Metadata-Version: 2.4
Name: codemind-mcp
Version: 2.1.0
Summary: MCP Security Guardian — SAST, Secrets, SCA, IaC scanning for AI-powered development
Author: CodeMind Contributors
License: MIT
Project-URL: Homepage, https://github.com/codemind-ai/codemind
Project-URL: Repository, https://github.com/codemind-ai/codemind
Project-URL: Documentation, https://codemind-ai.github.io/codemind
Keywords: mcp,security,ai,code-review,guardian,codemind,sast,sca,secrets-detection,iac-scanning,sarif,vulnerability-scanner,owasp,devsecops,supply-chain
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Quality Assurance
Classifier: Topic :: Software Development :: Testing
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: click>=8.0
Requires-Dist: rich>=13.0
Requires-Dist: pyyaml>=6.0
Requires-Dist: httpx>=0.27
Requires-Dist: mcp>=1.0.0
Requires-Dist: pyperclip>=1.8
Provides-Extra: cli
Requires-Dist: uvicorn>=0.23; extra == "cli"
Requires-Dist: fastapi>=0.100; extra == "cli"
Provides-Extra: analysis
Requires-Dist: tree-sitter>=0.21; extra == "analysis"
Provides-Extra: dev
Requires-Dist: pytest>=7.0; extra == "dev"
Requires-Dist: pytest-cov>=4.0; extra == "dev"
Requires-Dist: pytest-asyncio>=0.21; extra == "dev"
Provides-Extra: all
Requires-Dist: uvicorn>=0.23; extra == "all"
Requires-Dist: fastapi>=0.100; extra == "all"
Requires-Dist: tree-sitter>=0.21; extra == "all"
Dynamic: license-file

# CodeMind — AI Security Guardian

<p align="center">
<pre align="center">
   ___          _      __  __ _           _ 
  / __\___   __| | ___|  \/  (_)_ __   __| |
 / /  / _ \ / _` |/ _ \ |\/| | | '_ \ / _` |
/ /__| (_) | (_| |  __/ |  | | | | | | (_| |
\____/\___/ \__,_|\___|_|  |_|_|_| |_|\__,_|
</pre>
</p>

<p align="center">
  <strong>🛡️ Enterprise-Grade Security for AI-Generated Code</strong><br>
  <em>Think before ship.</em>
</p>

<p align="center">
  <a href="https://pypi.org/project/codemind-mcp/">📦 PyPI</a> •
  <a href="https://codemind-ai.github.io/codemind">📖 Documentation</a> •
  <a href="#installation">🚀 Quick Start</a> •
  <a href="#available-tools">🔧 Tools</a>
</p>

<p align="center">
  <a href="https://pypi.org/project/codemind-mcp/">
    <img src="https://img.shields.io/pypi/v/codemind-mcp.svg" alt="PyPI Version">
  </a>
  <img src="https://img.shields.io/badge/python-3.10+-green.svg" alt="Python">
  <img src="https://img.shields.io/badge/MCP-Native-purple.svg" alt="MCP">
  <img src="https://img.shields.io/badge/license-MIT-blue.svg" alt="License">
  <img src="https://img.shields.io/badge/privacy-100%25%20local-brightgreen.svg" alt="Privacy">
</p>

---

## Technical Overview

CodeMind transforms your AI coding assistant (Cursor, Windsurf, Claude Desktop) into a full security platform. It provides real-time oversight of AI-generated code across five security dimensions.

### Core Capabilities

| Module | Description |
|:---|:---|
| **SAST Engine** | Detection of SQL injection, XSS, SSRF, and command injection patterns. |
| **Secrets Detection** | Identification of hardcoded API keys and tokens with entropy analysis. |
| **SCA (Dependencies)** | Scanning project lockfiles (12 formats) for CVEs via OSV.dev. |
| **IaC Scanning** | Security auditing for Dockerfiles, GitHub Actions, and docker-compose. |
| **SARIF Reporting** | Industry-standard output for CI/CD integration and GitHub Code Scanning. |

---

## Quick Start

### Installation

```bash
# Global installation (recommended for CLI usage)
pip install codemind-mcp
```

### IDE Configuration (MCP)

Add the following to your MCP server configuration:

```json
{
  "mcpServers": {
"codemind": {
      "command": "codemind",
      "args": ["serve"]
    }
  }
}
```

### Usage

Simply include the trigger phrase in your chat prompt:
> "Generate a login endpoint for FastAPI. use codemind"

### Instant SaaS Protection

When you use the `use codemind` trigger, the Guardian automatically enforces essential protections for modern SaaS applications:

- **Rate Limiting**: Automatic protection against DDoS and brute-force attacks.
- **Data Isolation**: Enforcement of Row Level Security (RLS) to ensure users only access their own data.
- **Input Integrity**: Strict server-side validation using Zod or Pydantic.
- **Bot Protection**: Seamless integration of CAPTCHA/Turnstile for public-facing forms.
- **Secure Defaults**: Non-revealing error messages and secure CORS configurations.

---

## Available Tools

CodeMind exposes 14 MCP tools for seamless automated workflows:

*   `guard_code`: Static analysis for vulnerabilities.
*   `scan_secrets`: Entropy-based credential detection.
*   `scan_dependencies`: Software Composition Analysis.
*   `scan_iac_file`: Infrastructure-as-Code auditing.
*   `audit_launch_checklist`: Production readiness verification.
*   `deep_security_scan`: Consolidated multi-layer analysis.

---

## Strategic Roadmap

The transition from a hackathon project to a foundational security primitive.

### Phase 1: Foundation (Vibeathon)
- [x] Initial MCP Server implementation.
- [x] Core SAST pattern matching (50+ rules).
- [x] Secrets detection and SCA integration.
- [x] Launch Readiness Checklist.

### Phase 2: Intelligence (Post-Launch)
- [ ] **Semantic Analysis**: Integration of `tree-sitter` for AST-based auditing.
- [ ] **Taint Tracking**: Dataflow analysis to track untrusted input from source to sink.
- [ ] **Custom Rule DSL**: YAML-based rule definition for community extensions.

### Phase 3: Autonomy (Scale)
- [ ] **Agentic Remediation**: Autonomous fix-verify loops for complex vulnerabilities.
- [ ] **CI/CD Native**: Direct integration with GitHub Actions as a first-class citizen.
- [ ] **Enterprise Dashboard**: Local analytics for team-wide security posture.

### Phase 4: Expansion (Y Combinator Funding)
- [ ] **Universal Integration**: Support for all major LLM providers and coding platforms.
- [ ] **Real-time Protection**: Runtime monitoring for AI-agent executed tasks.
- [ ] **Global Standard**: Becoming the default security layer for AI-driven software development.

---

## Privacy Policy

CodeMind is built on the principle of **Local-First Security**.
- Your source code never leaves your machine.
- All pattern matching and analysis are performed locally.
- SCA requests to OSV.dev contain only package names and versions.
- No telemetry or tracking scripts are included.

---

## License

Distributed under the MIT License. See `LICENSE` for more information.
