Summary
Build an open-source MCP server (streamable HTTP transport) that exposes the CoSAI CodeGuard security rules as individual tools. Organizations deploy it on their own infrastructure — behind their existing reverse proxy / identity provider, and make it accessible company-wide. Every MCP-compatible AI coding assistant connects to the shared instance, giving every code-generation and review session access to curated, versioned security guidance.
Motivation
Today, CodeGuard rules are distributed as static markdown files that must be copy-pasted into each developer's IDE rule configuration. At org scale this creates drift, makes versioning painful, and limits adoption to platforms that support cursor-style always-applied rules.
A centrally deployed remote MCP server solves this:
- Single source of truth — one server instance serves the entire org; rule updates are a container redeploy, not a per-developer file sync.
- Runtime selection —
codeguard_1_* ("always-on") tools are invoked on every coding action; codeguard_0_* tools are invoked selectively based on language/domain context inferred by the AI agent.
- Host-agnostic — streamable HTTP transport works with Cursor, VS Code + Copilot Chat, Cline, Continue, Zed, and any future MCP client.
- Enterprise-ready — deploy behind your existing reverse proxy (Nginx, Envoy, Istio) with org SSO, TLS termination, and network policies already in place.
Behaviour
Tool taxonomy
| Prefix |
Invocation policy |
Example |
codeguard_1_* |
Always invoke before writing/reviewing code |
codeguard_1_hardcoded_credentials, codeguard_1_crypto_algorithms, codeguard_1_digital_certificates |
codeguard_0_* |
Context-select based on language + security domain |
codeguard_0_input_validation_injection, codeguard_0_safe_c_functions, codeguard_0_api_web_services |
Each tool:
- Accepts no arguments (rule content is self-contained).
- Returns a JSON object
{ "result": "<rule markdown>" } containing the full rule text: rule_id, description, guidance, code examples, checklists.
- Includes a
description field in its MCP tool descriptor that states the security domain and applicable languages/artifacts, so the AI agent can decide which codeguard_0_* tools to invoke.
Meta-rule (client-side)
The server ships a recommended meta-rule (markdown) that organizations distribute to developers for IDE installation. The meta-rule instructs the AI agent to:
- Discover all
codeguard_* tools on the connected server.
- Always invoke every
codeguard_1_* tool before code generation/review.
- Context-select
codeguard_0_* tools by matching tool descriptions against the current file extensions, frameworks, and task domain.
- Apply returned guidance, avoid listed anti-patterns, and cite which rules influenced the output.
Addresses Discussion #39
Summary
Build an open-source MCP server (streamable HTTP transport) that exposes the CoSAI CodeGuard security rules as individual tools. Organizations deploy it on their own infrastructure — behind their existing reverse proxy / identity provider, and make it accessible company-wide. Every MCP-compatible AI coding assistant connects to the shared instance, giving every code-generation and review session access to curated, versioned security guidance.
Motivation
Today, CodeGuard rules are distributed as static markdown files that must be copy-pasted into each developer's IDE rule configuration. At org scale this creates drift, makes versioning painful, and limits adoption to platforms that support cursor-style always-applied rules.
A centrally deployed remote MCP server solves this:
codeguard_1_*("always-on") tools are invoked on every coding action;codeguard_0_*tools are invoked selectively based on language/domain context inferred by the AI agent.Behaviour
Tool taxonomy
codeguard_1_*codeguard_1_hardcoded_credentials,codeguard_1_crypto_algorithms,codeguard_1_digital_certificatescodeguard_0_*codeguard_0_input_validation_injection,codeguard_0_safe_c_functions,codeguard_0_api_web_servicesEach tool:
{ "result": "<rule markdown>" }containing the full rule text:rule_id, description, guidance, code examples, checklists.descriptionfield in its MCP tool descriptor that states the security domain and applicable languages/artifacts, so the AI agent can decide whichcodeguard_0_*tools to invoke.Meta-rule (client-side)
The server ships a recommended meta-rule (markdown) that organizations distribute to developers for IDE installation. The meta-rule instructs the AI agent to:
codeguard_*tools on the connected server.codeguard_1_*tool before code generation/review.codeguard_0_*tools by matching tool descriptions against the current file extensions, frameworks, and task domain.Addresses Discussion #39