Package Exports

ironward
ironward/cli

Readme

Ironward

AI-powered security scanner delivered as an MCP server and CLI. Scans your code for leaked secrets, vulnerable auth logic, injection flaws, and CVE-affected dependencies — and opens fix PRs — directly inside Cursor, Claude Code, and VS Code.

v0.5.1 — all five tools ship: scan_for_secrets, scan_auth_logic, scan_sqli, scan_deps, fix_and_pr.

Tools

`scan_for_secrets` — offline, instant

212 pattern families — AWS, GCP, Azure, DigitalOcean, Alibaba, Stripe, GitHub (classic/oauth/fine-grained), GitLab, OpenAI, Anthropic, HuggingFace, Slack, Discord, SendGrid, Postgres/Mongo/Redis URLs, PEM / OpenSSH / PGP private keys, npm, DockerHub, Notion, Linear, Figma, Tailscale, and many more.
Shannon-entropy fallback for unknown secrets, with a placeholder + UUID/SHA allowlist to keep false positives near zero.
Three input modes — inline files, on-disk paths, or a raw content snippet.
Context-aware gating — context: "pre-commit" returns isError: true on critical/high findings so MCP clients can block commits.
Redaction by default — only truncated fingerprints are returned.
Line-level suppression — // ironward-ignore on the same or prior line.

`scan_auth_logic` — Claude Opus

Deep analysis of authentication/authorization defects — the class of bugs pattern scanners cannot catch:

Backwards auth checks (if (user) when the intent is if (!user))
Missing ownership / tenancy checks (resource fetched by ID with no check that the caller owns it)
Privilege-escalation paths and role comparison bugs
Auth middleware that runs too late or is skipped on error paths
JWT validation gaps — alg: none, unchecked exp/aud/iss, skipped signature verification
Session fixation, unsafe session handling, plaintext password storage in reset flows

A cheap keyword pre-filter skips the model entirely when the file has no auth surface, so unrelated code is free. Requires ANTHROPIC_API_KEY.

`scan_sqli` — Claude Sonnet + pre-filter

Targets query-construction defects a pattern scanner alone cannot judge:

String concatenation / template literals / f-strings / %-format / str.format building SQL
ORM raw / $queryRawUnsafe / knex.raw / sequelize.query with interpolated arguments
Second-order injection (untrusted data stored, then concatenated later)
Dynamic identifiers (table/column names coming from user input)

A 24-rule cross-language regex pre-filter (JS/TS, Python, Go, Java, Ruby, PHP) surfaces suspect lines; Sonnet confirms or dismisses. Files with no query-construction patterns skip the model entirely.

`scan_deps` — offline parsing + OSV.dev

Parses package.json, requirements.txt, and Pipfile.lock. Queries OSV.dev for each unique (ecosystem, package, version) tuple and returns findings with CVE aliases, affected ranges, fixed versions, and reference URLs — sorted by CVSS severity.

`fix_and_pr` — Opus + GitHub

Given any finding from the four scanners, produces a surgical fix via Claude Opus, creates a branch, commits the patched file, and opens a pull request. Set dryRun: true to preview. Requires ANTHROPIC_API_KEY and GITHUB_TOKEN with repo scope.

Install

Cursor (`~/.cursor/mcp.json`)

{
  "mcpServers": {
    "ironward": {
      "command": "npx",
      "args": ["-y", "ironward@latest"],
      "env": { "ANTHROPIC_API_KEY": "sk-ant-..." }
    }
  }
}

ANTHROPIC_API_KEY is only required for Claude-backed tools (scan_auth_logic, scan_sqli, fix_and_pr). scan_for_secrets and scan_deps work without it.

Claude Code

claude mcp add ironward -- npx -y ironward@latest

VS Code (`.vscode/mcp.json`)

{
  "servers": {
    "ironward": {
      "command": "npx",
      "args": ["-y", "ironward@latest"]
    }
  }
}

CLI (no MCP client required)

npx ironward scan-secrets src/
npx ironward scan-deps package.json requirements.txt
npx ironward --help

Exit codes: 0 clean · 1 findings (no critical/high) · 2 critical or high findings present.

Local development

npm install
npm run build
npm test

Or point your IDE config at the local checkout:

{
  "mcpServers": {
    "ironward-dev": {
      "command": "node",
      "args": ["/absolute/path/to/ironward/dist/bin.js"]
    }
  }
}

Tool reference

`scan_for_secrets`

Field	Type	Description
`files`	`{ path, content }[]`	Inline files — preferred when the client already has the text.
`paths`	`string[]`	Absolute filesystem paths to read and scan.
`content`	`string`	A raw snippet with no file context.
`context`	`"pre-commit" \| "on-save" \| "on-demand"`	Gates blocking behavior.

`scan_auth_logic` · `scan_sqli`

Field	Type	Description
`code`	`string`	Source code to analyze.
`language`	`string`	Language hint (e.g. `typescript`, `python`).
`path`	`string`	Optional file path for context.
`model`	`string`	Anthropic model ID; overridable via `SECUREMCP_AUTH_MODEL` / `SECUREMCP_SQL_MODEL` env.

`scan_deps`

Field	Type	Description
`paths`	`string[]`	Paths to `package.json`, `requirements.txt`, `Pipfile.lock`.
`manifests`	`{ path, content }[]`	Inline manifests.

`fix_and_pr`

Field	Type	Description
`repo`	`string`	`owner/repo`.
`filePath`	`string`	File to fix, relative to repo root.
`finding`	`object`	A finding from any scanner.
`fileContent`	`string`	Optional inline contents; otherwise fetched from GitHub.
`dryRun`	`boolean`	Propose the fix without creating a branch/PR.

Architecture

IDE (Cursor / Claude Code / VS Code)
        │  JSON-RPC 2.0 over stdio
        ▼
Ironward server  (Node 20+, TypeScript)
        │
        ├─ scan_for_secrets   ← 212 patterns + entropy (offline)
        ├─ scan_auth_logic    ← Claude Opus + keyword pre-filter
        ├─ scan_sqli          ← Claude Sonnet + 24-rule pre-filter
        ├─ scan_deps          ← manifest parsers + OSV.dev
        └─ fix_and_pr         ← Opus + GitHub REST (branch + commit + PR)

License

MIT

ironward

Package Exports

Readme

Ironward

Tools

scan_for_secrets — offline, instant

scan_auth_logic — Claude Opus

scan_sqli — Claude Sonnet + pre-filter

scan_deps — offline parsing + OSV.dev

fix_and_pr — Opus + GitHub