Command Palette

Search for a command to run...

UnylyUnyly
Browse all

CodeMind

FreeNot checked

An AI Security Guardian MCP server that provides real-time vulnerability scanning, secrets detection, and secure coding enforcement for AI-generated code in mod

GitHubEmbed

About

An AI Security Guardian MCP server that provides real-time vulnerability scanning, secrets detection, and secure coding enforcement for AI-generated code in modern web frameworks.

README

   ___          _      __  __ _           _ 
  / __\___   __| | ___|  \/  (_)_ __   __| |
 / /  / _ \ / _` |/ _ \ |\/| | | '_ \ / _` |
/ /__| (_) | (_| |  __/ |  | | | | | | (_| |
\____/\___/ \__,_|\___|_|  |_|_|_| |_|\__,_|

🛡️ Enterprise-Grade Security for AI-Generated Code
Think before ship.

📦 PyPI📖 Documentation🚀 Quick Start🔧 Tools

PyPI Version Python MCP License Privacy


Technical Overview

CodeMind transforms your AI coding assistant (Cursor, Windsurf, Claude Desktop) into a full security platform for the modern web. Specialized for Next.js, React, and TypeScript, it provides real-time oversight of AI-generated code across five security dimensions.

Core Capabilities

Module Description
Modular Skills Plugin-based agentic personas (Security, UI, Docs) with specialized prompts.
Safety Lock Hard-coded protection against DROP, TRUNCATE, and unconditional DELETE.
Intent Discovery Automatic detection of the optimal skill/persona for any given task.
SAST Engine Detection of SQL injection, XSS, SSRF, and command injection patterns.
Prompt Security Specialized detection for prompt injection and leak vulnerabilities.
Secrets Detection Identification of hardcoded API keys and tokens with entropy analysis.
IaC Scanning Security auditing for Dockerfiles, GitHub Actions, and docker-compose.

Quick Start

1. Installation

Install the core engine from PyPI:

pip install codemind-mcp

2. MCP Configuration

Add CodeMind to your claude_desktop_config.json (or equivalent MCP client config):

{
  "mcpServers": {
    "codemind": {
      "command": "codemind",
      "args": ["serve"],
      "env": {
        "CONTEXT7_API_KEY": "your_optional_key_here"
      }
    }
  }
}

Usage

Simply include the trigger phrase in your chat prompt:

"Generate a login endpoint for FastAPI. use codemind"

Instant SaaS Protection

When you use the use codemind trigger, the Guardian automatically enforces essential protections for modern SaaS applications:

  • Rate Limiting: Automatic protection against DDoS and brute-force attacks.
  • Data Isolation: Enforcement of Row Level Security (RLS) to ensure users only access their own data.
  • Zod Validation: Strict server-side schema validation to prevent untrusted client data from reaching your database.
  • Next.js & React Hardening: Automated detection of unsafe dangerouslySetInnerHTML, exposed NEXT_PUBLIC_ secrets, and insecure localStorage patterns.
  • CSRF Protection: Auditing for missing security headers and insecure client-side data mutations.
  • Secure Default Props: Enforcement of TypeScript best practices to eliminate "undefined" security gaps.
  • Prompt Security: Hardened system prompts and injection-resistant templates for AI feature implementations.

Available Tools

CodeMind exposes 15 MCP tools for seamless automated workflows:

  • guard_code: Static analysis for vulnerabilities (including Prompt Injection).
  • detect_intent: 🧠 Automatically identifies the best Skill for a given task.
  • activate_skill: Manually switch between agentic personas (Security, UI, Docs).
  • run_workflow: 🚀 Execute complex multi-step actions (e.g., /deploy, /audit-deep).
  • list_skills: View all available modular personas and their capabilities.
  • audit_prompt: Specialized analyzer for AI prompt security and leaks.
  • scan_secrets: Entropy-based credential detection.
  • scan_dependencies: Software Composition Analysis (SCA).
  • scan_iac_file: Infrastructure-as-Code auditing.
  • deep_security_scan: Consolidated multi-layer analysis.

Strategic Roadmap

The transition from a hackathon project to a foundational security primitive.

Phase 1: Foundation (Vibeathon Momentum)

  • Initial MCP Server: Secure bridge between IDE and AI.
  • Core SAST Engine: 50+ deep-scan rules for modern web.
  • Secrets & SCA: Entropy-based scanning and dependency auditing.
  • Prompt Security: Industry-leading injection & jailbreak detection.
  • Vibeathon Grand Finale: Winning the vibeathon (goal!!)

Phase 2: Intelligence & Personas (Ahead of Schedule)

  • Modular Skill System: Plugin-based architecture for Security, UI, and Docs experts.
  • Intent Discovery: Real-time semantic task classification.
  • AI Slop Detection: Eliminating redundant commentary from AI responses.
  • Safety Lock: Hard-coded constraints for destructive database operations.
  • Semantic Analysis: AST-based auditing for Python & JavaScript.

Phase 3: Total Autonomy (The Scale Phase)

  • Self-Healing Code: Autonomous fix-verify loops for complex vulnerabilities.
  • Project-Wide Reasoning: Cross-file dependency analysis and taint-tracking.
  • CI/CD Native: Seamless integration with GitHub Actions as a first-class security citizen.
  • Local LLM Fine-tuning: Custom models optimized for security-first code generation.

Phase 4: Global Transformation (YC & Beyond)

  • Universal Security Primitive: The default security layer for all AI-driven development.
  • Real-time Runtime Protection: Monitoring AI-agent actions in production environments.
  • Enterprise Autonomous Guardian: Team-wide security analytics with zero data leak.
  • The AI-Sec Standard: Leading the certification for secure AI-assistants.

Privacy Policy

CodeMind is built on the principle of Local-First Security.

  • Your source code never leaves your machine.
  • All pattern matching and analysis are performed locally.
  • SCA requests to OSV.dev contain only package names and versions.
  • No telemetry or tracking scripts are included.

License

Distributed under the MIT License. See LICENSE for more information.

from github.com/codemind-ai/codemind

Install CodeMind in Claude Desktop, Claude Code & Cursor

Recommended · one command, every IDE
unyly install codemind

Installs into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.

First time? Get the CLI: curl -fsSL https://unyly.org/install | sh

Or configure manually

Run in your terminal:

claude mcp add codemind -- uvx codemind-mcp

FAQ

Is CodeMind MCP free?

Yes, CodeMind MCP is free — one-click install via Unyly at no cost.

Does CodeMind need an API key?

No, CodeMind runs without API keys or environment variables.

Is CodeMind hosted or self-hosted?

Self-hosted: the server runs locally on your machine via the install command above.

How do I install CodeMind in Claude Desktop, Claude Code or Cursor?

Open CodeMind on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.

Related MCPs

Compare CodeMind with

Not sure what to pick?

Find your stack in 60 seconds

Author?

Embed badge for your README

Browse similar

All development MCPs