Guard

Usage Guide

Learn how to effectively use AIVory Guard’s compliance and security scanning features with your AI coding assistant.

  • 5 MCP tools available for scanning, configuration, and health checks
  • Automatic scanning - AI scans code as it generates, ensuring compliance from the start
  • Batch scanning - Efficiently scan entire projects with a single command
  • Multiple severity levels - Violations classified as Critical, High, Medium, or Low
  • Iterative fixing - AI can detect, fix, and re-verify violations automatically
Terminal Ready
Works seamlessly with CLI-based AI assistants like Claude Code.
Multi-Language
Supports Python, JavaScript, TypeScript, Java, Go, Rust, and more.
Instant Results
Get compliance feedback in seconds as you code.

Overview

AIVory Guard integrates seamlessly into your coding workflow by providing your AI assistant with powerful scanning tools. The AI automatically uses these tools when generating code, ensuring compliance from the start.

Note You don’t need to explicitly ask for scans - your AI assistant will automatically scan code as it generates, catching violations before they reach your codebase.

Available Tools

AIVory Guard provides 5 MCP tools to your AI assistant.

Note Use fa-terminal commands in your AI assistant to invoke these tools directly, or let the AI call them automatically during code generation.
scan_code
Scan a single file for compliance violations. Automatically called when AI generates code.
batch_scan
Scan multiple files efficiently. Perfect for directory-wide or project-wide audits.
get_config
View current compliance configuration and see which standards are being enforced.
get_rules
List available compliance rules to understand what’s being checked.
health_check
Verify backend connectivity and test connection to app.aivory.net.
Tool Details & Examples

scan_code

Purpose: Scan a single file for compliance violations

Usage: Your AI assistant automatically calls this when generating code

You: "Write a user authentication function in Python"

AI: [Generates code and automatically scans it with scan_code]

AI: "I've created an authentication function with bcrypt password
     hashing and rate limiting. The compliance scan found 0 violations
     - the code meets OWASP and GDPR standards!"

batch_scan

Purpose: Scan multiple files efficiently

Usage: For scanning entire directories or projects

You: "Scan all files in the /api directory for compliance issues"

AI: [Uses batch_scan to check all files at once]

AI: "I've scanned 12 files in /api. Found 3 violations:
     - auth.py line 45: Weak password hashing
     - users.py line 23: SQL injection risk
     - config.py line 10: Hardcoded credentials"

get_config

Purpose: View current compliance configuration

Usage: Check which standards are being enforced

You: "What compliance standards are you checking against?"

AI: [Calls get_config]

AI: "Currently enforcing:
      OWASP Top 10
      GDPR
      HIPAA
      PCI-DSS
      SOC 2
      ISO 27001
     And 9 more standards..."

get_rules

Purpose: List available compliance rules

Usage: Understand what’s being checked

You: "What OWASP rules do you check?"

AI: [Calls get_rules with filter for OWASP]

AI: "Checking 127 OWASP rules including:
     - A01:2021 - Broken Access Control
     - A02:2021 - Cryptographic Failures
     - A03:2021 - Injection
     [full list...]"

health_check

Purpose: Verify backend connectivity

Usage: Test connection to app.aivory.net

You: "Is AIVory Guard working?"

AI: [Calls health_check]

AI: " AIVory Guard is healthy
     - Backend: app.aivory.net
     - Latency: 45ms
     - Status: All systems operational"

Common Usage Patterns

Explore the four primary patterns for integrating AIVory Guard into your workflow.

Generate and Scan
AI generates code and automatically scans it. Best for single file/function generation.
Scan Existing Code
Ask AI to scan code you’ve already written. Best for reviewing existing code.
Iterative Fixing
AI generates, finds violations, fixes them, and re-scans. Best for production-ready code.
Batch Project Scan
Scan an entire project at once. Best for project-wide compliance audits.
Pattern 1: Generate and Scan

The most common pattern - AI generates code and automatically scans it:

You: "Create a REST API endpoint for password reset"

AI: [Generates code with security best practices]
    [Automatically scans with scan_code]
    [Reports results]

Best for: Single file/function generation

Pattern 2: Scan Existing Code

Ask the AI to scan code you’ve already written:

You: "Scan this authentication module for HIPAA violations:
     [paste code]"

AI: [Uses scan_code to check the provided code]
    [Lists violations and suggests fixes]

Best for: Reviewing existing code

Pattern 3: Iterative Fixing

AI generates code, finds violations, and fixes them automatically:

You: "Create a secure login endpoint"

AI: [Generates initial code]
    [Scans and finds 2 violations]
    [Fixes the violations]
    [Re-scans to verify]

AI: "Created login endpoint. Fixed 2 security issues:
     1. Added rate limiting
     2. Upgraded to bcrypt password hashing
     Final scan: 0 violations "

Best for: Production-ready code generation

Pattern 4: Batch Project Scan

Scan an entire project at once:

You: "Scan my entire /src directory for PCI-DSS compliance"

AI: [Uses batch_scan on all project files]
    [Generates compliance report]

AI: "Scanned 47 files. Summary:
      42 files compliant
      5 files with violations (18 total violations)

     Critical issues:
     - payment.js: Unencrypted card data storage
     - api.js: Missing input validation
     [detailed breakdown...]"

