count

ℹ HA301 push_back → emplace_back would avoid a copy

✓ 3 findings · 412 ms · ready for Claude to apply fixes

MCP server · works with Claude Code, Cursor, Windsurf

Catch the bugs your AI just wrote.

HyperAnalyzer is a static analyzer built for the age of vibe-coding. It plugs into Claude Code, Cursor and every MCP-aware assistant and flags the bugs LLMs keep producing, before the diff hits your repo.

Get HyperAnalyzer free Read the docs

pip install hyperanalyzer · C/C++ today · Rust, Go, Python, C# next.

Static analysis, rebuilt for AI coding.

Claude and GPT already write most of your code. The job of the analyzer has changed. It has to be fast enough, structured enough, and opinionated enough for an LLM to consume on every diff.

Tuned for LLM failure modes

Every rule is backed by a real bug we found in production code written by Claude or GPT: missing error handling, sloppy refactors, Windows API misuse, crypto mistakes.

Runs as an MCP tool

HyperAnalyzer speaks the Model Context Protocol. Claude Code, Cursor, Continue and Windsurf call it as a tool, and findings come back as structured JSON the model can act on.

Fixes before commit, not in CI

Existing analyzers live in your pipeline, hours after the LLM already moved on. HyperAnalyzer runs inside the edit loop, so the model sees the finding and rewrites the code itself.

Clang under the hood

Real AST, real type info, real CFG. Powered by libclang (Apache-2.0 with LLVM exception) and tree-sitter. Not regex, not flaky linters, not LLM-on-LLM guessing.

Natural-language fix hints

Every finding ships with a one-line explanation and a suggested patch, written for an LLM to consume. No human translation needed between analyzer output and the fix.

Commercial-clean licensing

Permissive deps only (Apache-2.0 / MIT / BSD). No GPL, no source-available, no PVS-Studio text. You can ship HyperAnalyzer inside closed-source products without legal friction.

A curated rule set, not a 1,200-check dump.

Every rule is hand-picked from real bugs we observed in LLM-generated code, mapped to CWE / CERT standards, and shipped with a natural-language fix hint. Here are six from the initial C/C++ set.

HA001 high

Forbidden Win32 API invoked from DllMain

Calling CreateThread, LoadLibrary, CoInitialize, or other loader-lock-sensitive APIs inside DllMain can deadlock the process at load time.

Windows CWE-667

HA101 high

sizeof(pointer) passed to memcpy / memset / memcmp

Using sizeof on a pointer returns the pointer width, not the buffer size. A classic under-copy bug LLMs produce when refactoring arrays into heap buffers.

Security CWE-467

HA102 medium

Unsigned subtraction compared with < or >

(a - b) < c on unsigned types wraps around zero and silently becomes a huge value, producing logic bugs that compile cleanly and pass review.

Security CWE-191

HA201 medium

Local variable assigned twice with no read between

Typical refactoring leftover: Claude adds a new assignment but forgets to delete the old one. Dead stores hide real logic errors.

Correctness CWE-563

HA202 medium

Boolean expression that is always true or always false

Unsigned compared with 0, sizeof() compared with a negative. Dead branches that look like defensive code but never execute.

Correctness CWE-570

HA301 low

push_back(Type{...}) where emplace_back would skip a copy

Cheap win: emplace_back constructs in place. LLMs default to push_back because the training data predates C++11.

Performance n/a

Browse the full catalog →

Stop shipping bugs Claude wrote.

Drop HyperAnalyzer into your AI coding assistant in under a minute. Free for individuals, forever.

$ pip install hyperanalyzer MCP ready

Get HyperAnalyzer free Read the docs