Security MCP · v2.1 · MIT open core

Static security analysis for AI-assisted development.
MCP tools agents can call before merge.

Hybrid multi-language security for Cursor, Claude, and CI. Secrets, multi-hop taint, tree-sitter sinks, repo/PR scans, SARIF/SBOM, and enterprise policy ALLOW/DENY — all as MCP tools agents can call.

0MCP tools
0automated tests
0languages
4hybrid engines
GuardRail security dashboard mockup with findings and risk score
CRITICAL · SQL taintrequest → execute
Secrets redactedsafe for agent chat
Cursor Claude Desktop VS Code GitHub Actions MCPize Smithery-ready SARIF · CycloneDX · SPDX Enterprise RBAC
Scope: static analysis MCP · does not execute scanned code · website playground is browser-only · see docs/ACCURACY.md

Built for the agent development loop

GuardRail sits between AI-generated patches and your main branch — same engines in the IDE and CI.

AI agent scanning code

Agent-native review

MCP tools return redacted findings + remediations models can apply. No secret leakage into chat history.

Multi-language security

Multi-language hybrid scan

Python AST + multi-hop taint, tree-sitter for JS/Go/Java/Rust/C/C++, plus high-signal language grids.

CI CD security gate

PR & CI gates

Git diff mode, SARIF upload, SBOM export, policy packs that emit ALLOW/DENY for release control.

Enterprise control plane

Enterprise control plane

API keys/JWT, RBAC, path sandbox, quotas, audit logs, compliance evidence, Prometheus metrics.

Four engines. One clean report.

Complementary analyzers reduce blind spots. Results are deduped so agents get signal, not noise.

RX

Secret & pattern grid

Keys, tokens, PEM, TLS verify-off, shell injection patterns, provider prefixes.

AST

Python semantic AST

eval aliases, shell=True, pickle, insecure YAML, SQL interpolation with line evidence.

TN

Multi-hop taint

Tracks untrusted data across assignments into SQL, command, eval, path, and SSRF sinks.

TS

Tree-sitter CST

Structural sinks in Python, JS, Go, Java, C/C++, Rust — stronger than pure text search.

PL

Plugins & rules

Org YAML/JSON rules and Python plugins without forking the core server.

CI

Repo · Diff · Cache

Parallel walks, PR-only scans, incremental content-hash cache for monorepos.

audit_code_safety scan_repository scan_git_diff scan_dependencies export_sarif generate_sbom suggest_fixes evaluate_policy full_pipeline enterprise_health

Why teams pick GuardRail

Directories list tools. GuardRail is a full security workflow for agent-written code.

Capability Generic MCP toy Cloud SAST only GuardRail
Works inside Cursor / Claude MCP Often no
Multi-hop taint + tree-sitter Sometimes
Secret redaction for agent chat Rare Varies
SARIF + SBOM + PR diff mode
Self-host free / MIT core Sometimes
Enterprise RBAC + policy packs $$$$ ✓ included

How it fits your workflow

From IDE agents to production CI — one server, consistent verdicts.

Install the MCP

Point Cursor / Claude / VS Code at python -m guardrail --mode stdio, or deploy on MCPize.

Scan before apply

Agents call audit_code_safety or scan_git_diff on generated patches and pull requests.

Gate with policy

Strict / SOC2 / PCI packs return ALLOW or DENY. Export SARIF and compliance evidence for audits.

Live security playground

Paste code or load a sample. Browser-side demonstration using representative rule IDs. Not the Python runtime. Use the MCP/CLI for production scans.

Tip: edit the code and re-run. Secrets in excerpts are redacted.

Scan result

Browser demonstration

VerdictReady
Policy
Issues
Risk score
Grade
Enginesdemo-regex + taint
Findings0
Run a scan to see findings with line numbers, severity, and remediations.

Ground truth CLI: python -c "from guardrail.hybrid_scan import hybrid_scan; …" · Ground truth: Python hybrid_scan / MCP tools

Pricing that matches security value

Self-host free forever. Monetize on MCPize with freemium → Pro → Enterprise.

Free
$0/mo
Open source · local MCP
  • Full hybrid engines (self-host)
  • STDIO for Cursor / Claude
  • 65 tests + examples
  • MIT license
Clone free
Team
$99/mo
Higher limits · policy packs
  • Everything in Pro
  • Higher scan limits
  • Policy packs
  • Shared team access
Choose Team
Enterprise
$299/mo
RBAC · audit · sandbox
  • RBAC · JWT · audit logs
  • Path sandbox & quotas
  • Compliance evidence
  • Custom policy support
Enterprise docs

Install in minutes

Open source on GitHub. STDIO for IDEs. HTTP for dashboards and hosted gateways.

Cursor / Claude config

mcp.json
{
  "mcpServers": {
    "guardrail": {
      "command": "python",
      "args": ["-m", "guardrail", "--mode", "stdio"],
      "cwd": "/path/to/guardrail-mcp",
      "env": { "PYTHONPATH": "/path/to/guardrail-mcp" }
    }
  }
}

Clone & verify

terminal
git clone https://github.com/SECRET4422/guardrail-mcp.git
cd guardrail-mcp
pip install -r requirements.txt
export PYTHONPATH=$PWD
python -m unittest discover -s tests -v
python -m guardrail --mode stdio

FAQ

Straight answers for buyers and security reviewers.

Abstract security illustration
Is GuardRail a full commercial SAST?
It’s a hybrid heuristic + semantic MCP guardrail optimized for agents and CI. It is not a substitute for enterprise SAST suites, but it’s far beyond toy regex scanners.
Will secrets leak into the LLM chat?
Findings use redacted excerpts. Still: never scan production secrets you can’t rotate, and prefer local STDIO over pasting secrets into remote hosts.
Can I use it only in CI?
Yes. Use scan-repo, scan-diff, SARIF export, and the included GitHub Actions workflows without any IDE.
How do I make money with it?
Self-host free, or publish on MCPize with Pro/Team/Enterprise tiers. See docs/MCPIZE.md in the repo.
What languages are supported?
Deep Python (AST + taint). Structural tree-sitter for JS/TS, Go, Java, C/C++, Rust. Pattern grids for shell, Docker, Terraform, K8s, and more.

Repository & listing

Source, issues, and the MCPize listing are public. Stars and reviews are optional.

Run GuardRail locally or via MCP

MIT-licensed core. Optional hosted listing on MCPize. Enterprise controls documented in-repo.