DevGuard IDE Plugin

Kubernetes YAML, Dockerfile, GitHub Actions, LLM prompt, and Cursor skill policy scanning for VS Code, Cursor, and Amazon Kiro. Uses nctl for Kubernetes scans and MCP/CLI integration for extended scan types; supports remediation and AI-powered fix/explain where applicable.

Overview

• Scan on save / debounced edit – Kubernetes YAML on save; prompts, skills, Dockerfiles, and GitHub Actions workflows on edit (debounced, per settings)
• Policy contexts – Local baseline (offline) or Central (Nirmata Control Hub)
• Fix – Safe defaults (nctl remediate) or AI (nctl ai) for supported kinds; fix one violation or all
• Explain – AI explanation (Kubernetes, Dockerfile, GitHub Actions; not for prompt/skills MCP scans)
• Policy exception – Request workflow for applicable Kubernetes/Dockerfile/GitHub Actions findings
• Self-check – Validate nctl, auth, policy mode, and cache

What gets scanned

Workflow YAML is detected by path and/or by a small heuristic (on: and jobs: near the top of the file).

Prerequisites

• nctl – Installation
• VS Code 1.74+ / Cursor / Amazon Kiro

Usage

1. Open a supported file (YAML manifest, Dockerfile, workflow, prompt, or file under a skill root).
2. Save or edit – DevGuard scans and shows violations in the Problems panel and editor.
3. Use a violation’s lightbulb or DevGuard: Show Violation Actions – Fix with Safe Defaults, Fix with AI, Explain, or Request Policy Exception (where supported).

Policy modes: Local = offline, no login. Central = NCH, requires login; supports RBAC.

Configure globs, debounce, and policy URLs under Settings → DevGuard.

License & support

• License: Apache-2.0
• Documentation · Nirmata Support