Introduction
Traditional SAST (Static Application Security Testing) tools have long struggled with detecting complex vulnerabilities due to their rule-based approaches and limited contextual understanding. These conventional solutions often produce high rates of false positives, miss sophisticated attack patterns, and fail to comprehend the nuanced relationships between code elements in modern applications. They typically analyze code in isolation, missing critical security implications that emerge from complex interactions between multiple functions, libraries, and system components. AeyeGuard_mcp addresses these limitations by leveraging advanced local LLM technology to deliver intelligent, context-aware security analysis as a robust MCP (Model Control Protocol) service. Built entirely in Python, this innovative solution combines the power of large language models with local processing capabilities, enabling it to understand code semantics, detect subtle security flaws, and provide actionable insights while maintaining data privacy and reducing dependency on external services. Unlike traditional SAST tools that rely on static rule matching, AeyeGuard_mcp analyzes code in its complete context, identifying complex vulnerabilities that would otherwise go undetected. This approach transforms static code analysis from a mechanical inspection process into an intelligent security assessment, making it particularly effective for modern applications with complex architectures and evolving threat landscapes.
Structure of the Solution
The AeyeGuard_mcp solution presents a robust architecture designed for comprehensive static code analysis through local LLM integration. The foundation rests on the MCP Service built with FastAPI, which serves as the central communication hub facilitating seamless data flow between components and providing a stable interface for external interactions. This service orchestrates the entire analysis pipeline while maintaining efficient request handling and response management. The Language Detection module operates as the intelligent gateway, automatically identifying programming languages from code snippets and routing them to appropriate analysis pathways. The solution integrates seamlessly with LLM Service through LMStudio, leveraging local large language models for sophisticated code understanding and vulnerability detection. Finally, Security Analyzers for different languages form the specialized analysis layer, each optimized for specific programming languages and security domains. These components work synergistically through the FastAPI service, where language detection triggers appropriate analyzer selection, which then processes code through the local LLM to identify security vulnerabilities, ultimately delivering automated, multi-language security analysis capabilities that operate entirely within local infrastructure.
Supported Languages and Security Coverage
AeyeGuard_mcp provides comprehensive support for multiple programming languages including C#, Java, React TypeScript, and React JavaScript and TypeScript, each equipped with robust security analysis capabilities. These languages are meticulously configured to detect and prevent critical vulnerabilities that align with OWASP Top 10 security standards. The tool implements 20-25+ specialized security rules for each language variant, comprehensively addressing common web application threats such as SQL injection attacks, cross-site scripting (XSS) vulnerabilities, command injection exploits, and other critical security flaws. C# support focuses on preventing memory corruption issues and authentication bypasses, while Java analysis targets thread safety concerns and deserialization vulnerabilities. React TypeScript and JavaScript implementations specifically address frontend security challenges including insecure data handling, improper input validation, and potential DOM-based XSS attacks. Each language-specific rule set is designed to identify suspicious code patterns, unsafe API usage, and configuration weaknesses that could lead to security breaches. The integration of local LLM capabilities ensures real-time analysis and contextual understanding of code security implications, making AeyeGuard_mcp an essential tool for developers seeking to maintain secure application development practices across diverse programming environments.
Installation and Setup
The installation process for AeyeGuard_mcp begins with ensuring Python 3.8 or higher is installed on your system, as this version requirement is essential for compatibility with the local LLM and its dependencies. The setup supports both automated and manual installation approaches to accommodate different user preferences and technical requirements. For automated installation, execute the provided setup script which handles environment configuration, package dependencies, and service initialization in a single command. Alternatively, manual installation requires creating a dedicated virtual environment using ‘python -m venv aeyeguard_env’ to isolate the application from system-wide Python packages. After activating the virtual environment, users must install all required dependencies through pip, including the local LLM framework and supporting libraries. The installation process includes configuring environment variables, setting up necessary directories for code analysis, and establishing the static code analyzer’s operational parameters. The automated script streamlines these steps while the manual approach provides greater control over each configuration aspect, ensuring AeyeGuard_mcp operates reliably as a local HTTP MCP service for comprehensive static code analysis.
