Summary
This is a linter-as-context for AI code generation. It injects coding standards into your LLM's prompts before it writes code, enforcing patterns like DDD layers, SOLID principles, dependency injection, custom exceptions, and max line counts per method. Works via stdio with Cursor, VS Code, Claude Desktop, and other MCP clients. The value prop is reducing the AI slop that technically runs but fails code review. Instead of fixing generated code after the fact, you get repository interfaces, proper error types, and test scaffolding from the first output. Configure once in your MCP settings, optionally override rules in `.corbat.json`, and it auto-detects your stack to apply relevant guardrails.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
CORBAT MCP
AI Coding Standards Server
AI-generated code that passes code review on the first try.
Works with GitHub Copilot, Continue, Cline, Tabnine, Amazon Q, and 25+ more tools
⚡ Try it in 30 seconds — just add the config below and start coding.
The Problem
AI-generated code works, but rarely passes code review:
| Without Corbat | With Corbat |
|---|---|
| Methods with 50+ lines | Max 20 lines per method |
| No dependency injection | Proper DI with interfaces |
throw new Error('failed') | Custom exceptions with context |
| Missing or minimal tests | Tests included, TDD approach |
| God classes, mixed concerns | SOLID principles, clean layers |
| Works on my machine | Production-ready patterns |
Sound familiar? You spend more time fixing AI code than writing it yourself.
Corbat MCP solves this by injecting your team's coding standards before the AI generates code — not after.
Quick Start
1. Add to your MCP config:
{
"mcpServers": {
"corbat": {
"command": "npx",
"args": ["-y", "@corbat-tech/coding-standards-mcp"]
}
}
}
2. Config file location:
| Tool | Location |
|---|---|
| Cursor | .cursor/mcp.json |
| VS Code | .vscode/mcp.json |
| Windsurf | ~/.codeium/windsurf/mcp_config.json |
| JetBrains | Settings → AI Assistant → MCP |
| Claude Desktop | ~/.config/Claude/claude_desktop_config.json |
| Claude Code | claude mcp add corbat -- npx -y @corbat-tech/coding-standards-mcp |
Complete setup guide for all 25+ tools
3. Done! Corbat auto-detects your stack and applies the right standards.
Zero overhead. Corbat runs locally and adds ~50ms to detect your stack. After that, it's just context for the AI.
Fully customizable. Don't like a rule? Override it in
.corbat.json. Jump to customization →
See It In Action
You: "Create a user registration service"
Without Corbat, you get:
class UserService {
private users: Map<string, User> = new Map();
register(name: string, email: string, password: string) {
if (!name || !email || !password) throw new Error('Invalid input');
const user = { id: crypto.randomUUID(), name, email, password };
this.users.set(user.id, user);
return user;
}
}
// ✗ Hardcoded storage ✗ Password in plain text ✗ Generic error ✗ No tests
With Corbat, you get:
// Domain
interface UserRepository {
save(user: User): Promise<void>;
findByEmail(email: string): Promise<User | null>;
}
class EmailAlreadyExistsError extends Error {
constructor(email: string) {
super(`Email already registered: ${email}`);
}
}
// Application
class RegisterUserUseCase {
constructor(
private readonly repository: UserRepository,
private readonly hasher: PasswordHasher
) {}
async execute(input: RegisterUserInput): Promise<User> {
const existing = await this.repository.findByEmail(input.email);
if (existing) throw new EmailAlreadyExistsError(input.email);
const user = User.create({
...input,
password: await this.hasher.hash(input.password)
});
await this.repository.save(user);
return user;
}
}
// ✓ Repository interface ✓ Password hashing ✓ Custom error ✓ Testable
// Test included
describe('RegisterUserUseCase', () => {
const repository = { save: vi.fn(), findByEmail: vi.fn() };
const hasher = { hash: vi.fn() };
const useCase = new RegisterUserUseCase(repository, hasher);
beforeEach(() => vi.clearAllMocks());
it('should hash password before saving', async () => {
repository.findByEmail.mockResolvedValue(null);
hasher.hash.mockResolvedValue('hashed_password');
await useCase.execute({ name: 'John', email: 'john@test.com', password: 'secret' });
expect(hasher.hash).toHaveBeenCalledWith('secret');
expect(repository.save).toHaveBeenCalledWith(
expect.objectContaining({ password: 'hashed_password' })
);
});
it('should reject duplicate emails', async () => {
repository.findByEmail.mockResolvedValue({ id: '1', email: 'john@test.com' });
await expect(
useCase.execute({ name: 'John', email: 'john@test.com', password: 'secret' })
).rejects.toThrow(EmailAlreadyExistsError);
});
});
This is what "passes code review on the first try" looks like.
