Ship Safer Code: Plug Codacy Guardrails Into Gemini CLI in 90 Seconds

In this article:
Subscribe to our blog:

Gemini CLI (launched 25 Jun 2025) drops Google’s Gemini 2.5 Pro straight into your terminal with a whopping 1 M-token context and free preview limits. 

Codacy AI Guardrails adds an MCP “security copilot” layer on top of any LLM.

Just pop in a token, and it blocks risky suggestions before they hit your repo. 

Quick-start

 

bash

# 1. Install both CLIs

npm i -g @google-gemini/cli @codacy/codacy-mcp

# 2. Auth Codacy once

export CODACY_ACCOUNT_TOKEN=<your-token> # keep it in .zshrc / CI secret store

# 3. Tell Gemini about the MCP

cat <<'EOF' > ~/.gemini/settings.json
{
  "mcpServers": {
    "codacy": {
        "command": "npx",
        "args": [
          "-y",
          "@codacy/codacy-mcp@latest"
        ]
      }
  },
  "contextFileName": "GEMINI.md"
}

EOF

# 4. Test

gemini /mcp desc # should list "Codacy Guardrails"

gemini "/fix vuln in src/auth.ts"

Total wall-clock: ~90 seconds, including copy-paste.

 

Watch it in action

 

 

RELATED
BLOG POSTS

From Sonar to Codacy: How ihomer equipped their devs for the future with AI Guardrails
Key Outcomes:
Equipping Claude Code with Deterministic Security Guardrails in 5 Minutes
In a hurry? Skip to setup instructions 👇 Using Cursor, VSCode, or Windsurf? Get the native IDE extension
How to Connect Cursor to GitHub and Codacy MCP Servers and Supercharge Your Application Security
AI tools are changing the game for developers. Whether you're using them to autocomplete code, generate new code, debug issues, or even streamline your...

Automate code
reviews on your commits and pull request