#!/bin/bash
# Automated setup and run script
# This script automates the process of setting up a development environment
# and running the application with a single command
echo "Starting automated setup and run process..."
# Update package list
echo "Updating package list..."
sudo apt update
# Install required dependencies
echo "Installing dependencies..."
sudo apt install -y git curl build-essential python3 python3-pip
# Clone repository if it doesn't exist
if [ ! -d "myapp" ]; then
echo "Cloning repository..."
git clone https://github.com/example/myapp.git
cd myapp
else
echo "Repository already exists, pulling latest changes..."
cd myapp
git pull origin main
fi
# Create virtual environment
echo "Setting up virtual environment..."
python3 -m venv venv
source venv/bin/activate
# Install Python dependencies
echo "Installing Python dependencies..."
pip install -r requirements.txt
# Run the application
echo "Starting application..."
python3 app.py
echo "Setup and run completed successfully!"The AeyeGuard_mcp installation and setup process begins with configuring the environment using a .env file that establishes critical parameter connections for local LLM analysis. The LMSTUDIO_BASE_URL setting directs the service to your local language model server, typically pointing to http://localhost:1234 for default LM Studio installations, ensuring proper communication between the static code analyzer and your local AI infrastructure. The LMSTUDIO_MODEL parameter specifies which model variant to utilize for code analysis, allowing users to select from various locally hosted models including llama3, mistral, or other custom deployments. Additionally, the MCP_PORT configuration establishes the network port where the HTTP service will operate, defaulting to port 8080 but customizable based on system requirements or port conflicts. This environment configuration approach provides flexibility for developers to adapt the analyzer to their specific local development setups while maintaining security through isolated environment variables. The .env file structure ensures sensitive configuration data remains separate from source code, enabling seamless deployment across different environments while maintaining consistent functionality for reliable static code analysis powered by local LLM capabilities.
HTTP API Reference
The AeyeGuard_mcp HTTP API provides essential endpoints for comprehensive code analysis and system monitoring. The /health endpoint serves as a critical status verification tool, allowing administrators to quickly check the service’s operational state and ensure the local LLM-powered analyzer is functioning correctly. For core functionality, the /analyze endpoint enables vulnerability detection by scanning static code repositories and identifying potential security risks, code smells, and compliance issues. The /languages endpoint exposes a complete list of supported programming languages, facilitating seamless integration with diverse codebases and development environments. Additionally, the /mcp/tools endpoint delivers detailed tool definitions, providing developers with comprehensive information about available analysis capabilities and their respective configurations. These endpoints work synergistically to create a robust framework for local code analysis, ensuring that organizations can maintain code quality standards while leveraging the power of locally-hosted AI capabilities. Each endpoint is designed for reliability and efficiency, supporting both automated integration workflows and manual inspection processes.
{
"analysis_request": {
"code": "function calculateSum(a, b) {\n return a + b;\n}\n\nconst result = calculateSum(5, 3);\nconsole.log(result);",
"file_path": "/src/calculator.js",
"language": "javascript"
}
}The AeyeGuard_mcp HTTP API reference provides comprehensive documentation for developers integrating the local service static code analyzer into their workflows. This robust tool leverages a locally-hosted Large Language Model written in Python to deliver sophisticated code analysis capabilities. The response format delivers structured findings organized by severity levels, categorizing issues from critical vulnerabilities to minor code improvements. Each finding includes detailed remediation guidance with specific actionable steps to address identified problems, ensuring developers can efficiently implement necessary code changes. The system provides comprehensive reference materials including API endpoints, parameter specifications, and integration guidelines to support seamless implementation. Security-focused findings are prioritized with clear impact assessments, while performance and maintainability recommendations are presented in an easily digestible format. The structured output enables automated integration into development pipelines, with machine-readable formats supporting continuous integration workflows. Documentation includes detailed examples, error code references, and best practice recommendations for optimal utilization of the static analysis capabilities within local development environments.
