Ship Safer Code: Plug Codacy Guardrails Into Gemini CLI in 90 Seconds

Gemini CLI (launched 25 Jun 2025) drops Google’s Gemini 2.5 Pro straight into your terminal with a whopping 1 M-token context and free preview limits.
Codacy AI Guardrails adds an MCP “security copilot” layer on top of any LLM.
Just pop in a token, and it blocks risky suggestions before they hit your repo.
Quick-start
bash
# 1. Install both CLIs
npm i -g @google-gemini/cli @codacy/codacy-mcp
# 2. Auth Codacy once
export CODACY_ACCOUNT_TOKEN=<your-token> # keep it in .zshrc / CI secret store
# 3. Tell Gemini about the MCP
cat <<'EOF' > ~/.gemini/settings.json
{
"mcpServers": {
"codacy": {
"command": "npx",
"args": [
"-y",
"@codacy/codacy-mcp@latest"
]
}
},
"contextFileName": "GEMINI.md"
}
EOF
# 4. Test
gemini /mcp desc # should list "Codacy Guardrails"
gemini "/fix vuln in src/auth.ts"
Total wall-clock: ~90 seconds, including copy-paste.
Watch it in action