Stats
Actions
Available In
Tags
Plugin
codeant
CodeAnt AI MCP server inside Claude Code — org-wide secret triage, cross-repo SAST/SCA findings, on-demand scans, and local PR review.
What's Inside
MCP Servers1
README
CodeAnt CLI
A command-line tool for code review and security scanning.
Installation
npm install -g codeant-cli
Or run locally:
git clone https://github.com/codeantai/codeant-cli.git
cd codeant-cli
npm install
npm link
Quick Start
# Login to CodeAnt
codeant login
# Scan staged files for secrets
codeant secrets
Usage
codeant <command> [options]
Commands
login
Authenticate with CodeAnt. Opens a browser window for login.
codeant login
logout
Log out from CodeAnt.
codeant logout
secrets
Scan your code for exposed secrets, API keys, and credentials.
codeant secrets [options]
Options:
| Option | Description |
|---|---|
--staged | Scan only staged files (default) |
--all | Scan all changed files compared to base branch |
--uncommitted | Scan all uncommitted changes |
--last-commit | Scan files from the last commit |
--fail-on <level> | Fail only on HIGH, MEDIUM, or all (default: HIGH) |
--include <patterns> | Comma-separated glob patterns to include files |
--exclude <patterns> | Comma-separated glob patterns to exclude files |
Examples:
# Scan staged files (default)
codeant secrets
# Scan all changed files
codeant secrets --all
# Scan last commit
codeant secrets --last-commit
# Only fail on HIGH confidence secrets (default)
codeant secrets --fail-on HIGH
# Fail on HIGH and MEDIUM confidence secrets
codeant secrets --fail-on MEDIUM
# Fail on all secrets (except false positives)
codeant secrets --fail-on all
# Filter files using glob patterns
codeant secrets --include '**/*.js' # Only JS files
codeant secrets --exclude 'node_modules/**,*.test.js' # Exclude patterns
codeant secrets --include 'src/**' --exclude '*.test.*' # Combine both
File Filtering:
Use --include and --exclude with glob patterns to filter files:
*matches any characters except/**matches any characters including/*.{js,ts}matches multiple extensions- Comma-separated for multiple patterns:
--exclude 'test/**,dist/**'
Exit codes:
0- No blocking secrets found (or only false positives)1- Secrets detected that match the--fail-onthreshold
Confidence Levels:
HIGH- High confidence, likely a real secretMEDIUM- Medium confidence, may need reviewFALSE_POSITIVE- Detected but likely not a real secret (always ignored)
set-base-url <url>
Set a custom API base URL.
codeant set-base-url https://api.example.com
get-base-url
Show the current API base URL and its source.
codeant get-base-url
Global Options
codeant --version # Show version
codeant --help # Show help
Configuration
Config is stored in ~/.codeant/config.json.
You can also use environment variables:
| Variable | Description |
|---|---|
CODEANT_API_URL | API base URL (overrides config) |
CODEANT_API_TOKEN | Authentication token (overrides config) |
Priority order:
- Environment variables (highest)
- Config file (
~/.codeant/config.json) - Default values
Git Hooks
Use CodeAnt as a pre-commit hook to prevent secrets from being committed.
Manual Setup
Create .git/hooks/pre-commit:
#!/bin/sh
codeant secrets
Make it executable:
chmod +x .git/hooks/pre-commit
With Husky
npx husky add .husky/pre-commit "codeant secrets"
With lefthook
Add to lefthook.yml:
pre-commit:
commands:
secrets:
run: codeant secrets
Example Output
Secrets Found (blocking)
✗ 2 secret(s) found!
src/config.js
Line 5: AWS Access Key (HIGH)
Line 12: API Key (HIGH)
Remove secrets before committing.
Only False Positives (non-blocking)
⚠ 1 potential secret(s) found (ignored)
Ignored (false positives):
src/example.js
Line 10: Generic Secret (FALSE_POSITIVE)
✓ Commit allowed (only false positives found)
No Secrets
✓ No secrets found
Development
# Run locally
node src/index.js secrets
# Run with npm
npm start secrets
# Test different scan types
node src/index.js secrets --last-commit
node src/index.js secrets --all
MCP / Claude Connector
This package also ships an MCP (Model Context Protocol) server that exposes CodeAnt's scan, review, and PR data as tools to Claude and other MCP clients. The same source tree is packaged as a Desktop Extension (.mcpb) for one-click install in Claude Desktop.
See mcp.md for the tools listing, install paths (Claude Code CLI, Claude Desktop manual config, MCPB double-click), and bundling/submission instructions.
Privacy Policy
Full policy: https://codeant.ai/privacy
Summary of what this CLI / MCP server sends and stores:
Stats
Version0.4.14
Released
LanguageJavaScript
Stars1
MaintenanceExcellent
LicenseMIT
Last Commit
Added
Available In
Tags
Categories
