CodeGuardian MCP Server

![npm version](https://www.npmjs.com/package/@veracity/codeguardian-mcp)
![License: MIT](https://opensource.org/licenses/MIT)
![Node.js Version](https://nodejs.org/)

A Model Context Protocol (MCP) server that integrates with Azure DevOps to provide AI-powered code review capabilities. CodeGuardian enables GitHub Copilot and other AI assistants to perform comprehensive pull request reviews and ASSA review directly within your IDE.

Overview

CodeGuardian MCP Server bridges the gap between AI-powered coding assistants and Azure DevOps, enabling:

- Automated PR Reviews: Leverage AI to review pull requests with professional-grade analysis
- Direct ADO Integration: Fetch PR changes, create review comments, and interact with repositories
- Specialized Review Prompts: Pre-configured prompts for .NET and Frontend code reviews
- ASSA Integration: Leverage AI to perform Application Security Self-Assessment

Quick Start

$3

#### VS Code

![Install with NPX in VS Code](https://insiders.vscode.dev/redirect/mcp/install?name=codeguardian&config=%7B%20%22type%22%3A%20%22stdio%22%2C%20%22command%22%3A%20%22npx%22%2C%20%22args%22%3A%20%5B%22-y%22%2C%20%22%40veracity%2Fcodeguardian-mcp%22%5D%7D)
![Install with NPX in VS Code Insiders](https://insiders.vscode.dev/redirect/mcp/install?name=codeguardian&quality=insiders&config=%7B%20%22type%22%3A%20%22stdio%22%2C%20%22command%22%3A%20%22npx%22%2C%20%22args%22%3A%20%5B%22-y%22%2C%20%22%40veracity%2Fcodeguardian-mcp%22%5D%7D)

#### Visual Studio

![Install for Visual Studio](vsweb+mcp:/install?name=codeguardian&config=%7B%20%22type%22%3A%20%22stdio%22%2C%20%22command%22%3A%20%22npx%22%2C%20%22args%22%3A%20%5B%22-y%22%2C%20%22%40veracity%2Fcodeguardian-mcp%22%5D%7D)

If clicking the button doesn't work, copy and paste this link into your browser:

``

text

vsweb+mcp:/install?name=codeguardian&config=%7B%20%22type%22%3A%20%22stdio%22%2C%20%22command%22%3A%20%22npx%22%2C%20%22args%22%3A%20%5B%22-y%22%2C%20%22%40veracity%2Fcodeguardian-mcp%22%5D%7D





#### Manual Configuration



Add the following to your MCP settings configuration:

json

{

  "mcpServers": {

    "codeguardian": {

      "type": "stdio",

      "command": "npx",

      "args": ["-y", "@veracity/codeguardian-mcp"]

    }

  }

}





Prerequisites



- Node.js 18 or higher

- npm or yarn package manager

- Microsoft account with access to your Azure DevOps organization



Authentication



CodeGuardian uses Interactive OAuth authentication with Azure DevOps:



1. On first use, a browser window automatically opens

2. Sign in with your Microsoft account

3. Grant access to your Azure DevOps organization

4. Authentication tokens are cached for subsequent sessions



Features



$3



CodeGuardian provides specialized prompts that guide AI assistants through comprehensive code reviews. These prompts embed professional review instructions directly into the AI context.



#### Available Prompts



| Prompt | Description |

|--------|-------------|

|

dotnet-pr-review

 | Professional .NET code reviewer with Clean Architecture, DDD patterns, and security best practices |

|

frontend-pr-review

 | Frontend code reviewer for React/TypeScript with modern patterns and VUI component library guidance |

|

assa-review

 | Application Security Self-Assessment (ASSA) review using instructions from Azure DevOps |



$3



1. Open GitHub Copilot Chat (Ctrl+Shift+I or Cmd+Shift+I)

2. Type

/ to see available commands

, or directly reference a prompt

3. Use the prompt with a PR URL:

text

   @codeguardian /dotnet-pr-review https://dev.azure.com/org/project/_git/repo/pullrequest/12345





   Or start a conversation:

text

   Use the dotnet-pr-review prompt to review this PR: https://dev.azure.com/org/project/_git/repo/pullrequest/12345





4. The AI will:

   - Parse the PR URL to extract organization, project, repository, and PR ID

   - Fetch all changed files from Azure DevOps

   - Perform a comprehensive review following the embedded instructions

   - Post review comments directly to the PR in Azure DevOps



#### Example Workflow in VS Code

text

User: @codeguardian /dotnet-pr-review https://dnvgl-one.visualstudio.com/Veracity/_git/MyRepo/pullrequest/12345



Copilot: I'll review this .NET pull request following Clean Architecture and DDD principles...

