npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@veracity/codeguardian-mcp

v0.1.8

Published

A Model Context Protocol (MCP) server for CodeGuardian

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

oana.botezatoana.botezatbrandnvbrandnvzoeyxuezoeyxuederek_wmderek_wmaritoraritortomasz.boczarski.dnvtomasz.boczarski.dnvsergii.sokurenkosergii.sokurenkoroshanmharoshanmhaandreassovikandreassovikfrancispaulin_dnvfrancispaulin_dnvthobasthobasfrankveracityfrankveracitygunskednvgunskednvalicjajelinskaalicjajelinskadenpokdnvdenpokdnvlieliulieliuoddtkoddtkemilmuellerdnvcomemilmuellerdnvcombartlomiej.grossbartlomiej.grossandrzej-zaniewskiandrzej-zaniewskisteven.mark.alfordsteven.mark.alfordmdog_dnvmdog_dnveriktorveriktorvsacjamsacjamsarchrsarchrsheggem-dnvsheggem-dnvronaldwuronaldwudnvhaakondnvhaakonmarszwdnvmarszwdnvmwojcik-dnvmwojcik-dnvadrianlippaadrianlippamax_gmax_gronglingronglingjakubdzienjakubdzienhfjukstadhfjukstadtongxgtongxgp.jedryszczak.dnvp.jedryszczak.dnvarilararilarmadanyamadanyahersetehersetejohnlauvdjohnlauvdhanslbhanslbmelo1523melo1523janpochmarajanpochmarasakshi_minochasakshi_minochaleifwalkergrantleifwalkergrantpawelllrpawelllrlailakristinelailakristineola.czerwinskaola.czerwinskaoyvind.mokal.lurasoyvind.mokal.lurasanushka.subedi.dnvanushka.subedi.dnvaditya.pandyaaditya.pandyamarlon.polomelo.dnvmarlon.polomelo.dnvabdullah.dnvabdullah.dnvvinodbhoyevinodbhoyewaqash13waqash13leszek.lewandowski.dnvleszek.lewandowski.dnvpatryk.szczypkapatryk.szczypkamarkdnvmarkdnvdnv_mathisdnv_mathisdafi-dnvdafi-dnvhenry_zhanghenry_zhang

Keywords

mcpmodel-context-protocolaitypescriptcodeguardian

Readme

CodeGuardian MCP Server

npm version License: MIT Node.js Version

A Model Context Protocol (MCP) server that integrates with Azure DevOps to provide AI-powered code review capabilities. CodeGuardian enables GitHub Copilot and other AI assistants to perform comprehensive pull request reviews and ASSA review directly within your IDE.

Overview

CodeGuardian MCP Server bridges the gap between AI-powered coding assistants and Azure DevOps, enabling:

  • Automated PR Reviews: Leverage AI to review pull requests with professional-grade analysis
  • Direct ADO Integration: Fetch PR changes, create review comments, and interact with repositories
  • Specialized Review Prompts: Pre-configured prompts for .NET and Frontend code reviews
  • ASSA Integration: Leverage AI to perform Application Security Self-Assessment

Quick Start

Installation

VS Code

Install with NPX in VS Code Install with NPX in VS Code Insiders

Visual Studio

Install for Visual Studio

If clicking the button doesn't work, copy and paste this link into your browser:

vsweb+mcp:/install?name=codeguardian&config=%7B%20%22type%22%3A%20%22stdio%22%2C%20%22command%22%3A%20%22npx%22%2C%20%22args%22%3A%20%5B%22-y%22%2C%20%22%40veracity%2Fcodeguardian-mcp%22%5D%7D

Manual Configuration

Add the following to your MCP settings configuration:

{
  "mcpServers": {
    "codeguardian": {
      "type": "stdio",
      "command": "npx",
      "args": ["-y", "@veracity/codeguardian-mcp"]
    }
  }
}

Prerequisites

  • Node.js 18 or higher
  • npm or yarn package manager
  • Microsoft account with access to your Azure DevOps organization

Authentication

CodeGuardian uses Interactive OAuth authentication with Azure DevOps:

  1. On first use, a browser window automatically opens
  2. Sign in with your Microsoft account
  3. Grant access to your Azure DevOps organization
  4. Authentication tokens are cached for subsequent sessions

Features

MCP Prompts

CodeGuardian provides specialized prompts that guide AI assistants through comprehensive code reviews. These prompts embed professional review instructions directly into the AI context.

Available Prompts

| Prompt | Description | |--------|-------------| | dotnet-pr-review | Professional .NET code reviewer with Clean Architecture, DDD patterns, and security best practices | | frontend-pr-review | Frontend code reviewer for React/TypeScript with modern patterns and VUI component library guidance | | assa-review | Application Security Self-Assessment (ASSA) review using instructions from Azure DevOps |

Using Prompts in VS Code

  1. Open GitHub Copilot Chat (Ctrl+Shift+I or Cmd+Shift+I)

  2. Type / to see available commands, or directly reference a prompt

  3. Use the prompt with a PR URL:

    @codeguardian /dotnet-pr-review https://dev.azure.com/org/project/_git/repo/pullrequest/12345

    Or start a conversation:

    Use the dotnet-pr-review prompt to review this PR: https://dev.azure.com/org/project/_git/repo/pullrequest/12345

  4. The AI will:

    • Parse the PR URL to extract organization, project, repository, and PR ID
    • Fetch all changed files from Azure DevOps
    • Perform a comprehensive review following the embedded instructions
    • Post review comments directly to the PR in Azure DevOps

Example Workflow in VS Code

User: @codeguardian /dotnet-pr-review https://dnvgl-one.visualstudio.com/Veracity/_git/MyRepo/pullrequest/12345

