AI Code Review Inside Cursor and VS Code Using the 2ndOpinion MCP Server

Most developers do not open a browser tab when they want a second opinion on a tricky function. They want the answer in the same window where the code lives. The 2ndOpinion MCP server makes that possible by wiring the full gateway — Claude, Codex, and Gemini — directly into Cursor and VS Code through the Model Context Protocol.

This guide walks through the complete setup and shows you which tools are most useful in an IDE context.

What the MCP Server Actually Does

The Model Context Protocol is an open standard that lets an AI assistant call external tools without you switching context. When you add the 2ndOpinion MCP server to your editor, Claude (the AI powering Cursor and VS Code Copilot) can call out to the 2ndOpinion gateway mid-conversation and return structured analysis directly in the chat pane.

The MCP server exposes ten tools:

Tool	What it does
second_opinion	Analyzes a diff with a single model
consensus_review	Runs all three models and returns a consensus
bug_hunt	Three-model bug hunt with deduplication
security_audit	OWASP-focused audit, single or multi-model
generate_tests	Generates runnable tests for staged changes
explain_changes	Summarizes a diff for technical or non-technical audiences
ask_other_model	Asks a specific model a freeform question
ai_debate	Structured multi-round debate between two or three models
review_pr	Pulls and reviews a GitHub PR by number
get_usage	Returns your current credit balance and tier

All calls go through the same gateway that powers the HTTP API, so rate limits, credit costs, and tier restrictions apply identically.

Prerequisites

• Node.js 18 or later
• A 2ndOpinion account with an API key (get one free at the dashboard)
• Cursor 0.40+ or VS Code with the GitHub Copilot Chat extension

Installation

Install the MCP server globally via npm:

npm install -g @2ndopinion/mcp

Verify the installation:

2op-mcp --version

Then save your API key. The server reads from a local config file:

2op-mcp config set apiKey sk_2op_YOUR_KEY_HERE

The key is stored at ~/.config/2ndopinion/config.json. It is never sent anywhere except the 2ndOpinion gateway.

Connecting to Cursor

Cursor has native MCP support. Open Settings → MCP Servers (or edit ~/.cursor/mcp.json directly) and add:

{
  "mcpServers": {
    "2ndopinion": {
      "command": "2op-mcp",
      "args": ["--stdio"],
      "env": {}
    }
  }
}

Restart Cursor. In any chat thread, type @2ndopinion to see the tool list. Cursor will show all ten tools with their descriptions.

First Test in Cursor

Stage a file you have been working on, then open a chat and ask:

@2ndopinion run a consensus_review on my current git diff

The server detects your staged changes automatically, sends them to all three models, and returns a structured result with a recommendation (Accept / Review / Reject), a risk score, and itemized findings from each model.

Connecting to VS Code

VS Code's Copilot Chat extension supports MCP servers starting from version 1.99. Add the server to your workspace settings or user settings:

{
  "github.copilot.chat.mcpServers": {
    "2ndopinion": {
      "command": "2op-mcp",
      "args": ["--stdio"]
    }
  }
}

After reloading VS Code, open the Copilot Chat panel and switch to Agent mode (the @ icon). The 2ndOpinion tools will appear under the tool selector.

Scoping Reviews to the Current File

The MCP server's second_opinion tool accepts either a diff string or nothing (auto-detects from git diff). In VS Code, you can be more targeted:

@2ndopinion using second_opinion, review only the changes in src/auth/jwt.ts

Copilot Chat will read the file context and pass the relevant diff to the tool. This is useful when your working branch has a large number of unrelated changes.

Practical Workflows

Before Every Commit

Run second_opinion on your staged changes before committing. This takes about three seconds for a typical diff and surfaces obvious issues before they reach CI.

@2ndopinion run second_opinion on my staged changes using claude

If the result comes back with a Review or Reject recommendation, ask for details:

@2ndopinion explain the top risk item in more detail

Security-Sensitive Changes

Any time you touch authentication, authorization, or data serialization, reach for security_audit instead of the default review. It runs an OWASP-focused analysis that specifically looks for injection vulnerabilities, broken access control, and insecure deserialization.

@2ndopinion security_audit the changes in src/api/users.ts

The audit returns findings mapped to OWASP Top 10 categories with severity ratings, so you know exactly which items are critical versus informational.

Generating Tests for New Code

After writing a new module, generate_tests produces runnable test scaffolding based on the actual diff. It understands your testing framework from context:

@2ndopinion generate_tests for my changes, using Jest

The output is a complete test file you can paste directly into your test directory. It covers the happy path, edge cases, and error conditions visible in the diff.

Understanding a Colleague's Changes

When you are reviewing someone else's PR and want a plain-language summary before diving into the diff:

@2ndopinion explain_changes for PR 847, audience: technical

The review_pr tool fetches the PR diff from GitHub and explain_changes returns a structured summary broken down by file, covering what changed and why it likely changed.

Credit Costs in an IDE Context

Using the MCP server spends credits the same way the HTTP API does. Quick reference:

• second_opinion, security_audit (single model): 1 credit
• consensus_review, bug_hunt, security_audit (multi-model): 3 credits
• ai_debate: 5 credits

If you are on the Pro plan (100 credits/month), a habit of running second_opinion on every commit costs roughly 3 credits per working day — well within budget. Consensus reviews are worth saving for higher-risk changes like auth, payments, or schema migrations.

Check your balance at any time:

@2ndopinion get_usage

Troubleshooting

The server does not appear in Cursor's tool list. Make sure 2op-mcp is on your PATH. Run which 2op-mcp in a terminal. If it is not found, the global npm install may not have added the bin directory to your PATH — add $(npm root -g)/../bin to your shell profile.

Tool calls return a 401 error. Your API key may be missing or mistyped. Run 2op-mcp config get to verify the stored key, then regenerate one from the dashboard if needed.

Auto-detection returns an empty diff. The server runs git diff --staged by default. If nothing is staged, it falls back to git diff HEAD. Make sure you are inside a git repository and that the relevant changes are either staged or committed.

Why This Beats Copy-Pasting Into a Chat Window

The core advantage is not convenience — it is the structured output. When you paste code into a generic chat window, the model returns a conversational response that you have to parse manually. The MCP tools return typed JSON that the editor can render as structured findings: risk level, affected files, specific line references, and an explicit recommendation. There is no ambiguity about whether the model thought the code was fine or flagged it.

The second advantage is model independence. Cursor runs on Claude; VS Code Copilot runs on GPT-4. When you call consensus_review through the MCP server, you get all three models regardless of which AI powers your editor. Your editor's built-in model is used for chat orchestration, but the actual code review comes from three independent analyzers with different blind spots.

---

Ready to try it? Install the MCP server and run your first consensus review in under five minutes. Visit get2ndopinion.dev/docs for the full tool reference, or open the playground to explore the API before committing to an IDE integration.