Integrations

Plug into MCP-compatible agents and workflows without changing your security posture. The same boundaries, the same audit trail, the same policy verification — no matter which client is driving.

Popular MCP Clients

These examples are intentionally short. Your compliance story doesn’t depend on the client UI — it depends on the governed MCP server boundary.

Claude Desktop

Native MCP support. Great for interactive analysis + governed refactors.

{
    "mcpServers": {
                                "codescalpel": {
                                    "command": "uvx",
                                    "args": ["codescalpel", "mcp"]
        }
    }
}

Claude guide Governance model

VS Code / Copilot

IDE-driven workflows with consistent audit logging across engineers.

{
    "servers": {
                                "codescalpel": {
                                    "type": "stdio",
                                    "command": "uvx",
                                    "args": ["codescalpel", "mcp"]
        }
    }
}

VS Code guide Tier controls

Cursor

AI-first editor; use the same MCP server to keep enforcement centralized.

{
    "mcpServers": {
                                "codescalpel": {
                                    "command": "uvx",
                                    "args": ["codescalpel", "mcp"]
        }
    }
}

Cursor guide Tool catalog

Why this matters for compliance

From an auditor’s perspective, the UI doesn’t matter. The evidence does. In Code Scalpel, governance is enforced at the MCP boundary and logged consistently — regardless of which client initiated the operation.

Same boundaries: Limits are enforced server-side, not “requested” from the model.
Same audit trail: Tool name, parameters, scope, and outcome are recorded.
Same integrity story: Policy verification can fail-closed to block operations.

Frameworks & Automation

Use Code Scalpel as a governed “toolbox” for agent frameworks and CI automation. The goal is repeatable, reviewable change — not heroics.

Agent Frameworks

LangChain, AutoGen, CrewAI, and other orchestrators can call the MCP server like any other tool layer.

Centralize governance once; reuse everywhere
Keep audit trails consistent across orchestrations
Prevent “prompt drift” from changing security posture

CI / Pre-merge Gates

Use tools like security scanning and policy checks as deterministic gates in your pipeline.

Export audit records as evidence artifacts
Fail-closed checks for policy integrity
Produce consistent reports for SOC2 change management

See governance & audit Read docs