CODE GUARD
More than half of new code is AI-assisted now, and a meaningful share of it carries the classic security bugs: injection, hardcoded secrets, disabled TLS checks, unsafe deserialization. Code Guard is the check a coding agent runs on its own code or diff before committing. A deterministic rule engine, so it can't be talked out of a finding, and it answers in milliseconds.
FreeDeterministic, no LLMJS/TS + Python + generic rulesHTTP + MCP
verdict appears here…
| Endpoint | What it does |
|---|---|
POST /api/scan-code | The guard. Scan a snippet → findings {rule, category, severity, line, remediation} + verdict pass / review / block |
POST /api/scan-diff | Scan only the added lines of a unified diff, with correct new-file line numbers — for commit loops |
GET /api/rules | The full rule catalog, so you know exactly what it checks (and what it doesn't) |
{ "mcpServers": { "code-guard": { "command": "npx", "args": ["-y", "@mlawsonking/code-guard-mcp"] } } }
Or call the HTTP endpoints directly — JSON in, JSON out, CORS open. OpenAPI spec.