Article: CodeGuardian: A Model Context Protocol Server for AI-Assisted Code Quality Analysis and Security Scanning

The software development industry has witnessed a paradigm shift with the introduction of AI-powered coding assistants. Tools such as GitHub Copilot have demonstrated remarkable capabilities in code generation and explanation, yet they operate primarily on a syntactic understanding of code. This leaves a critical gap: Existing assistants lack deep integration with the broader ecosystem of security scanners and enterprise standards upon which professional teams rely.

Traditionally, maintaining code quality and security requires developers to context-switch between their AI assistant and separate dashboards like SonarQube or Checkmarx. This friction often delays feedback and reduces the likelihood that vulnerabilities are addressed early in the lifecycle. The core insight is: Model Context Protocol (MCP) bridges this gap by enabling AI assistants like GitHub Copilot to invoke specialized security tools through natural conversation

CodeGuardian enters this space as a MCP server that extends AI assistants with eleven specialized tools for automated analysis and vulnerability detection. By bridging the gap between conversational AI and rigorous security tooling, it enables developers to invoke specialized scans through natural conversation directly within the IDE. Unlike traditional tools that merely flag issues, CodeGuardian provides AI-powered remediation, actual code fixes that can reduce the mean time to resolution by a factor of ten.

At its core, CodeGuardian is built on the principles of modularity and extensibility. The server is implemented in Node.js using the official MCP SDK, handling protocol negotiation, and request routing through a centralized "Tool Router". Each capability is implemented as an independent module, ensuring that a failure in one linter doesn't prevent other security tools from functioning. Let’s dive into each capability.

Security Tools

These tools focus on identifying vulnerabilities and protecting sensitive data within the codebase.

• vulnerability_scan executes npm audit to detect known dependency-level vulnerabilities.
• bugbounty_security_scan is a comprehensive penetration testing tool that detects over fifteen vulnerability categories, including SQL Injection and XSS, aligned with the OWASP Top 10.
• rce_vulnerability_scan: An advanced scanner utilizing over fifty patterns to detect Remote Code Execution (RCE) risks like command and code injection.
• csrf_security_check: Specifically validates the implementation of Cross-Site Request Forgery (CSRF) tokens and secure cookie patterns.
• ssl_certificate_scan: Analyzes API requests for SSL/TLS issues, including certificate validation and protocol analysis.
• log_vulnerability_check: Scans manifests specifically for critical CVEs like Log4j or Logback.

Quality and Compliance Tools

These modules measure the health of the code and ensure it adheres to organizational standards.

• Analyze_code runs language-specific linters (e.g., ESLint, Ruff) to find syntax errors and style violations.
• Code_quality_metrics computes deep technical metrics including Cyclomatic Complexity, the Maintainability Index, and technical debt estimation.
• Check_logging_policy enforces best practices by detecting sensitive data exposure (like passwords or SSNs) in application logs.

For maintainability analysis, CodeGuardian implements the Halstead-McCabe formula. It calculates the Maintainability Index (MI) by weighing Halstead Volume, Cyclomatic Complexity, and Lines of Code:

MI = max(0, 171 - 5.2 ln(HV) - 0.23 cdot CC - 16.2 ln(LOC))

DevOps and Reporting Tools

These tools streamline the developer workflow and provide actionable feedback. Github pull requests (github_pull_requests) manages the PR lifecycle, allowing developers to create, review, and merge pull requests via natural language within the IDE. Generate_report consolidates findings into interactive HTML dashboards, structured JSON for CI/CD, or Markdown documentation.

AI-Powered Remediation

This is where CodeGuardian MCP shines over traditional tools. Instead of just reporting problems, the Remediation Engine provides contextual, language-specific code fixes.

SQL Injection Fix Example

Vulnerability: SQL Injection
Language: JavaScript
❌ Vulnerable Code:
const query = "SELECT * FROM users WHERE id = " + userId;
✅ Secure Fix:
const query = "SELECT * FROM users WHERE id = ?";
db.query(query, [userId]);
 References:
- OWASP SQL Injection Prevention Cheat Sheet
- CWE-89: SQL Injection

Performance and Real-World Impact

To validate its efficacy, CodeGuardian was put through a series of experimental evaluations and real-world deployments. The system was tested against known vulnerability benchmarks like OWASP WebGoat and DVWA. The results demonstrated an overall precision of 88.3 percent and a recall of 89.2 percent, successfully identifying over fifteen vulnerability categories. Notably, it achieved 93.8 percent precision in detecting SQL Injection and 94.7 percent for Command Injection.

