codemind-mcp 2.1.0

MCP Security Guardian — SAST, Secrets, SCA, IaC scanning for AI-powered development

CodeMind — AI Security Guardian

   ___          _      __  __ _           _ 
  / __\___   __| | ___|  \/  (_)_ __   __| |
 / /  / _ \ / _` |/ _ \ |\/| | | '_ \ / _` |
/ /__| (_) | (_| |  __/ |  | | | | | | (_| |
\____/\___/ \__,_|\___|_|  |_|_|_| |_|\__,_|

🛡️ Enterprise-Grade Security for AI-Generated Code
Think before ship.

📦 PyPI • 📖 Documentation • 🚀 Quick Start • 🔧 Tools

---

Technical Overview

CodeMind transforms your AI coding assistant (Cursor, Windsurf, Claude Desktop) into a full security platform. It provides real-time oversight of AI-generated code across five security dimensions.

Core Capabilities

Module	Description
SAST Engine	Detection of SQL injection, XSS, SSRF, and command injection patterns.
Secrets Detection	Identification of hardcoded API keys and tokens with entropy analysis.
SCA (Dependencies)	Scanning project lockfiles (12 formats) for CVEs via OSV.dev.
IaC Scanning	Security auditing for Dockerfiles, GitHub Actions, and docker-compose.
SARIF Reporting	Industry-standard output for CI/CD integration and GitHub Code Scanning.

---

Quick Start

Installation

# Global installation (recommended for CLI usage)
pip install codemind-mcp

IDE Configuration (MCP)

Add the following to your MCP server configuration:

{
  "mcpServers": {
"codemind": {
      "command": "codemind",
      "args": ["serve"]
    }
  }
}

Usage

Simply include the trigger phrase in your chat prompt:

"Generate a login endpoint for FastAPI. use codemind"

Instant SaaS Protection

When you use the use codemind trigger, the Guardian automatically enforces essential protections for modern SaaS applications:

• Rate Limiting: Automatic protection against DDoS and brute-force attacks.
• Data Isolation: Enforcement of Row Level Security (RLS) to ensure users only access their own data.
• Input Integrity: Strict server-side validation using Zod or Pydantic.
• Bot Protection: Seamless integration of CAPTCHA/Turnstile for public-facing forms.
• Secure Defaults: Non-revealing error messages and secure CORS configurations.

---

Available Tools

CodeMind exposes 14 MCP tools for seamless automated workflows:

• guard_code: Static analysis for vulnerabilities.
• scan_secrets: Entropy-based credential detection.
• scan_dependencies: Software Composition Analysis.
• scan_iac_file: Infrastructure-as-Code auditing.
• audit_launch_checklist: Production readiness verification.
• deep_security_scan: Consolidated multi-layer analysis.

---

Strategic Roadmap

The transition from a hackathon project to a foundational security primitive.

Phase 1: Foundation (Vibeathon)

• Initial MCP Server implementation.
• Core SAST pattern matching (50+ rules).
• Secrets detection and SCA integration.
• Launch Readiness Checklist.

Phase 2: Intelligence (Post-Launch)

• Semantic Analysis: Integration of tree-sitter for AST-based auditing.
• Taint Tracking: Dataflow analysis to track untrusted input from source to sink.
• Custom Rule DSL: YAML-based rule definition for community extensions.

Phase 3: Autonomy (Scale)

• Agentic Remediation: Autonomous fix-verify loops for complex vulnerabilities.
• CI/CD Native: Direct integration with GitHub Actions as a first-class citizen.
• Enterprise Dashboard: Local analytics for team-wide security posture.

Phase 4: Expansion (Y Combinator Funding)

• Universal Integration: Support for all major LLM providers and coding platforms.
• Real-time Protection: Runtime monitoring for AI-agent executed tasks.
• Global Standard: Becoming the default security layer for AI-driven software development.

---

Privacy Policy

CodeMind is built on the principle of Local-First Security.

• Your source code never leaves your machine.
• All pattern matching and analysis are performed locally.
• SCA requests to OSV.dev contain only package names and versions.
• No telemetry or tracking scripts are included.

---

License

Distributed under the MIT License. See LICENSE for more information.