Copilot: I'll review this .NET pull request following Clean Architecture and DDD principles...
[Fetches PR changes]
[Analyzes each file]
[Posts comments to Azure DevOps]

Using Prompts in Visual Studio

  1. Open GitHub Copilot Chat from the View menu or use the keyboard shortcut

  2. Reference the CodeGuardian MCP and use a prompt:

    @codeguardian Use the frontend-pr-review prompt to review: https://dev.azure.com/org/project/_git/repo/pullrequest/67890

  3. The AI assistant will perform the review and post comments to your Azure DevOps PR

MCP Tools

CodeGuardian exposes the following tools for AI assistants to interact with Azure DevOps:

Azure DevOps Repository Tools

| Tool | Description | |------|-------------| | repo_get_repo_by_name_or_id | Get repository information by project and repository name or ID | | repo_get_pullrequest_changes_by_id | Retrieve all file changes and diffs from a pull request | | repo_create_pull_request_thread | Create a new comment thread on a pull request |

ASSA Tools

| Tool | Description | |------|-------------| | assa_copy_config_to_workspace | Copy assa.yml configuration file from Azure DevOps to your workspace |

MCP Resources

CodeGuardian also provides MCP resources that can be referenced in prompts:

| Resource URI | Description | |--------------|-------------| | prompt://dotnet-pr-review | .NET PR Review instructions document | | prompt://frontend-pr-review | Frontend PR Review instructions document | | prompt://assa-instructions | ASSA configuration and usage instructions |

Tool Reference

repo_get_repo_by_name_or_id

Get repository information by project and repository name or ID.

Parameters:

| Parameter | Required | Description | |-----------|----------|-------------| | organization | Yes | Azure DevOps organization name (e.g., "myorg") | | project | Yes | Project name or ID | | repositoryNameOrId | Yes | Repository name or ID |

Returns: Repository information including ID, name, URL, and project details.

repo_get_pullrequest_changes_by_id

Retrieve all file changes and diffs from a pull request.

Parameters:

| Parameter | Required | Description | |-----------|----------|-------------| | organization | Yes | Azure DevOps organization name | | project | Yes | Azure DevOps project name or ID | | repositoryId | Yes | Repository ID | | pullRequestId | Yes | Pull request ID number |

Returns: Detailed PR information including file changes, diffs, and source content for all modified files.

repo_create_pull_request_thread

Create a new comment thread on a pull request.

Parameters:

| Parameter | Required | Description | |-----------|----------|-------------| | organization | Yes | Azure DevOps organization name | | project | Yes | Project ID or name | | repositoryId | Yes | Repository ID | | pullRequestId | Yes | Pull request ID | | content | Yes | Comment content | | filePath | No | File path for the comment | | status | No | Thread status: "Active", "Fixed", "WontFix", "Closed", "ByDesign", or "Pending" | | rightFileStartLine | No | Starting line number (1-based) | | rightFileStartOffset | No | Character offset on starting line | | rightFileEndLine | No | Ending line number | | rightFileEndOffset | No | Character offset on ending line |

Returns: Created thread information including thread ID, comments, and status.

assa_copy_config_to_workspace

Copy the assa.yml configuration file from Azure DevOps to your workspace.

Parameters:

| Parameter | Required | Description | |-----------|----------|-------------| | workspaceRoot | Yes | Absolute path to the workspace root folder | | overwrite | No | Whether to overwrite existing file (default: false) |

Returns: Success message with file location.

Review Prompt Capabilities

.NET PR Review (dotnet-pr-review)

The .NET review prompt enforces:

  • Clean Architecture validation (Domain, Application, Infrastructure layers)
  • Domain-Driven Design patterns
  • Security best practices (OWASP guidelines)
  • Code correctness and maintainability
  • Performance considerations
  • Coding style consistency

Frontend PR Review (frontend-pr-review)

The Frontend review prompt covers:

  • Modern React patterns (hooks, functional components)
  • TypeScript best practices
  • VUI component library guidelines
  • Accessibility considerations
  • Security (XSS prevention, input validation)
  • Performance optimizations

ASSA Review (assa-review)

The ASSA review prompt guides AI through Application Security Self-Assessment:

  • Security requirements validation
  • Compliance checks against organizational standards
  • Vulnerability identification
  • Security configuration review
  • Best practices enforcement

Examples

Review a .NET Pull Request

@codeguardian /dotnet-pr-review https://dev.azure.com/myorg/myproject/_git/myrepo/pullrequest/123

Review a Frontend Pull Request

@codeguardian /frontend-pr-review https://dev.azure.com/myorg/myproject/_git/frontend-app/pullrequest/456

Perform an ASSA Review

@codeguardian /assa-review

Get Repository Information

Ask Copilot to use the tool directly:

Get information about the "MyRepo" repository in the "MyProject" project

Copy ASSA Configuration

Copy the ASSA configuration file to my current workspace

Troubleshooting

Authentication Issues

  • Ensure you have access to the Azure DevOps organization
  • Try signing out and signing back in through the OAuth flow
  • Check that your Microsoft account has the required permissions

MCP Connection Issues

  • Verify Node.js 18+ is installed: node --version
  • Check MCP server logs in your IDE's output panel
  • Restart the MCP server from your IDE's MCP settings

PR Review Issues

  • Ensure the PR URL is correctly formatted
  • Verify you have read access to the repository
  • Check that the PR exists and is accessible

Contributing

Contributions are welcome! Please see the GitHub repository for contribution guidelines.

License

This project is licensed under the MIT License - see the LICENSE file for details.