In terms of performance, the analysis time scales linearly with the size of the repository. For projects under two hundred fifty files, CodeGuardian maintains sub-three-second response times, ensuring that the tool remains an interactive part of the development flow rather than a background bottleneck.

Beyond the lab, the tool was deployed to two development teams over a four-week period. The impact was immediate:

• Security Detection. The teams identified forty-seven previously unknown vulnerabilities.
• High Adoption. Seventy-five percent of developers integrated CodeGuardian into their weekly workflow.
• Rapid Remediation. Sixty-eight percent of identified issues were resolved within a single sprint, supported by the tool’s ability to provide contextual fixes.

Installation and Usage

Getting started with CodeGuardian is designed to be straightforward for modern JavaScript environments. Developers require:

• Node.js 18.0.0 or higher
• VS Code with the GitHub Copilot Chat extension (v0.12.0+)
• Optional tools include enry, eslint, ruff for extended functionality

The setup involves a simple three-step process:

Visual Studio Code Setup

Step 1: Configure MCP Server

Create or update .vscode/mcp.json in your workspace:

{
  "servers": {
    "codeguardian": {
      "type": "stdio",
      "command": "node",
      "args": ["${workspaceFolder}/build/index.js"]
    }
  }
}

Step 2: Visual Studio Code Configuration

Add to settings.json:

{
   "github.copilot.chat.mcp.enabled": true,
   "github.copilot.chat.mcp.enabled": {
    "codeguardian": {
            "type": "stdio",
            "command": "node",
            "args": ["${workspaceFolder}/build/index.js"]
      }
    }
}

Step 3: Build and Run

# Clone and build
git clone https://github.com/madhveshkumar/CodeGuardian
cd CodeGuardian
npm install
npm run build
 
# The MCP server is now ready for GitHub Copilot

IntelliJ IDEA / WebStorm

Configuration:

• A run configuration called MCP Server: Build & Run has been created in .idea/runConfigurations.
• Select it from the run configurations dropdown.
• Click Run or Debug.

Client Connection:

Because IntelliJ does not yet have a native MCP client (as of early 2026), run this as a standard Node.js app.You can use an external MCP client (like Claude Desktop) pointed to the running process or built file.

Once active, the power of CodeGuardian is accessed through natural language. A developer can simply ask their assistant.

@workspace Run a security vulnerability scan on this project
@workspace Get fixes for all high severity vulnerabilities found in the scan

The tool then provides actionable fix suggestions with original and replacement code that can be applied immediately.

Example Scanning a Full-Stack Photo App

To illustrate CodeGuardian's capabilities in a realistic scenario, let's walk through scanning PhotoVault, a photo picker and gallery web application built with Node.js, Express, React and PostgreSQL. This is the kind of full-stack project you'd find at any startup or enterprise team. Unlike synthetic demos, PhotoVault represents a real-world codebase with authentication, file uploads, database queries and API integrations: the exact surface area where security vulnerabilities hide.

Project Structure

Our sample project we use to demonstrate CodeGuardian’s capabilities follows.

Figure 1: Project structure.

Step 1: Security Vulnerability Scan

We start by asking Copilot to run a comprehensive security scan.

Prompt: "@workspace Run a security vulnerability scan on this project"
CodeGuardian scans all files and returns:

Findings Summary

Within seconds, CodeGuardian returns a prioritized breakdown of every issue it found across the entire codebase. Notice the breadth of coverage: a single natural language prompt surfaces vulnerabilities spanning application code, authentication, cryptography, and HTTP security — categories that would typically require three or four separate tools to cover. The three critical findings below are especially worth examining because they represent the most commonly exploited vulnerability classes in real-world breaches.

Critical Finding #1: SQL Injection in Photo Search

This finding illustrates a textbook SQL injection: all three query parameters (query, album, and sortBy) are interpolated directly into the SQL string. What makes this particularly dangerous is the ORDER BY ${sortBy} clause — even developers who remember to parameterize WHERE conditions often overlook ORDER BY as an injection vector.

// src/routes/photos.js — Line 47
// ❌ VULNERABLE: User input directly concatenated into SQL query
 
router.get('/search', async (req, res) => {
  const { query, album, sortBy } = req.query;
  const sql = `SELECT * FROM photos 
    WHERE title LIKE '%${query}%' 
    AND album_id = '${album}'
    ORDER BY ${sortBy}`;
  const results = await db.query(sql);
  res.json(results.rows);
});

Critical Finding #2: Remote Code Execution via Image Processing

This is a classic command injection vulnerability hiding behind a seemingly innocent feature. The user-supplied filename, width, and height values are concatenated directly into a shell command — meaning an attacker could submit a filename like photo.jpg; rm -rf / and achieve arbitrary code execution on the server. CodeGuardian flags this as critical because it requires zero authentication to exploit via the upload API.