[Fetches PR changes]

[Analyzes each file]

[Posts comments to Azure DevOps]





$3



1. Open GitHub Copilot Chat from the View menu or use the keyboard shortcut

2. Reference the CodeGuardian MCP and use a prompt:

text

   @codeguardian Use the frontend-pr-review prompt to review: https://dev.azure.com/org/project/_git/repo/pullrequest/67890





3. The AI assistant will perform the review and post comments to your Azure DevOps PR



$3



CodeGuardian exposes the following tools for AI assistants to interact with Azure DevOps:



#### Azure DevOps Repository Tools



| Tool | Description |

|------|-------------|

|

repo_get_pullrequest_changes_by_id

 | Retrieve all file changes and diffs from a pull request |

|

repo_create_pull_request_thread

 | Create a new comment thread on a pull request |



#### ASSA Tools



| Tool | Description |

|------|-------------|

|

assa_copy_config_to_workspace

 | Copy assa.yml configuration file from Azure DevOps to your workspace |



$3



CodeGuardian also provides MCP resources that can be referenced in prompts:



| Resource URI | Description |

|--------------|-------------|

|

prompt://dotnet-pr-review

 | .NET PR Review instructions document |

|

prompt://frontend-pr-review

 | Frontend PR Review instructions document |

|

prompt://assa-instructions

 | ASSA configuration and usage instructions |



Tool Reference



$3



Retrieve all file changes and diffs from a pull request.



Parameters:



| Parameter | Required | Description |

|-----------|----------|-------------|

|

organization

 | Yes | Azure DevOps organization name |

|

project

 | Yes | Azure DevOps project name or ID |

|

repositoryId

 | Yes | Repository ID |

|

pullRequestId

 | Yes | Pull request ID number |



Returns: Detailed PR information including file changes, diffs, and source content for all modified files.



$3



Create a new comment thread on a pull request.



Parameters:



| Parameter | Required | Description |

|-----------|----------|-------------|

|

organization

 | Yes | Azure DevOps organization name |

|

project

 | Yes | Project ID or name |

|

repositoryId

 | Yes | Repository ID |

|

pullRequestId

 | Yes | Pull request ID |

|

content

 | Yes | Comment content |

|

filePath

 | No | File path for the comment |

|

status

 | No | Thread status: "Active", "Fixed", "WontFix", "Closed", "ByDesign", or "Pending" |

|

rightFileStartLine

 | No | Starting line number (1-based) |

|

rightFileStartOffset

 | No | Character offset on starting line |

|

rightFileEndLine

 | No | Ending line number |

|

rightFileEndOffset

 | No | Character offset on ending line |



Returns: Created thread information including thread ID, comments, and status.



$3



Copy the assa.yml configuration file from Azure DevOps to your workspace.



Parameters:



| Parameter | Required | Description |

|-----------|----------|-------------|

|

workspaceRoot

 | Yes | Absolute path to the workspace root folder |

|

overwrite

 | No | Whether to overwrite existing file (default: false) |



Returns: Success message with file location.



Review Prompt Capabilities



$3



The .NET review prompt enforces:



- Clean Architecture validation (Domain, Application, Infrastructure layers)

- Domain-Driven Design patterns

- Security best practices (OWASP guidelines)

- Code correctness and maintainability

- Performance considerations

- Coding style consistency



$3



The Frontend review prompt covers:



- Modern React patterns (hooks, functional components)

- TypeScript best practices

- VUI component library guidelines

- Accessibility considerations

- Security (XSS prevention, input validation)

- Performance optimizations



$3



The ASSA review prompt guides AI through Application Security Self-Assessment:



- Security requirements validation

- Compliance checks against organizational standards

- Vulnerability identification

- Security configuration review

- Best practices enforcement



Examples



$3

text

@codeguardian /dotnet-pr-review https://dev.azure.com/myorg/myproject/_git/myrepo/pullrequest/123

