DecaGuard MCP Server

AI-powered code smell detection and security analysis server using the Model Context Protocol (MCP).

Quick Start

$3

No installation required! Use directly via npx:

Configure Cursor IDE

Edit ~/.cursor/mcp.json (create if it doesn't exist):

``

json

{

  "mcpServers": {

    "decaguard": {

      "command": "npx",

      "args": ["-y", "deca-guard-mcp-server"],

      "env": {

        "OPENAI_API_KEY": "your-api-key-here"

      }

    }

  }

}





Restart Cursor



Completely quit and restart Cursor IDE.



$3

bash

npm install -g deca-guard-mcp-server





Then configure

~/.cursor/mcp.json

json

{

  "mcpServers": {

    "decaguard": {

      "command": "deca-guard-mcp-server",

      "env": {

        "OPENAI_API_KEY": "your-api-key-here"

      }

    }

  }

}





$3



For development or local installation:

bash

git clone https://github.com/tomtarpey/deca-guard-mcp-server.git

cd deca-guard-mcp-server

npm install





Then configure

~/.cursor/mcp.json

json

{

  "mcpServers": {

    "decaguard": {

      "command": "node",

      "args": ["/absolute/path/to/deca-guard-mcp-server/index.js"],

      "env": {

        "OPENAI_API_KEY": "your-api-key-here"

      }

    }

  }

}





Usage



After configuration, open any code file in Cursor and ask:

- "Analyze this code for security vulnerabilities"

- "Check this file for code smells"

- "Review this code for quality and security issues"



Available Tools



$3

Detects maintainability issues:

- Long methods

- Duplicated code

- Large classes

- Feature envy

- Primitive obsession

- Dead code

- Magic numbers

- Nested conditionals



$3

Scans for security issues:

- SQL/Command injection

- XSS vulnerabilities

- Hardcoded secrets

- Insecure cryptography

- Broken authentication

- Path traversal

- Insecure deserialization

- Input validation issues

- Sensitive data exposure



$3

Combined analysis in a single call.



Supported Languages

- JavaScript

- TypeScript

- Python

- Java

- Go

- Rust



Configuration Options



$3



Anthropic Claude:

json

"env": {

  "ANTHROPIC_API_KEY": "sk-ant-...",

  "LLM_BASE_URL": "https://api.anthropic.com/v1",

  "LLM_MODEL": "claude-sonnet-4-20250514"

}





Local Ollama:

json

"env": {

  "LLM_BASE_URL": "http://localhost:11434/v1",

  "LLM_MODEL": "codellama"

}





Troubleshooting



$3

- Check that Node.js (v18+) is installed:

node --version



- Verify the command in mcp.json is correct

- Check logs in Cursor's developer console



$3

- Restart Cursor completely

- Verify mcp.json syntax is valid JSON

- Check that API key is set correctly



$3

- Use a faster model (e.g., gpt-4o-mini)

- Consider analyzing smaller code snippets

- Check your API rate limits



Development



$3

bash

npm test

$3

bash

npm run dev





Publishing



For maintainers, to publish a new version to npm:

bash

npm version patch|minor|major

npm publish

The

prepublishOnly` script will automatically verify the package before publishing.

License

MIT

DecaGuard MCP Server

AI-powered code smell detection and security analysis server using the Model Context Protocol (MCP).

Quick Start

$3

No installation required! Use directly via npx:

Configure Cursor IDE

Edit ~/.cursor/mcp.json (create if it doesn't exist):

``

json

{

  "mcpServers": {

    "decaguard": {

      "command": "npx",

      "args": ["-y", "deca-guard-mcp-server"],

      "env": {

        "OPENAI_API_KEY": "your-api-key-here"

      }

    }

  }

}





Restart Cursor



Completely quit and restart Cursor IDE.



$3

bash

npm install -g deca-guard-mcp-server





Then configure

~/.cursor/mcp.json

json

{

  "mcpServers": {

    "decaguard": {

      "command": "deca-guard-mcp-server",

      "env": {

        "OPENAI_API_KEY": "your-api-key-here"

      }

    }

  }

}





$3



For development or local installation:

bash

git clone https://github.com/tomtarpey/deca-guard-mcp-server.git

cd deca-guard-mcp-server

npm install





Then configure

~/.cursor/mcp.json

json

{

  "mcpServers": {

    "decaguard": {

      "command": "node",

      "args": ["/absolute/path/to/deca-guard-mcp-server/index.js"],

      "env": {

        "OPENAI_API_KEY": "your-api-key-here"

      }

    }

  }

}





Usage



After configuration, open any code file in Cursor and ask:

- "Analyze this code for security vulnerabilities"

- "Check this file for code smells"

- "Review this code for quality and security issues"



Available Tools



$3

Detects maintainability issues:

- Long methods

- Duplicated code

- Large classes

- Feature envy

- Primitive obsession

- Dead code

- Magic numbers

- Nested conditionals



$3

Scans for security issues:

- SQL/Command injection

- XSS vulnerabilities

- Hardcoded secrets

- Insecure cryptography

- Broken authentication

- Path traversal

- Insecure deserialization

- Input validation issues

- Sensitive data exposure



$3

Combined analysis in a single call.



Supported Languages

- JavaScript

- TypeScript

- Python

- Java

- Go

- Rust



Configuration Options



$3



Anthropic Claude:

json

"env": {

  "ANTHROPIC_API_KEY": "sk-ant-...",

  "LLM_BASE_URL": "https://api.anthropic.com/v1",

  "LLM_MODEL": "claude-sonnet-4-20250514"

}





Local Ollama:

json

"env": {

  "LLM_BASE_URL": "http://localhost:11434/v1",

  "LLM_MODEL": "codellama"

}





Troubleshooting



$3

- Check that Node.js (v18+) is installed:

node --version



- Verify the command in mcp.json is correct

- Check logs in Cursor's developer console



$3

- Restart Cursor completely

- Verify mcp.json syntax is valid JSON

- Check that API key is set correctly



$3

- Use a faster model (e.g., gpt-4o-mini)

- Consider analyzing smaller code snippets

- Check your API rate limits



Development



$3

bash

npm test

$3

bash

npm run dev





Publishing



For maintainers, to publish a new version to npm:

bash

npm version patch|minor|major

npm publish

The

prepublishOnly` script will automatically verify the package before publishing.

License

MIT