Testing and Verification
Testing and Verification encompasses three critical layers that ensure AeyeGuard_mcp’s reliability and effectiveness as a local HTTP MCP service static code analyzer. The installation check layer verifies that the system properly installs and configures all necessary components, including the local LLM dependencies and Python runtime environment, ensuring seamless operation without external connectivity requirements. Endpoint testing validates each API endpoint’s functionality through comprehensive request/response cycles, confirming that all HTTP methods operate correctly and return appropriate status codes while maintaining security protocols. The usage demonstration examples layer provides practical, real-world scenarios showcasing AeyeGuard_mcp’s capabilities in analyzing static code, identifying potential vulnerabilities, and generating actionable insights. These examples demonstrate the tool’s effectiveness in detecting common security issues, code quality problems, and compliance violations while maintaining its offline operation capabilities. Together, these three testing layers create a robust verification framework that guarantees AeyeGuard_mcp delivers accurate, reliable static code analysis results within local environments, making it a dependable solution for organizations seeking comprehensive code security assessment without external dependencies.
#!/bin/bash
# Run installation test
echo "Running installation test..."
python tests/test_installation.py
# Run API test
echo "Running API test..."
python tests/test_api.py
# Run example usage test
echo "Running example usage test..."
python tests/example_usage.pyTesting and verification of AeyeGuard_mcp ensures comprehensive validation of its core functionalities through multiple success indicators. Health endpoint status verification confirms the service operates smoothly with proper response times and error handling, while example usage execution demonstrates successful code analysis workflows with accurate static code evaluation results. The LMStudio connection establishment serves as a critical success metric, validating seamless integration with local LLM capabilities and confirming that the analyzer can effectively leverage local language model processing for enhanced code analysis. These verification points collectively ensure AeyeGuard_mcp maintains reliability and performance standards, with health checks providing real-time system monitoring, usage examples showcasing practical implementation success, and LMStudio connectivity proving robust integration capabilities that enable sophisticated code analysis powered by local AI infrastructure.
Extensibility
Extensibility stands as a cornerstone feature of AeyeGuard_mcp, enabling seamless adaptation to evolving coding standards and linguistic requirements. This robust static code analyzer demonstrates exceptional flexibility by supporting multiple programming languages beyond its core implementation, allowing developers to extend its functionality through modular architecture design. The system’s extensibility framework facilitates easy integration of new language parsers and syntax analyzers, ensuring that developers can incorporate emerging programming languages without disrupting existing workflows. Through well-defined APIs and plugin architectures, AeyeGuard_mcp empowers users to customize code analysis rules, add domain-specific validation checks, and implement language-specific linting standards. The modular approach enables seamless addition of new language support through configuration files and language-specific rule sets, making it an adaptable solution for diverse development environments. This extensibility capability transforms AeyeGuard_mcp from a single-language analyzer into a comprehensive code quality management platform, supporting teams working across multiple programming paradigms while maintaining consistent security and compliance standards.
Security and Privacy
Security and privacy considerations are paramount when implementing AeyeGuard_mcp, a robust local HTTP MCP service static code analyzer powered by a Python-based local LLM. As a fully offline solution, AeyeGuard_mcp eliminates external data transmission risks, ensuring sensitive code analysis remains entirely within the user’s local environment. The system employs strict input validation and sanitization to prevent code injection vulnerabilities while maintaining comprehensive logging capabilities for audit trails. Data encryption protocols protect stored analysis results and configuration files, with optional password-based encryption for sensitive project repositories. The local LLM implementation ensures no external model requests are made, preventing potential data leakage through API calls or cloud connections. Access controls and permission management restrict system interactions to authorized users only, while regular security updates maintain protection against emerging threats. AeyeGuard_mcp’s design prioritizes user privacy by avoiding third-party data collection, ensuring all code analysis remains under the organization’s complete control and maintaining compliance with data protection regulations.