$3

text

@codeguardian /frontend-pr-review https://dev.azure.com/myorg/myproject/_git/frontend-app/pullrequest/456

$3

text

@codeguardian /assa-review





$3



Ask Copilot to use the tool directly:

text

Get information about the "MyRepo" repository in the "MyProject" project

$3

text

Copy the ASSA configuration file to my current workspace





Troubleshooting



$3



- Ensure you have access to the Azure DevOps organization

- Try signing out and signing back in through the OAuth flow

- Check that your Microsoft account has the required permissions



$3



- Verify Node.js 18+ is installed:

node --version`
- Check MCP server logs in your IDE's output panel
- Restart the MCP server from your IDE's MCP settings

$3

- Ensure the PR URL is correctly formatted
- Verify you have read access to the repository
- Check that the PR exists and is accessible

Contributing

Contributions are welcome! Please see the GitHub repository for contribution guidelines.

License

This project is licensed under the MIT License - see the LICENSE file for details.

CodeGuardian MCP Server

Overview

Quick Start

$3

text

vsweb+mcp:/install?name=codeguardian&config=%7B%20%22type%22%3A%20%22stdio%22%2C%20%22command%22%3A%20%22npx%22%2C%20%22args%22%3A%20%5B%22-y%22%2C%20%22%40veracity%2Fcodeguardian-mcp%22%5D%7D





#### Manual Configuration



Add the following to your MCP settings configuration:

json

{

  "mcpServers": {

    "codeguardian": {

      "type": "stdio",

      "command": "npx",

      "args": ["-y", "@veracity/codeguardian-mcp"]

    }

  }

}





Prerequisites



- Node.js 18 or higher

- npm or yarn package manager

- Microsoft account with access to your Azure DevOps organization



Authentication



CodeGuardian uses Interactive OAuth authentication with Azure DevOps:



1. On first use, a browser window automatically opens

2. Sign in with your Microsoft account

3. Grant access to your Azure DevOps organization

4. Authentication tokens are cached for subsequent sessions



Features



$3



CodeGuardian provides specialized prompts that guide AI assistants through comprehensive code reviews. These prompts embed professional review instructions directly into the AI context.



#### Available Prompts



| Prompt | Description |

|--------|-------------|

|

dotnet-pr-review

 | Professional .NET code reviewer with Clean Architecture, DDD patterns, and security best practices |

|

frontend-pr-review

 | Frontend code reviewer for React/TypeScript with modern patterns and VUI component library guidance |

|

assa-review

 | Application Security Self-Assessment (ASSA) review using instructions from Azure DevOps |



$3



1. Open GitHub Copilot Chat (Ctrl+Shift+I or Cmd+Shift+I)

2. Type

/ to see available commands

, or directly reference a prompt

3. Use the prompt with a PR URL:

text

   @codeguardian /dotnet-pr-review https://dev.azure.com/org/project/_git/repo/pullrequest/12345





   Or start a conversation:

text

   Use the dotnet-pr-review prompt to review this PR: https://dev.azure.com/org/project/_git/repo/pullrequest/12345





4. The AI will:

   - Parse the PR URL to extract organization, project, repository, and PR ID

   - Fetch all changed files from Azure DevOps

   - Perform a comprehensive review following the embedded instructions

   - Post review comments directly to the PR in Azure DevOps



#### Example Workflow in VS Code

text

User: @codeguardian /dotnet-pr-review https://dnvgl-one.visualstudio.com/Veracity/_git/MyRepo/pullrequest/12345



Copilot: I'll review this .NET pull request following Clean Architecture and DDD principles...