Best for: Project-wide compliance audits


Understanding Scan Results

Violation Severity Levels

AIVory Guard classifies violations by severity:

Critical
Severe security vulnerabilities requiring immediate action. Example: SQL injection, authentication bypass.
High
Significant security issues that should be fixed urgently. Example: Weak password hashing, exposed secrets.
Medium
Security issues that should be addressed. Example: Missing input validation, insecure defaults.
Low
Minor issues or best practice violations. Example: Missing security headers, verbose error messages.
Note Always prioritize fixing Critical and High severity violations before addressing Medium and Low issues.
Scan Result Format (JSON)
{
  "status": "completed",
  "violations": [
    {
      "severity": "high",
      "standard": "OWASP",
      "rule": "A02:2021 - Cryptographic Failures",
      "message": "Weak password hashing algorithm detected",
      "line": 23,
      "column": 12,
      "suggestion": "Use bcrypt, Argon2, or PBKDF2 for password hashing"
    }
  ],
  "summary": {
    "total_violations": 1,
    "critical": 0,
    "high": 1,
    "medium": 0,
    "low": 0
  }
}

Best Practices

Follow these recommendations to maximize your compliance scanning effectiveness.

Scan Early and Often
Don’t wait until code review - scan as you generate code.
Be Specific About Standards
Specify which compliance standards matter for your project.
Let AI Fix Automatically
Ask the AI to fix issues it finds in one request.
Use Batch Scanning
For multiple files, use batch scanning for efficiency.
Best Practice Examples

Scan Early and Often

Good:

You: "Create a user registration function"
AI: [Generates and immediately scans]

Not Ideal:

You: "Create a user registration function"
     [Later...] "Now scan the entire codebase"

Be Specific About Standards

Good:

You: "Create a patient records API that meets HIPAA requirements"
AI: [Focuses on HIPAA-specific violations]

Less Effective:

You: "Create a patient records API"
AI: [Checks all standards, may miss HIPAA-specific issues]

Let AI Fix Violations Automatically

Good:

You: "Generate a login function and fix any violations found"
AI: [Generates, scans, fixes, re-scans automatically]

More Work:

You: "Generate a login function"
     "What violations did you find?"
     "Now fix them"
     "Scan again"

Use Batch Scanning for Projects

Efficient:

You: "Scan all files in /api for compliance"
AI: [Uses batch_scan for all files at once]

Slow:

You: "Scan auth.py"
     "Scan users.py"
     "Scan config.py"
     [etc...]

Example Conversations

See AIVory Guard in action with these real-world conversation examples.

Note These examples show the natural flow of AI-assisted development with automatic compliance scanning.
Example 1: Secure API Endpoint
You: Create a REST API endpoint for credit card processing that
     meets PCI-DSS requirements

AI: I'll create a secure credit card processing endpoint.

    [Generates code with:
     - TLS/SSL enforcement
     - Card data encryption at rest
     - Tokenization
     - Audit logging
     - Input validation]

    Let me scan this for PCI-DSS compliance...

     Scan complete: 0 violations found

    The endpoint meets all PCI-DSS requirements:
    - Card data is encrypted (AES-256)
    - Uses tokenization to avoid storing raw card numbers
    - TLS 1.2+ enforced for all connections
    - Comprehensive audit logging
    - Strong input validation
Example 2: HIPAA-Compliant Database
You: Design a patient database schema that's HIPAA compliant

AI: I'll create a HIPAA-compliant patient database schema.

    [Generates schema with:
     - Field-level encryption for PHI
     - Access control tables
     - Audit trail tables
     - Data retention policies]

    Scanning for HIPAA compliance...

    Found 1 medium severity issue:
    - Missing automatic encryption for email field

    Let me fix that...

     Fixed: Added encryption to email field
     Re-scan: 0 violations

    The schema now fully meets HIPAA requirements for
    Protected Health Information (PHI) storage.
Example 3: Security Audit
You: Audit my authentication module for security issues

AI: I'll scan your authentication module for security vulnerabilities.

    Scanning auth.py...

    Found 3 violations:

    HIGH - Line 45: Weak password hashing
     Using MD5 for passwords
     Recommendation: Migrate to bcrypt or Argon2

    MEDIUM - Line 67: No rate limiting
     Login endpoint vulnerable to brute force
     Recommendation: Add rate limiting (5 attempts per minute)

    LOW - Line 89: Verbose error messages
     Error messages reveal user existence
     Recommendation: Use generic error messages

    Would you like me to fix these issues?

Tips for Effective Use

Quick tips to get the most out of AIVory Guard in your development workflow.

Be Explicit
Tell the AI which compliance standards matter for your project to get more targeted results.
Review Results
Always review the AI’s fixes before deploying. Human oversight remains important.
Ask Questions
If a violation is unclear, ask the AI to explain it in more detail and provide context.
Note Combine these tips with the best practices above to create a robust compliance workflow.

Limitations

Understanding what AIVory Guard can and cannot do helps set appropriate expectations.

Warning AIVory Guard performs static code analysis only. It cannot detect runtime issues, business logic flaws, or infrastructure misconfigurations.
What AIVory Guard Can't Do
Runtime Analysis
</div>

<div class="docs-card-desc">Only scans static code, not runtime behavior.</div>
Business Logic
</div>

<div class="docs-card-desc">Cannot validate business-specific security requirements.</div>
Infrastructure
</div>

<div class="docs-card-desc">Does not check server or network configuration.</div>
Dependencies
</div>

<div class="docs-card-desc">Does not scan third-party libraries (coming soon).</div>
Recommended Complementary Tools

For comprehensive security coverage, complement AIVory Guard with these tools:

Tool Type Examples Purpose
SAST Tools SonarQube, Checkmarx Deeper static analysis
DAST Tools OWASP ZAP, Burp Suite Runtime testing
Dependency Scanners Dependabot, Snyk Library vulnerabilities
Manual Review Security team Critical system oversight

Next Steps

Continue your AIVory Guard journey with these resources.


Note Need help? Contact support or check the FAQ.