// src/routes/photos.js — Line 82
// ❌ VULNERABLE: User filename passed to shell command
 
router.post('/resize', async (req, res) => {
  const { filename, width, height } = req.body;
  const cmd = `convert uploads/${filename} -resize ${width}x${height} output/${filename}`;
  exec(cmd, (err, stdout) => {
    if (err) return res.status(500).json({ error: err.message });
    res.json({ status: 'resized', file: filename });
  });
});

Critical Finding #3: Hardcoded Secrets

Beyond the obvious hardcoded production password, note the two compounding issues CodeGuardian identifies here: the full RDS hostname reveals the AWS region and cluster ID (useful for reconnaissance), and SSL is explicitly disabled meaning credentials travel in plaintext over the network. This is a pattern CodeGuardian sees frequently: a single file with multiple layered misconfigurations.

// src/utils/db.js — Line 5
// ❌ VULNERABLE: Database credentials hardcoded in source
 
const pool = new Pool({
  host: 'photovault-prod.cluster-abc123.us-east-1.rds.amazonaws.com',
  database: 'photovault',
  user: 'admin',
  password: 'Pr0d_S3cret!2026',
  port: 5432,
  ssl: false    // ❌ Also: SSL disabled for production database
});

Step 2: AI-Powered Remediation

Now we ask Copilot for fixes and this is where CodeGuardian outperforms traditional tools. Rather than linking to a generic OWASP page (as SonarQube or Checkmarx would), CodeGuardian generates drop-in replacement code tailored to the project's language, framework, and coding style. Each fix addresses not just the primary vulnerability but also adjacent risks the developer might not have considered.

Prompt: "@workspace Get remediation for all critical vulnerabilities found"

Fix #1: SQL Injection Prevented by Parameterized Queries

The remediation uses PostgreSQL's native $1, $2 parameter syntax, not a generic example because CodeGuardian detected the pg driver in the project's dependencies. Key observation: it also introduces a whitelist for the ORDER BY column, a subtlety that parameterized queries alone cannot solve since column names cannot be bound as parameters.

// ✅ SECURE: Parameterized queries prevent SQL injection
 
const ALLOWED_SORT = ['created_at', 'title', 'file_size'];
 
router.get('/search', async (req, res) => {
  const { query, album, sortBy } = req.query;
  
  // Whitelist sort column to prevent ORDER BY injection
  const safeSortBy = ALLOWED_SORT.includes(sortBy) ? sortBy : 'created_at';
  
  const sql = `SELECT * FROM photos 
    WHERE title LIKE $1 
    AND album_id = $2
    ORDER BY ${safeSortBy} DESC`;
  
  const results = await db.query(sql, [`%${query}%`, album]);
  res.json(results.rows);
});
 
//  CWE-89 | OWASP A03:2021 Injection
//  https://cheatsheetseries.owasp.org/SQL_Injection_Prevention

Fix #2: Remote Code Execution Blocked by Safe Image Processing Library

Instead of merely sanitizing the shell command input, CodeGuardian recommends eliminating the shell entirely by switching to sharp, a native image processing library. Notice the defense-in-depth approach: the fix validates the file extension against an allowlist, strips directory paths with path.basename() to prevent traversal, and caps dimensions to prevent resource exhaustion attacks four layers of protection in a single remediation.

// ✅ SECURE: Use sharp library instead of shell commands
import sharp from 'sharp';
import path from 'path';
 
const ALLOWED_EXTENSIONS = ['.jpg', '.jpeg', '.png', '.webp', '.gif'];
const MAX_DIMENSION = 4096;
 
router.post('/resize', async (req, res) => {
  const { filename, width, height } = req.body;
 
  // Validate filename — prevent path traversal
  const safeName = path.basename(filename);
  const ext = path.extname(safeName).toLowerCase();
  if (!ALLOWED_EXTENSIONS.includes(ext)) {
    return res.status(400).json({ error: 'Invalid file type' });
  }
 