[Fetches PR changes]

[Analyzes each file]

[Posts comments to Azure DevOps]





$3



1. Open GitHub Copilot Chat from the View menu or use the keyboard shortcut

2. Reference the CodeGuardian MCP and use a prompt:

text

   @codeguardian Use the frontend-pr-review prompt to review: https://dev.azure.com/org/project/_git/repo/pullrequest/67890





3. The AI assistant will perform the review and post comments to your Azure DevOps PR



$3



CodeGuardian exposes the following tools for AI assistants to interact with Azure DevOps:



#### Azure DevOps Repository Tools



| Tool | Description |

|------|-------------|

|

repo_get_pullrequest_changes_by_id

 | Retrieve all file changes and diffs from a pull request |

|

repo_create_pull_request_thread

 | Create a new comment thread on a pull request |



#### ASSA Tools



| Tool | Description |

|------|-------------|

|

assa_copy_config_to_workspace

 | Copy assa.yml configuration file from Azure DevOps to your workspace |



$3



CodeGuardian also provides MCP resources that can be referenced in prompts:



| Resource URI | Description |

|--------------|-------------|

|

prompt://dotnet-pr-review

 | .NET PR Review instructions document |

|

prompt://frontend-pr-review

 | Frontend PR Review instructions document |

|

prompt://assa-instructions

 | ASSA configuration and usage instructions |



Tool Reference



$3



Retrieve all file changes and diffs from a pull request.



Parameters:



| Parameter | Required | Description |

|-----------|----------|-------------|

|

organization

 | Yes | Azure DevOps organization name |

|

project

 | Yes | Azure DevOps project name or ID |

|

repositoryId

 | Yes | Repository ID |

|

pullRequestId

 | Yes | Pull request ID number |



Returns: Detailed PR information including file changes, diffs, and source content for all modified files.



$3



Create a new comment thread on a pull request.



Parameters:



| Parameter | Required | Description |

|-----------|----------|-------------|

|

organization

 | Yes | Azure DevOps organization name |

|

project

 | Yes | Project ID or name |

|

repositoryId

 | Yes | Repository ID |

|

pullRequestId

 | Yes | Pull request ID |

|

content

 | Yes | Comment content |

|

filePath

 | No | File path for the comment |

|

status

 | No | Thread status: "Active", "Fixed", "WontFix", "Closed", "ByDesign", or "Pending" |

|

rightFileStartLine

 | No | Starting line number (1-based) |

|

rightFileStartOffset

 | No | Character offset on starting line |

|

rightFileEndLine

 | No | Ending line number |

|

rightFileEndOffset

 | No | Character offset on ending line |



Returns: Created thread information including thread ID, comments, and status.



$3



Copy the assa.yml configuration file from Azure DevOps to your workspace.



Parameters:



| Parameter | Required | Description |

|-----------|----------|-------------|

|

workspaceRoot

 | Yes | Absolute path to the workspace root folder |

|

overwrite

 | No | Whether to overwrite existing file (default: false) |



Returns: Success message with file location.



Review Prompt Capabilities



$3



The .NET review prompt enforces:



- Clean Architecture validation (Domain, Application, Infrastructure layers)

- Domain-Driven Design patterns

- Security best practices (OWASP guidelines)

- Code correctness and maintainability

- Performance considerations

- Coding style consistency



$3



The Frontend review prompt covers:



- Modern React patterns (hooks, functional components)

- TypeScript best practices

- VUI component library guidelines

- Accessibility considerations

- Security (XSS prevention, input validation)

- Performance optimizations



$3



The ASSA review prompt guides AI through Application Security Self-Assessment:



- Security requirements validation

- Compliance checks against organizational standards

- Vulnerability identification

- Security configuration review

- Best practices enforcement



Examples



$3

text

@codeguardian /dotnet-pr-review https://dev.azure.com/myorg/myproject/_git/myrepo/pullrequest/123

$3

text

@codeguardian /frontend-pr-review https://dev.azure.com/myorg/myproject/_git/frontend-app/pullrequest/456

$3

text

@codeguardian /assa-review





$3



Ask Copilot to use the tool directly:

text

Get information about the "MyRepo" repository in the "MyProject" project

$3

text

Copy the ASSA configuration file to my current workspace





Troubleshooting



$3



- Ensure you have access to the Azure DevOps organization

- Try signing out and signing back in through the OAuth flow

- Check that your Microsoft account has the required permissions



$3



- Verify Node.js 18+ is installed:

node --version`
- Check MCP server logs in your IDE's output panel
- Restart the MCP server from your IDE's MCP settings

$3

- Ensure the PR URL is correctly formatted
- Verify you have read access to the repository
- Check that the PR exists and is accessible

Contributing

Contributions are welcome! Please see the GitHub repository for contribution guidelines.

License

This project is licensed under the MIT License - see the LICENSE file for details.