// mcp · hosted · audit-logged

Your AI agent already reads diffs.
Now let it author the rulebook.

The CodeGuards MCP server exposes cg_* tools to Cursor, Claude Desktop, ChatGPT and any MCP-compatible agent. Read repository profiles, inspect base rule packs, draft custom rules, and prune false positives — all with the same auth, validation, and audit trail as the workspace UI.

9 typed tools cg_* namespace Sanctum PAT scope mcp audit-logged
Start free Connect Cursor No SDK. No local server. Works behind your firewall over HTTPS.
// works with every mcp client
Cursor Claude Desktop ChatGPT Desktop Windsurf Cline Continue Zed VS Code Goose OpenCode Codex CLI Aider Cursor Claude Desktop ChatGPT Desktop Windsurf Cline Continue Zed VS Code Goose OpenCode Codex CLI Aider

// why MCP, not a wrapper around our REST API

OpenAPI tells the model what endpoints exist. MCP tells it what to do. The cg_* surface is curated for the things that actually happen during a review cycle: inspect the repository's profile, see what base packs already cover, draft custom rules in one transaction, prune false positives. Tools come with descriptions, schemas, and a single auth path — the model picks the right one; you approve the call.

// raw REST + OpenAPI

  • Model has to invent request bodies
  • No notion of "draft before write" workflow
  • No tool-approval prompt in the IDE
  • Errors surface only at runtime
  • Per-endpoint auth, no unified scope

// codeguards MCP

  • 9 curated tools — reads + transactional bulk-write
  • cg_get_rule_schema exposes enums + limits up front
  • Cursor / Claude prompt before every write
  • Sanctum PAT, single mcp scope to revoke
  • Every call lands in mcp_audit_logs

// tools surface

Every tool is namespaced cg_*. Read tools share a 60/min rate budget per token; write tools share 12/min. Read first, write once.

// read
read

cg_list_repositories

Every repo the token can access — uuid, full_name, stack_key, has_active_rulebook. Always the first call.

read

cg_get_repository_profile

LLM-generated repo profile: architecture, conventions, layers, hot files. Grounds drafted rules in your style.

read

cg_list_rule_entries

All rules in the active rulebook — uuid, source, severity, enabled. Optional source filter. Required before toggle / update / delete.

read

cg_list_base_rule_packs

Shipped universal + stack-specific packs already applied. Stops the model from restating what's already covered.

read

cg_get_rule_schema

Enums, length limits and validation rules. Draft rules that always pass server-side checks.

// write
write

cg_create_custom_rules_bulk

Atomic — up to 50 rules per call. Marked creation_origin=mcp so the UI shows the badge. Any reject rolls the whole batch back.

write

cg_update_rule_entry

Sparse patch on a single rule. Works on custom + derived. Routes through the same services as the UI — invariants stay identical.

write

cg_delete_rule_entry

Permanent delete. custom + derived only — base is rejected. Prune what the derived rulebook over-produced.

write

cg_toggle_derived_rule

Flip a derived rule on/off without deleting it. Useful for quick A/B-style tuning on a noisy detector.

// how the call travels

Three pieces, all hosted. Same auth, same validation, same audit trail as if you'd clicked through the workspace UI.

// step 1

your IDE cursor / claude / chatgpt

Reads mcp.json + Bearer PAT, calls JSON-RPC over HTTP. You approve every write.

// step 2

mcp server /api/mcp

Sanctum auth → mcp scope guard → audit log row → tool handler. Same Laravel stack as the workspace.

// step 3

codeguards core profiles · rulebooks · reviews

Same services the UI uses. Bulk-writes are one DB transaction. Audit row links back to the token.

// five-minute setup

Generate a PAT in /settings/api-tokens (scope mcp, 90-day expiry default). Drop the snippet into your IDE's MCP config. Restart. The cg_* tools appear in the tool picker. 

{
  "mcpServers": {
    "codeguards": {
      "type": "http",
      "url": "https://codeguards.io/api/mcp",
      "headers": {
        "Authorization": "Bearer cg_pat_xxxxxxxxxxxxxxxxxxxxxx"
      }
    }
  }
}

// prompts to try

Drop these into Cursor / Claude after the MCP server is connected:

List my repositories, then read the profile of cg-api and summarise its layering.
Compare derived vs custom rules for repo cg-api and flag any pair that overlaps semantically.
Draft 5 Laravel-specific rules for repo cg-api avoiding anything in the base packs. Then create them in one batch.
Find derived rules with severity=low and fired<3 times in the last 30 days; toggle them off.
Show all creation_origin=mcp rules across my repos and group by stack.
Patch rule uuid-x to lower severity to warn and add an example from the diff I just opened.

// security model

The MCP server is just another Laravel route group — /api/mcp — guarded by auth:sanctum, then mcp.audit, then mcp.scope:mcp. A PAT without the mcp ability is rejected even on read tools, and the rejection itself is recorded in mcp_audit_logs. We want the audit trail to show "someone tried to use a wrong-scope PAT against /api/mcp", not silence.

What lands in the audit log

  • Token id, organization id, tool name, request time, latency
  • Request payload hash + response status
  • For write tools: the resulting rule ids (so a rollback has a clear blast radius)
  • Denied calls — wrong scope, expired token, rate-limited

Token hygiene

  • Default 90-day expiry; revocable instantly from /settings/api-tokens
  • Plain text shown once on creation — Sanctum stores only the hash
  • One PAT per agent recommended (revoke just that one if a laptop walks)

// FAQ

Is this hosted, or do I run a local server?

Hosted. The MCP server lives at https://codeguards.io/api/mcp. You configure your IDE's mcp.json, paste the PAT, and you're done — no Node process, no Docker container on your side.

Which IDEs / agents work?

Anything that speaks remote HTTP MCP: Cursor, Claude Desktop (via server-fetch), ChatGPT Desktop, Windsurf, Cline, Continue, Zed, Goose, OpenCode, Codex CLI, Aider — and custom integrations using the @modelcontextprotocol client libraries.

Can the AI break my rulebook?

Writes go through the same Laravel services as the workspace UI, so invariants (enum values, severity ranges, dedupe constraints) are identical. cg_create_custom_rules_bulk is a single DB transaction — any rejected rule rolls the whole batch back. base rules are never mutable from MCP.

How are calls authenticated?

Laravel Sanctum personal access tokens. Each token has a name, an expiry, and an explicit ability set. The MCP scope guard requires mcp — your existing CI keys (different scope) cannot accidentally hit MCP endpoints.

What about rate limits?

Read tools share 60 calls / min per token; write tools share 12 / min. Generous for an interactive IDE session, low enough that a runaway agent can't burn through the database. Bulk-create takes one slot, not fifty.

Does it cost extra?

No. MCP access is included in every CodeGuards plan — same workspace, same billing. See pricing.

Is there a way to read review verdicts via MCP?

Verdict-reading tools are on the roadmap. The current surface is rule-authoring + repo-profile-inspection because that's where AI assistance compounds the most. For now use the webhook integration for verdicts in CI.

Let your agent operate the rulebook. Generate a PAT, paste the snippet, run a prompt. Five minutes end-to-end.
Start free
Looking for the underlying products? Security scans · Code review · How it works · Pricing