Skip to content

CodeGuard MCP Server: streamable HTTP server exposing security rules as tools #54

Description

@ramraaj25

Summary

Build an open-source MCP server (streamable HTTP transport) that exposes the CoSAI CodeGuard security rules as individual tools. Organizations deploy it on their own infrastructure — behind their existing reverse proxy / identity provider, and make it accessible company-wide. Every MCP-compatible AI coding assistant connects to the shared instance, giving every code-generation and review session access to curated, versioned security guidance.

Motivation

Today, CodeGuard rules are distributed as static markdown files that must be copy-pasted into each developer's IDE rule configuration. At org scale this creates drift, makes versioning painful, and limits adoption to platforms that support cursor-style always-applied rules.

A centrally deployed remote MCP server solves this:

  • Single source of truth — one server instance serves the entire org; rule updates are a container redeploy, not a per-developer file sync.
  • Runtime selectioncodeguard_1_* ("always-on") tools are invoked on every coding action; codeguard_0_* tools are invoked selectively based on language/domain context inferred by the AI agent.
  • Host-agnostic — streamable HTTP transport works with Cursor, VS Code + Copilot Chat, Cline, Continue, Zed, and any future MCP client.
  • Enterprise-ready — deploy behind your existing reverse proxy (Nginx, Envoy, Istio) with org SSO, TLS termination, and network policies already in place.

Behaviour

Tool taxonomy

Prefix Invocation policy Example
codeguard_1_* Always invoke before writing/reviewing code codeguard_1_hardcoded_credentials, codeguard_1_crypto_algorithms, codeguard_1_digital_certificates
codeguard_0_* Context-select based on language + security domain codeguard_0_input_validation_injection, codeguard_0_safe_c_functions, codeguard_0_api_web_services

Each tool:

  • Accepts no arguments (rule content is self-contained).
  • Returns a JSON object { "result": "<rule markdown>" } containing the full rule text: rule_id, description, guidance, code examples, checklists.
  • Includes a description field in its MCP tool descriptor that states the security domain and applicable languages/artifacts, so the AI agent can decide which codeguard_0_* tools to invoke.

Meta-rule (client-side)

The server ships a recommended meta-rule (markdown) that organizations distribute to developers for IDE installation. The meta-rule instructs the AI agent to:

  1. Discover all codeguard_* tools on the connected server.
  2. Always invoke every codeguard_1_* tool before code generation/review.
  3. Context-select codeguard_0_* tools by matching tool descriptions against the current file extensions, frameworks, and task domain.
  4. Apply returned guidance, avoid listed anti-patterns, and cite which rules influenced the output.

Addresses Discussion #39

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions