What it does
This MCP server wraps KERN's static analysis and code review capabilities, exposing security scanning, type checking, and code generation as MCP tools. The core feature is a 240-rule security analyzer that scans TypeScript and Python code for vulnerabilities including prompt injection, unguarded effects, unsafe patterns, and flaky tests. It also provides nominal type checking, backend code generation from KERN specifications, and security-focused MCP server scaffolding.
Who it's for
Backend engineers and MCP developers building or auditing TypeScript and Python services. Teams using KERN for backend-as-specification work, or developers who want security scanning beyond ESLint and pylint—catching prompt injection and taint-tracking issues that conventional linters miss.
Common use cases
- Scan TypeScript and Python backend code for security vulnerabilities using 240 AST-based rules
- Detect prompt injection, unguarded effects, and unsafe patterns before deployment
- Type-check code with zero false positives using KERN's nominal type system
- Audit and scaffold MCP server implementations with built-in security guards
- Generate type-safe Express and FastAPI backends from KERN specifications
Setup pitfalls
- Scanner found 20 embedded secrets in the package—review credentials and rotate any that may be exposed.
- Requires Node.js runtime and may depend on local TypeScript/Python toolchains for full analysis coverage.
- The 240 security rules target backend code; frontend analysis is not a focus area.
- Several compile targets (Vue, Nuxt, React Native, Terminal) are listed as additional adapters—verify they meet production requirements before adopting.