NinjaCode-MCP

OBEDPoP/NinjaCode-MCP

3.2

If you are the rightful owner of NinjaCode-MCP and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to dayong@mcphub.com.

NinjaCode is an MCP server designed to enhance AI-generated code quality, security, and maintainability.

Tools
4
Resources
0
Prompts
0

NinjaCode MCP Server 🥷

Teaching AI Agents to Write Production-Grade, Secure Code

A Product of NinjaMinds

🎯 What is NinjaCode?

NinjaCode is an MCP (Model Context Protocol) server that acts as your Code Quality Sensei - helping AI agents generate high-quality, secure, and maintainable code.

Features:

Core Features (Local & Enterprise)
  • 🔐 Secret Scanning - Detect and prevent hardcoded secrets (AWS keys, API tokens, passwords, etc.)
  • 🛡️ Vulnerability Detection - Find and fix security issues following OWASP guidelines
  • 📊 Code Quality Analysis - Enforce clean code principles, detect code smells
  • 🏗️ Architecture Guidance - 12-Factor App compliance validation
  • 📁 Structure Templates - Best practice folder structures for any project type
  • 📚 Best Practices - Language-specific idioms and patterns
  • 📦 Dependency Scanning - Check for vulnerabilities and outdated packages
  • 🔒 Compliance Checking - GDPR, SOC2, HIPAA, PCI-DSS compliance validation
  • ⚡ Performance Analysis - Detect N+1 queries, memory leaks, and performance issues
Enterprise Features (Server Mode)
  • 👥 User Management - Role-based access control (RBAC)
  • 🏢 Organization Settings - Centralized policy management
  • 📋 Audit Logging - Complete audit trail of all actions
  • 📊 Analytics Dashboard - Usage analytics and reporting
  • 🔐 Multi-tenancy - Support for multiple organizations
  • 🌐 RESTful API - Programmatic access and integrations
  • ⚙️ Custom Policies - Organization-specific coding rules

📥 Download

Download the signed executables only from the official NinjaMinds channels:

  1. 🌐 Primary: ninjaminds.org/downloads
  2. 📦 Mirror: github.com/OBEDPoP/NinjaCode-MCP/releases
Platformninjaminds.orgGitHub Releases
WindowsDownloadDownload
macOSDownloadDownload
LinuxDownloadDownload

No Node.js or dependencies required! Just download and configure with your IDE.

🚀 Quick Start

  1. Download the executable for your platform
  2. Double-click the exe to see setup instructions for your IDE
  3. Configure your IDE with the path to the executable
  4. Start coding with AI-powered code quality guidance!

⚙️ IDE Configuration

Note: You do NOT need to keep the server running manually. Your IDE starts it automatically in the background when needed.

✅ Recommended (Per-Project): commit .vscode/mcp.json

This is the simplest setup: put a small config file in your repo so the project "just works" on any machine that opens it.

Create .vscode/mcp.json in your project:

{
  "servers": {
    "ninjacode": {
      "command": "C:\\path\\to\\ninjacode-win.exe"
    }
  }
}

If you're developing from source (Node.js), you can point to the bundled CLI:

{
  "servers": {
    "ninjacode": {
      "command": "node",
      "args": ["dist/bundle.cjs"],
      "cwd": "${workspaceFolder}"
    }
  }
}

Global (User Settings)

🔷 VS Code (GitHub Copilot)

File: %APPDATA%\Code\User\settings.json (Windows) or ~/.config/Code/User/settings.json (Linux/Mac)

{
  "mcp.servers": {
    "ninjacode": {
      "command": "C:\\path\\to\\ninjacode-win.exe"
    }
  }
}

🟣 Cursor

File: %APPDATA%\Cursor\User\settings.json (Windows)

{
  "mcp.servers": {
    "ninjacode": {
      "command": "C:\\path\\to\\ninjacode-win.exe"
    }
  }
}

🌊 Windsurf (Codeium)

File: %APPDATA%\Windsurf\User\settings.json (Windows)

{
  "mcp.servers": {
    "ninjacode": {
      "command": "C:\\path\\to\\ninjacode-win.exe"
    }
  }
}

🟠 Claude Desktop

File: %APPDATA%\Claude\claude_desktop_config.json (Windows) or ~/Library/Application Support/Claude/claude_desktop_config.json (Mac)

{
  "mcpServers": {
    "ninjacode": {
      "command": "C:\\path\\to\\ninjacode-win.exe"
    }
  }
}

🔵 Zed

File: ~/.config/zed/settings.json

{
  "context_servers": {
    "ninjacode": {
      "command": {
        "path": "/path/to/ninjacode-linux"
      }
    }
  }
}

⚫ Continue (VS Code / JetBrains Extension)

File: ~/.continue/config.json

{
  "experimental": {
    "modelContextProtocolServers": [
      {
        "transport": {
          "type": "stdio",
          "command": "C:\\path\\to\\ninjacode-win.exe"
        }
      }
    ]
  }
}

🟤 Cline (VS Code Extension)

Open Cline settings in VS Code and add MCP server with command:

C:\path\to\ninjacode-win.exe

🌐 “Remote Version” (No Enterprise Server Needed)

If you’re using the public NinjaCode MCP from ninjacode.ninjaminds.org, that’s for downloads/docs. MCP in VS Code/Cursor/Windsurf is stdio-based today, meaning your IDE must start a local process (ninjacode-win.exe or node dist/bundle.cjs).

  • Remote/public use case: download the signed executable and configure your IDE to run it locally.
  • Not supported in VS Code (yet): setting MCP to a URL like https://ninjacode.ninjaminds.org as the server.

