Using Codacy Guardrails
Recommended configurations
| IDE | Recommended LLM |
|---|---|
| Visual Studio Code | Claude 3.x Sonnet |
| Visual Studio Code Insiders | Claude 4.x Sonnet |
| Cursor | Claude 4.x Sonnet |
| Windsurf | Claude 3.x Sonnet |
Write secure, compliant AI code
a. Let's run an prompt to create a webserver in Java
Create a lightweight webserver in Java.
In response, it generated a compact, readable Java class using ServerSocket and raw streams to handle HTTP requests. Here’s what I got:
b. There's a call from MCP tool to analyse the code that was generated. Click in Run tool
Codacy Guardrails starts analyzing it automatically using the Codacy CLI embedded in the agent’s flow. No configurations, no extra steps–it just works.
It found an issue with PMD - the package name isn't correctly declared - and it will try to fix that with the right declaration.
c. After a new analysis, It shows us that it has 0 issues in the code
Prompt Codacy from your IDE chat panel
Once your repository is connected to Codacy, you can go beyond traditional static analysis and start interacting with your codebase using natural language prompts.
a. Let's run a quick example with the prompt:
Can you list all security issues in my repository?
b. Right after running this prompt, there is a MCP tool call to search all security issues in my repository. Click in Run tool
It will search for all open security issues in my repository. And it will list all them, showing the title, priority, status and the link to the issue,
It turned security from a checklist into a dialogue—and that changes everything.