Metadata-Version: 2.4
Name: codesecure-mcp
Version: 1.0.0b9
Summary: Enterprise-grade security analysis MCP server hub for IDE integration
License: MIT
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: mcp<1.24.0,>=1.0.0
Requires-Dist: fastmcp>=0.1.0
Requires-Dist: click>=8.0.0
Requires-Dist: pydantic>=2.0.0
Requires-Dist: jinja2>=3.1.0
Requires-Dist: asyncio>=3.4.3
Requires-Dist: rich<14.0.0,>=13.0.0
Requires-Dist: mermaid-py>=0.1.0
Requires-Dist: markdown>=3.5.2
Requires-Dist: pygments>=2.17.2
Requires-Dist: packaging>=24.0
Requires-Dist: bandit>=1.7.0
Requires-Dist: semgrep>=1.0.0; sys_platform != "win32"
Requires-Dist: checkov>=3.0.0
Requires-Dist: detect-secrets>=1.4.0
Requires-Dist: pip-audit>=2.0.0
Requires-Dist: pip-licenses>=4.0.0
Provides-Extra: scanners
Provides-Extra: google
Requires-Dist: google-generativeai>=0.3.0; extra == "google"
Provides-Extra: aws
Requires-Dist: amazon-q-developer-cli>=1.0.0; extra == "aws"
Provides-Extra: all
Requires-Dist: codesecure-mcp[aws,google]; extra == "all"
Dynamic: license-file

# CodeSecure MCP Server 🔒

Enterprise-grade security analysis MCP server hub for IDE integration, powered by FastMCP. CodeSecure provides a unified interface for security scanning, dependency auditing, and AI-powered remediation guidance.

[![FastMCP](https://img.shields.io/badge/MCP-FastMCP-blue)](https://github.com/jlowin/fastmcp)
[![Python 3.10+](https://img.shields.io/badge/python-3.10+-blue.svg)](https://www.python.org/downloads/)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

## 🚀 Overview

CodeSecure MCP is a unified **Model Context Protocol** server that exposes security scanning and compliance tools to any MCP-compatible client including **VS Code**, **Cursor**, **Antigravity**, **CLI**, and **CI/CD pipelines**.

It orchestrates multiple industry-standard security tools and enriches their findings using advanced AI models from Google Gemini, AWS Kiro, and Azure.

## 🏗️ Architecture

- **MCP Server**: FastMCP-powered server orchestration.
- **Scanner Engine**: Parallel execution of 9 security tools.
- **AI Manager**: Multi-provider fallback and batch processing logic.
- **Security Layer**: Secure-by-design subprocess execution and input sanitation.

## 🔧 Core Features

- **Multi-Scanner Engine**: Bandit, Semgrep, Checkov, detect-secrets, pip-audit, etc.
- **AI Enrichment**: Powered by Google Gemini, AWS Kiro, and Azure OpenAI.
- **False Positive Detection**: >90% confidence filtering via AI.
- **Multi-Format Reports**: Interactive HTML, JSON, SARIF 2.1.0, and Markdown.
- **Framework Mapping**: OWASP Top 10, MITRE ATT&CK, NIST, and CWE.

## 📦 Installation

```bash
pip install codesecure-mcp
codesecure init
```

## 🚀 Usage

### As CLI

```bash
# Run a comprehensive scan with Google AI enrichment
codesecure scan ./my-project --provider google

# List all available security tools
codesecure list-scanners
```

### As MCP Server (IDE Integration)

Add to your IDE's MCP configuration:

```json
{
  "mcpServers": {
    "codesecure": {
      "command": "codesecure",
      "args": ["mcp-server"]
    }
  }
}
```

## 🛡️ Standards & Security

- **SARIF 2.1.0**: Standardized reporting format.
- **CWE/OWASP/MITRE**: Comprehensive framework coverage.

## 📄 License

MIT © 2026 Noviq Technologies