The separate Enterprise Server Mode (mcp-server/) is only for organizations that want centralized policies, user management, and a database-backed admin API.

🤖 Enable Automatic Enforcement

By default, NinjaCode tools are available to AI agents but require explicit invocation. To make NinjaCode automatically guide your AI on every request, add instructions to your project:

Step 1: Copy the Instructions Template

Copy the template to your project's .github folder:

# Windows PowerShell
New-Item -ItemType Directory -Force -Path "C:\path\to\your\project\.github" | Out-Null
Copy-Item "templates\copilot-instructions-template.md" "C:\path\to\your\project\.github\copilot-instructions.md" -Force

# macOS/Linux
mkdir -p /path/to/your/project/.github
cp templates/copilot-instructions-template.md /path/to/your/project/.github/copilot-instructions.md

Or manually create .github/copilot-instructions.md in your project with content from: templates/copilot-instructions-template.md

Step 2: Restart VS Code

VS Code reads .github/copilot-instructions.md at startup and injects it into Copilot's context.

What Gets Enforced Automatically:

ScenarioTool Auto-UsedWhat's Checked
Writing any codeanalyze_code_qualityFunction length, nesting, code smells
Adding credentials/configscan_secretsHardcoded secrets, API keys
Handling user datacheck_complianceGDPR, HIPAA, SOC2, PCI-DSS
Adding dependenciesscan_dependenciesCVEs, outdated packages
Building APIsanalyze_performanceN+1 queries, memory leaks
New projectssuggest_folder_structureBest practice structure

Example: What You'll See

When you ask Copilot to write code, it will automatically analyze and respond:

⚠️ NinjaCode Security Analysis

🔴 CRITICAL: Hardcoded API key detected
   → Line 5: const key = "sk-..."
   → Fix: Use process.env.API_KEY instead

🟡 WARNING: Function exceeds 50 lines (72 lines)
   → Consider splitting into smaller functions

✅ PASSED: No SQL injection vulnerabilities
✅ PASSED: Proper error handling present

✅ Verify It’s Working

Terminal smoke test (Node)

From this repo, you can confirm NinjaCode responds to MCP JSON-RPC over stdio:

$init = '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"test","version":"1.0"}}}';
$tool = '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"scan_secrets","arguments":{"code":"const key = \\\"sk-1234\\\";","language":"javascript"}}}';
echo "$init`n$tool" | node dist/bundle.cjs

IDE test

  1. Configure the IDE (per-project .vscode/mcp.json or global settings)
  2. Restart the IDE
  3. Ask Copilot/your agent: “Run NinjaCode scan_secrets on this snippet: const key = "sk-1234";
  4. Approve the tool call prompt when it appears

🛠️ Available Tools

ToolDescription
scan_secretsScan code for hardcoded secrets, API keys, tokens, passwords
analyze_code_qualityCheck for code smells, long functions, deep nesting, magic numbers
suggest_folder_structureGet best-practice project structure for your stack
get_best_practicesLanguage/framework specific coding standards
scan_dependenciesScan package files for vulnerabilities and outdated packages
check_complianceCheck code compliance against GDPR, SOC2, HIPAA, PCI-DSS
analyze_performanceAnalyze code for performance issues and optimization opportunities

Enterprise Tools (Server Mode)

ToolDescription
check_complianceOrganization-specific compliance checking with custom policies
enforce_policyEnforce organization-specific coding policies

Detected Secret Types

  • AWS Access Keys & Secret Keys
  • GitHub/GitLab Tokens
  • Stripe API Keys (Live & Test)
  • MongoDB/PostgreSQL Connection Strings
  • JWT Tokens
  • RSA/SSH Private Keys
  • Azure Connection Strings
  • Google API Keys
  • Slack Tokens
  • Generic API Keys & Passwords

📚 Available Resources

ResourceDescription
12-Factor AppThe Twelve-Factor App methodology
SOLID PrinciplesSOLID principles with examples
Clean CodeClean code principles guide
Secret PatternsSecret detection patterns database

💬 Available Prompts

PromptDescription
code_reviewComprehensive code review (quality, security, best practices)
security_auditOWASP-focused security analysis
refactor_guideStep-by-step refactoring recommendations

📖 How It Works

┌─────────────┐     MCP Protocol     ┌─────────────────┐
│   AI Agent  │ ◄──────────────────► │  NinjaCode MCP  │
│  (Copilot)  │   stdin/stdout       │     Server      │
└─────────────┘                      └─────────────────┘
                                            │
                                     ┌──────┴──────┐
                                     ▼             ▼
                              ┌──────────┐  ┌──────────┐
                              │  Secret  │  │  Quality │
                              │ Scanner  │  │ Analyzer │
                              └──────────┘  └──────────┘
  1. IDE Integration: Your IDE spawns NinjaCode as a background process
  2. MCP Protocol: Communication via stdin/stdout using Model Context Protocol
  3. Tool Calls: AI agent calls NinjaCode tools for code quality guidance
  4. Responses: NinjaCode analyzes code and returns actionable recommendations

📄 License

© 2025 NinjaMinds. All Rights Reserved.

Permitted:

  • ✅ Download and use the executables for personal and commercial projects
  • ✅ Configure with any supported IDE
  • ✅ Share the download link with others

Not Permitted:

  • ❌ Modify the source code
  • ❌ Redistribute modified versions
  • ❌ Reverse engineer the executables
  • ❌ Remove or alter copyright notices

Official Sources Only:

Warning: Only download from official sources. Executables from unofficial sources may contain malware.

🆘 Support

🙏 Acknowledgments

Built with ❤️ by NinjaMinds for better AI-generated code