What Corbat Enforces
Corbat injects these guardrails before code generation:
Code Quality
| Rule | Why It Matters |
|---|---|
| Max 20 lines per method | Readable, testable, single-purpose functions |
| Max 200 lines per class | Single Responsibility Principle |
| Meaningful names | No data, info, temp, x |
| No magic numbers | Constants with descriptive names |
Architecture
| Rule | Why It Matters |
|---|---|
| Interfaces for dependencies | Testable code, easy mocking |
| Layer separation | Domain logic isolated from infrastructure |
| Hexagonal/Clean patterns | Framework-agnostic business rules |
Error Handling
| Rule | Why It Matters |
|---|---|
| Custom exceptions | UserNotFoundError vs Error('not found') |
| Error context | Include IDs, values, state in errors |
| No empty catches | Every error handled or propagated |
Security (verified against OWASP Top 10)
| Rule | Why It Matters |
|---|---|
| Input validation | Reject bad data at boundaries |
| No hardcoded secrets | Environment variables only |
| Parameterized queries | Prevent SQL injection |
| Output encoding | Prevent XSS |
Benchmark Results v3.0
We evaluated Corbat across 15 real-world scenarios in 6 languages.
The Key Insight
Corbat generates focused, production-ready code — not verbose boilerplate:
| Scenario | With Corbat | Without Corbat | What This Means |
|---|---|---|---|
| Kotlin Coroutines | 236 lines | 1,923 lines | Same functionality, 8x less to maintain |
| Java Hexagonal | 623 lines | 2,740 lines | Clean architecture without the bloat |
| Go Clean Arch | 459 lines | 2,012 lines | Idiomatic Go, not Java-in-Go |
| TypeScript NestJS | 395 lines | 1,554 lines | Right patterns, right size |
This isn't "less code for less code's sake" — it's the right abstractions without over-engineering.
Value Metrics
When we measure what actually matters for production code:
| Metric | Result | What It Means |
|---|---|---|
| Code Reduction | 67% | Less to maintain, review, and debug |
| Security | 100% | Zero vulnerabilities across all scenarios |
| Maintainability | 93% win | Easier to understand and modify |
| Architecture Efficiency | 87% win | Better patterns per line of code |
| Cognitive Load | -59% | Faster onboarding for new developers |
Security: Zero Vulnerabilities Detected
Every scenario was analyzed using pattern detection for OWASP Top 10 vulnerabilities:
- ✓ No SQL/NoSQL injection patterns
- ✓ No XSS vulnerabilities
- ✓ No hardcoded credentials
- ✓ Input validation at all boundaries
- ✓ Proper error messages (no stack traces to users)
Languages & Patterns Tested
| Language | Scenarios | Patterns |
|---|---|---|
| ☕ Java | 5 | Spring Boot, DDD Aggregates, Hexagonal, Kafka Events, Saga |
| 📘 TypeScript | 4 | Express REST, NestJS Clean, React Components, Next.js Full-Stack |
| 🐍 Python | 2 | FastAPI CRUD, Repository Pattern |
| 🐹 Go | 2 | HTTP Handlers, Clean Architecture |
| 🦀 Rust | 1 | Axum with Repository Trait |
| 🟣 Kotlin | 1 | Coroutines + Strategy Pattern |
📖 Full benchmark methodology · Value analysis
Built-in Profiles
Corbat auto-detects your stack and applies the right standards:
| Profile | Stack | What You Get |
|---|---|---|
java-spring-backend | Java 21 + Spring Boot 3 | Hexagonal + DDD, TDD with 80%+ coverage |
kotlin-spring | Kotlin + Spring Boot 3 | Coroutines, Kotest + MockK |
nodejs | Node.js + TypeScript | Clean Architecture, Vitest |
nextjs | Next.js 14+ | App Router patterns, Server Components |
react | React 18+ | Hooks, Testing Library, accessible components |
vue | Vue 3.5+ | Composition API, Vitest |
angular | Angular 19+ | Standalone components, Jest |
python | