Skip to main content
CodeGate inspects what your AI coding tools are about to trust — before they execute it. Repository-controlled files like MCP server definitions, hooks, rules, and workspace settings can alter agent behavior in ways that are easy to miss. CodeGate makes those surfaces visible at launch time.

What CodeGate is

  • A pre-flight inspection tool that runs before you launch an AI coding agent
  • A layered scanner that detects risky configuration and instruction patterns
  • A workflow gate that can block dangerous launches with codegate run <tool>
  • A way to visualize configuration surfaces you may not have reviewed

What CodeGate is not

CodeGate is not a guarantee of safety. It can produce false positives and false negatives. It does not replace secure engineering judgment, review, and hardening, and it cannot promise that every malicious pattern will be detected. CodeGate is designed to improve visibility and decision quality before execution — not to function as an absolute safety net.

Analysis layers

CodeGate runs a four-layer pipeline on your AI tool configuration surfaces.
LayerNameDescription
L1DiscoveryLocates all AI tool configuration files — MCP server definitions, hooks, rules, skills, IDE settings, and workspace configs.
L2Static analysisEvaluates each artifact offline using a rule engine. Flags patterns like ENV_OVERRIDE, COMMAND_EXEC, CONSENT_BYPASS, RULE_INJECTION, IDE_SETTINGS, SYMLINK_ESCAPE, GIT_HOOK, NEW_SERVER, and CONFIG_CHANGE.
L3Deep scan (opt-in)Fetches external MCP server metadata and routes it through a local AI meta-agent for deeper behavioral analysis. Requires --deep and explicit per-resource consent.
L4Remediation (opt-in)Proposes or applies fixes. Every change is backed up under .codegate-backup/ and reversible with codegate undo.
Layers 1 and 2 are offline-first and deterministic. Layer 3 is opt-in and consent-driven per resource and per command.

Supported AI tools

codegate run supports launching these tools after a successful pre-flight scan:
  • claude — Claude Code
  • codex — Codex CLI
  • opencode — OpenCode
  • cursor — Cursor
  • windsurf — Windsurf
  • kiro — Kiro

All commands

CommandPurpose
codegate scan [target]Scan a directory, file, or URL for AI tool config risks
codegate scan-content <content>Scan inline JSON, YAML, TOML, Markdown, or text content
codegate run <tool>Scan first, then launch the selected AI tool if policy allows
codegate skills [...]Wrap npx skills with preflight scanning for installs
codegate clawhub [...]Wrap npx clawhub with preflight scanning for installs
codegate undo [dir]Restore the most recent remediation backup session
codegate initCreate ~/.codegate/config.json with defaults
codegate update-kbShow knowledge-base update guidance
codegate update-rulesShow rules update guidance
codegate update-kb and codegate update-rules display guidance for updating the bundled knowledge base and rules. Updates are delivered through new releases — run npm update -g codegate-ai or use npx codegate-ai@latest to get the latest version.

Where to go next

Quickstart

Install CodeGate and run your first scan in under two minutes.

scan command

Full reference for scan flags, output formats, and examples.

run command

Use wrapper mode to scan first and block dangerous launches automatically.

Why CodeGate

Understand the threat landscape and CVEs that motivated this project.