logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

CodeGuardian Nexus

An AI-integrated security enforcement agent that intercepts code generation from LLMs, performing static/dynamic analysis and orchestrating AI-driven patches, while also offering natural language-to-browser-test script generation and execution via Playwright.

Author

CodeGuardian Nexus logo

GroundNG

Apache License 2.0

Quick Info

GitHub GitHub Stars 59
NPM Weekly Downloads 0
Tools 1
Last Updated 2026-02-19

Actions

GitHub View on GitHub

Tags

automationscrapingwebautomation webbrowser automationautomates web

CodeGuardian Nexus: The AI-Augmented Security & QA Sentinel

CodeGuardian Nexus (CGN) is a sophisticated utility engineered to function as an essential security and quality assurance layer directly interfacing with generative AI coding platforms (e.g., Copilot, Cursor, Claude Code). Operating via the MCP (Model Context Protocol), it functions as an automated security engineer and a robotic QA tester, ensuring code integrity and functional resilience before changes are integrated into the mainline repository.

Core Mandate

CGN addresses the dual challenges of modern AI-assisted development:

  1. Security Debt: AI assistants rapidly generate code, which often contains latent security flaws (OWASP Top 10, insecure configurations).
  2. Testing Overhead: Manual creation and maintenance of UI/E2E tests struggle to keep pace with rapid iteration.

CGN resolves this by embedding comprehensive validation directly into the developer's AI workflow.

Key Capabilities

CGN provides two primary operational modes managed through unified natural language instructions via MCP:

1. Proactive Security Analysis & Remediation (The Sentinel)

  • Contextual Scanning: Automatically analyzes code produced or modified by the linked AI agent using integrated SAST (e.g., Semgrep hook-ins) and DAST primitives (e.g., Nuclei invocation).
  • Vulnerability Triage: Pinpoints flaws (XSS, Injection vectors, insecure dependency usage).
  • Remediation Feedback: Feeds detailed findings and suggested fixes directly back to the generating AI, facilitating immediate, automated remediation—a true 'shift-left' security posture for AI output.

2. Automated Test Engineering (The Weaver)

  • Natural Language Scripting: Converts descriptive, human language instructions into executable, robust Playwright test assets (stored as structured JSON).
  • Test Execution Engine: Deterministically runs these recorded functional tests, capturing comprehensive artifacts (logs, visual snapshots, pass/fail status).
  • Autonomous Discovery: Can explore web surfaces, leveraging connected LLMs to propose relevant exploratory test scenarios.
  • Resilience: Features self-healing mechanisms for existing test scripts when encountering minor DOM changes.

Operational Flow (MCP Integration)

graph TD
    A[Developer Prompt] --> B{AI Coding Agent};
    B -- MCP Call --> C(Nexus Engine / mcp_server.py);
    C --> D{Security Scan | Test Record | Test Run | Discover};
    D -- SAST/DAST/Playwright Execution --> E[Browser Engine (Playwright)];
    E -- Results/Artifacts --> C;
    C -- Feedback Loop --> B;
    B --> A;
    style D fill:#f9f,stroke:#333,stroke-width:2px

Feature Set Summary

  • AI Companion Integration: Works natively with Cursor, Copilot, etc., via MCP.
  • Security Toolchain: Combines Static (SAST) and Dynamic (DAST Primitives) analysis on AI-generated blocks.
  • UI Test Generation: Converts complex user flows described in prose into verifiable Playwright JSON scripts.
  • E2E Test Runner: Executes generated scripts reliably, capturing evidence for debugging.
  • Visual Validation: Incorporates pixel-level comparison alongside logical checks.
  • Feedback Loop: Results (security reports, execution logs) are immediately channeled back to the development assistant for rapid iteration.

Initial Setup Essentials

Requires Python 3.10+, an accessible LLM endpoint, and installation of the core MCP client (pip install mcp[cli]). Browser assets are managed via patchright install.

To activate the Nexus service for your assistant, configure your MCP settings to launch mcp_server.py within the repository context:

{
  "mcpServers": {
    "CodeGuardianNexus":{
      "command": "uv",
      "args": ["--directory","<path_to_repo>", "run", "mcp_server.py"]
    }
  }
}

Example Interactions (via AI Assistant)

  • Security Query: *"Nexus, audit the typescript module Copilot just introduced for any hidden insecure patterns and suggest concrete fixes."
  • Test Recording: *"Nexus, script a full session: navigate to the staging portal, authenticate with test credentials, assert the dashboard loads, and log out. Save this sequence."
  • Test Execution: *"Run the artifact named 'auth_flow_v3.json' and provide a detailed execution report."
  • Exploration: *"Nexus, explore the client-facing marketing site and propose critical user journeys that warrant automated testing."

Acknowledgment

This project benefits from insights and foundational concepts from the open-source community, notably in browser interaction modeling and static analysis integration.

See Also

MCP
Test Mcp
Man Pages
security Man Pages
MCP
Nexus Mcp
Man Pages
systemd.exec Man Pages
MCP
Code Mcp
Browser
Browser PNG Icons
Installerpedia
microsoft/playwright-mcp Installerpedia
🏧
Automated Teller Machine Emojis
Analysis
Analysis PNG Icons
← Back to Browser Automation🙏  Credits & Acknowledgments
`