CodeMind
FreeNot checkedAn AI Security Guardian MCP server that provides real-time vulnerability scanning, secrets detection, and secure coding enforcement for AI-generated code in mod
About
An AI Security Guardian MCP server that provides real-time vulnerability scanning, secrets detection, and secure coding enforcement for AI-generated code in modern web frameworks.
README
___ _ __ __ _ _ / __\___ __| | ___| \/ (_)_ __ __| | / / / _ \ / _` |/ _ \ |\/| | | '_ \ / _` | / /__| (_) | (_| | __/ | | | | | | | (_| | \____/\___/ \__,_|\___|_| |_|_|_| |_|\__,_|
🛡️ Enterprise-Grade Security for AI-Generated Code
Think before ship.
📦 PyPI • 📖 Documentation • 🚀 Quick Start • 🔧 Tools
Technical Overview
CodeMind transforms your AI coding assistant (Cursor, Windsurf, Claude Desktop) into a full security platform for the modern web. Specialized for Next.js, React, and TypeScript, it provides real-time oversight of AI-generated code across five security dimensions.
Core Capabilities
| Module | Description |
|---|---|
| Modular Skills | Plugin-based agentic personas (Security, UI, Docs) with specialized prompts. |
| Safety Lock | Hard-coded protection against DROP, TRUNCATE, and unconditional DELETE. |
| Intent Discovery | Automatic detection of the optimal skill/persona for any given task. |
| SAST Engine | Detection of SQL injection, XSS, SSRF, and command injection patterns. |
| Prompt Security | Specialized detection for prompt injection and leak vulnerabilities. |
| Secrets Detection | Identification of hardcoded API keys and tokens with entropy analysis. |
| IaC Scanning | Security auditing for Dockerfiles, GitHub Actions, and docker-compose. |
Quick Start
1. Installation
Install the core engine from PyPI:
pip install codemind-mcp
2. MCP Configuration
Add CodeMind to your claude_desktop_config.json (or equivalent MCP client config):
{
"mcpServers": {
"codemind": {
"command": "codemind",
"args": ["serve"],
"env": {
"CONTEXT7_API_KEY": "your_optional_key_here"
}
}
}
}
Usage
Simply include the trigger phrase in your chat prompt:
"Generate a login endpoint for FastAPI. use codemind"
Instant SaaS Protection
When you use the use codemind trigger, the Guardian automatically enforces essential protections for modern SaaS applications:
- Rate Limiting: Automatic protection against DDoS and brute-force attacks.
- Data Isolation: Enforcement of Row Level Security (RLS) to ensure users only access their own data.
- Zod Validation: Strict server-side schema validation to prevent untrusted client data from reaching your database.
- Next.js & React Hardening: Automated detection of unsafe
dangerouslySetInnerHTML, exposedNEXT_PUBLIC_secrets, and insecurelocalStoragepatterns. - CSRF Protection: Auditing for missing security headers and insecure client-side data mutations.
- Secure Default Props: Enforcement of TypeScript best practices to eliminate "undefined" security gaps.
- Prompt Security: Hardened system prompts and injection-resistant templates for AI feature implementations.
Available Tools
CodeMind exposes 15 MCP tools for seamless automated workflows:
guard_code: Static analysis for vulnerabilities (including Prompt Injection).detect_intent: 🧠 Automatically identifies the best Skill for a given task.activate_skill: Manually switch between agentic personas (Security, UI, Docs).run_workflow: 🚀 Execute complex multi-step actions (e.g.,/deploy,/audit-deep).list_skills: View all available modular personas and their capabilities.audit_prompt: Specialized analyzer for AI prompt security and leaks.scan_secrets: Entropy-based credential detection.scan_dependencies: Software Composition Analysis (SCA).scan_iac_file: Infrastructure-as-Code auditing.deep_security_scan: Consolidated multi-layer analysis.
Strategic Roadmap
The transition from a hackathon project to a foundational security primitive.
Phase 1: Foundation (Vibeathon Momentum)
- Initial MCP Server: Secure bridge between IDE and AI.
- Core SAST Engine: 50+ deep-scan rules for modern web.
- Secrets & SCA: Entropy-based scanning and dependency auditing.
- Prompt Security: Industry-leading injection & jailbreak detection.
- Vibeathon Grand Finale: Winning the vibeathon (goal!!)
Phase 2: Intelligence & Personas (Ahead of Schedule)
- Modular Skill System: Plugin-based architecture for Security, UI, and Docs experts.
- Intent Discovery: Real-time semantic task classification.
- AI Slop Detection: Eliminating redundant commentary from AI responses.
- Safety Lock: Hard-coded constraints for destructive database operations.
- Semantic Analysis: AST-based auditing for Python & JavaScript.
Phase 3: Total Autonomy (The Scale Phase)
- Self-Healing Code: Autonomous fix-verify loops for complex vulnerabilities.
- Project-Wide Reasoning: Cross-file dependency analysis and taint-tracking.
- CI/CD Native: Seamless integration with GitHub Actions as a first-class security citizen.
- Local LLM Fine-tuning: Custom models optimized for security-first code generation.
Phase 4: Global Transformation (YC & Beyond)
- Universal Security Primitive: The default security layer for all AI-driven development.
- Real-time Runtime Protection: Monitoring AI-agent actions in production environments.
- Enterprise Autonomous Guardian: Team-wide security analytics with zero data leak.
- The AI-Sec Standard: Leading the certification for secure AI-assistants.
Privacy Policy
CodeMind is built on the principle of Local-First Security.
- Your source code never leaves your machine.
- All pattern matching and analysis are performed locally.
- SCA requests to OSV.dev contain only package names and versions.
- No telemetry or tracking scripts are included.
License
Distributed under the MIT License. See LICENSE for more information.
Install CodeMind in Claude Desktop, Claude Code & Cursor
unyly install codemindInstalls into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.
First time? Get the CLI: curl -fsSL https://unyly.org/install | sh
Or configure manually
Run in your terminal:
claude mcp add codemind -- uvx codemind-mcpFAQ
Is CodeMind MCP free?
Yes, CodeMind MCP is free — one-click install via Unyly at no cost.
Does CodeMind need an API key?
No, CodeMind runs without API keys or environment variables.
Is CodeMind hosted or self-hosted?
Self-hosted: the server runs locally on your machine via the install command above.
How do I install CodeMind in Claude Desktop, Claude Code or Cursor?
Open CodeMind on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
GitHub
PRs, issues, code search, CI status
by GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
by mcpdotdirectCompare CodeMind with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All development MCPs