  // Validate dimensions — prevent resource exhaustion
  const w = Math.min(Math.max(parseInt(width) || 800, 1), MAX_DIMENSION);
  const h = Math.min(Math.max(parseInt(height) || 600, 1), MAX_DIMENSION);
 
  try {
    await sharp(path.join('uploads', safeName))
      .resize(w, h, { fit: 'inside', withoutEnlargement: true })
      .toFile(path.join('output', safeName));
    res.json({ status: 'resized', file: safeName });
  } catch (err) {
    res.status(500).json({ error: 'Processing failed' });
  }
});
 
//  CWE-78 | OWASP A03:2021 Injection
//  Never pass user input to exec(), spawn(), or system()

Fix #3: Hardcoded Secrets Replaced by Environment Variables

The fix does more than swap strings for process.env references. It also enables SSL with certificate verification addressing the compounding transport-layer vulnerability that CodeGuardian flagged in the same finding. The inline comment recommending AWS Secrets Manager or HashiCorp Vault reflects CodeGuardian's awareness of production-grade secret management, not just local development patterns.

// ✅ SECURE: Use environment variables + SSL enabled
 
const pool = new Pool({
  host: process.env.DB_HOST,
  database: process.env.DB_NAME,
  user: process.env.DB_USER,
  password: process.env.DB_PASSWORD,
  port: parseInt(process.env.DB_PORT || '5432'),
  ssl: {
    rejectUnauthorized: true,
    ca: fs.readFileSync(process.env.DB_CA_CERT)
  }
});
 
//  CWE-798 | OWASP A07:2021 Identification and Authentication Failures
//  Use AWS Secrets Manager or HashiCorp Vault in production

Step 3: Secret Detection Deep Scan

After fixing the critical code vulnerabilities, a dedicated secret scan sweeps the entire repository including configuration files, environment files, and Docker manifests that code-level scanners typically ignore. The results below reveal a common pattern in full-stack projects: secrets proliferate across layers. The same database password appears in source code, Docker Compose, and Terraform, each requiring a different remediation strategy. Also noteworthy is the .env file containing an AWS secret key if this repository is public or lacks proper .gitignore rules, this credential is already compromised.

Prompt: "@workspace Check all files for exposed secrets and credentials"

Step 4: Software Bill of Materials (SBOM) Generation

A Software Bill of Materials is increasingly required for regulatory compliance (Executive Order 14028, EU Cyber Resilience Act) and supply chain security. CodeGuardian generates a standards-compliant CycloneDX SBOM that catalogs all 847 components and immediately cross-references them against known CVE databases. Two key observations: the 24-to-823 ratio of direct-to-transitive dependencies illustrates why manual dependency auditing is impractical, and the two GPL-3.0 packages flagged under license analysis could create legal exposure if PhotoVault is distributed as proprietary software.

Prompt: "@workspace Generate an SBOM for this project in CycloneDX format"

Step 5: Security Report Generation

Finally, CodeGuardian aggregates all findings into a single scored report that gives stakeholders an at-a-glance assessment. The 31/100 score reflects the cumulative risk across every layer of the stack. Notice that Secret Management scores the lowest at 10/100 this is because secrets were found in five different locations across the codebase, Dockerfiles, and infrastructure, making it a systemic issue rather than an isolated bug. This kind of cross-layer scoring is something no single traditional tool can provide.

Prompt: "@workspace Generate a complete security report for this project"

PhotoVault Security Score: 31/100 

After Applying CodeGuardian Fixes

After applying all AI-generated remediations, re-scanning shows dramatic improvement. The before-and-after comparison below demonstrates the compounding effect of CodeGuardian's holistic approach: because the tool addresses vulnerabilities across code, dependencies, containers, and infrastructure simultaneously, the overall score jumps by 61 points. Secret Management sees the most dramatic improvement (+85) because the same remediation strategy externalizes credentials to environment variables and secret managers resolve issues in five different files at once.

Prompt: "@workspace Generate a complete security report for this project"

PhotoVault Security Score: 92/100 

Total time from first scan to fully remediated: 15 minutes with CodeGuardian, compared to 2-3 days using traditional tools with manual research and context switching.

Conclusion

Although experimental evaluation and real world deployment to the development team yielded measurable results, CodeGuardian does have some limitations. Its regex-based vulnerability detection cannot identify complex data flow issues that require taint analysis. It is currently optimized for Java, JavaScript, Python and GoLang with limited support for C/C++, Ruby and PHP. And it struggles with large monorepos with over one thousand files.

Additionally, there are still open questions on whether the conversational pattern of LLMs and MCP tools puts a limit on analysis depth and complexity. That said, we believe that the convenience of a natural language interface, and the ability of LLMs to autogenerate fixes for findings, will reduce friction for developers and improve efforts to "shift left" in securing software development.