Conclusion
AeyeGuard_mcp represents a significant advancement in local static code analysis, offering developers a robust, privacy-focused solution for detecting potential vulnerabilities and code issues without relying on external services. By leveraging a locally hosted LLM, this Python-based analyzer ensures complete data control while maintaining high accuracy in identifying security concerns and coding standards violations. The implementation demonstrates how modern AI technologies can be effectively integrated into traditional development workflows, providing real-time feedback that enhances code quality and security posture. Looking toward future development, AeyeGuard_mcp has substantial potential for expansion, including integration with popular IDEs and CI/CD pipelines, support for additional programming languages beyond Python, and enhanced machine learning capabilities through continuous model training. The system could also incorporate more sophisticated threat detection algorithms, automated remediation suggestions, and comprehensive reporting features. As organizations increasingly prioritize security-by-design principles and local-first development approaches, AeyeGuard_mcp is well-positioned to evolve into a comprehensive code analysis platform that bridges the gap between traditional static analysis tools and cutting-edge AI-powered security solutions.
Download of the Complete Code
The complete code is available at GitHub.
These materials are distributed under MIT license; feel free to use, share, fork and adapt these materials as you see fit.
Also please feel free to submit pull-requests and bug-reports to this GitHub repository or contact me on my social media channels available on the contact page.
FAQ
What is AeyeGuard_mcp and what does it do?
AeyeGuard_mcp is a local HTTP MCP (Message Control Protocol) service static code analyzer that runs entirely on your local machine. It’s designed to analyze code for potential security vulnerabilities, coding standard violations, and other issues without requiring any external connections or cloud services.
How does AeyeGuard_mcp differ from cloud-based code analysis tools?
Unlike cloud-based solutions, AeyeGuard_mcp operates completely locally on your machine using a local Language Model (LLM). This means your code never leaves your system, providing enhanced privacy and security while maintaining the same analysis capabilities without internet dependency.
What programming language is AeyeGuard_mcp written in?
AeyeGuard_mcp is written entirely in Python, making it accessible and maintainable for developers familiar with the Python ecosystem while leveraging its extensive library support for code analysis tasks.
What specific types of code issues can AeyeGuard_mcp detect?
AeyeGuard_mcp can detect various code issues including security vulnerabilities like SQL injection and XSS attacks, coding standard violations, potential memory leaks, hardcoded credentials, insecure API usage patterns, and general code quality issues that might impact system reliability.
What are the system requirements for running AeyeGuard_mcp?
AeyeGuard_mcp requires a local Python environment with appropriate dependencies installed. Since it runs locally, it needs sufficient RAM to handle code analysis and disk space for temporary processing files, but the specific requirements depend on the size and complexity of the code being analyzed.
How does AeyeGuard_mcp ensure code privacy and security?
AeyeGuard_mcp ensures code privacy by running entirely locally without any network transmission of your source code. The local LLM processes all code analysis internally, and no data is sent to external servers or third-party services during the analysis process.
What types of static analysis does AeyeGuard_mcp perform?
AeyeGuard_mcp performs comprehensive static code analysis including syntax checking, semantic analysis, security vulnerability detection, code style enforcement, potential bug identification, and compliance checking against established coding standards without executing the actual code.
Can AeyeGuard_mcp be integrated into existing development workflows?
Yes, AeyeGuard_mcp can be integrated into existing development workflows through its HTTP MCP interface. Developers can incorporate it into CI/CD pipelines, IDE plugins, or manual code review processes as a local static analysis tool that maintains the same functionality without cloud dependencies.
What advantages does using a local LLM provide for code analysis?
Using a local LLM provides several advantages including faster response times since there’s no network latency, complete privacy of code analysis results, consistent performance regardless of internet connectivity, and the ability to customize the model for specific organization coding standards or security requirements.
How does AeyeGuard_mcp handle code from multiple programming languages?
AeyeGuard_mcp supports analysis of code written in various programming languages through its flexible static analysis framework. While it’s specifically designed for Python, it can be extended to support other languages by implementing appropriate language-specific parsers and analysis modules within its MCP framework structure.
