CODE GUARD

Scan AI-generated code before it ships.

More than half of new code is AI-assisted now, and a meaningful share of it carries the classic security bugs: injection, hardcoded secrets, disabled TLS checks, unsafe deserialization. Code Guard is the check a coding agent runs on its own code or diff before committing. A deterministic rule engine, so it can't be talked out of a finding, and it answers in milliseconds.

FreeDeterministic, no LLMJS/TS + Python + generic rulesHTTP + MCP

Try it

verdict appears here…

The endpoints

EndpointWhat it does
POST /api/scan-codeThe guard. Scan a snippet → findings {rule, category, severity, line, remediation} + verdict pass / review / block
POST /api/scan-diffScan only the added lines of a unified diff, with correct new-file line numbers — for commit loops
GET /api/rulesThe full rule catalog, so you know exactly what it checks (and what it doesn't)

Use it from an agent (MCP)

{ "mcpServers": { "code-guard": { "command": "npx", "args": ["-y", "@mlawsonking/code-guard-mcp"] } } }

Or call the HTTP endpoints directly — JSON in, JSON out, CORS open. OpenAPI spec.

What it catches

Command, code, and SQL injection · SSRF · hardcoded secrets and API keys · weak crypto (MD5/SHA1, ECB, insecure RNG) · unsafe deserialization (pickle, yaml, marshal) · disabled TLS verification · XSS and template injection · common misconfigurations. It's a fast first pass built for the agent's inner loop, not a replacement for a full security review — and it tells you so in the response.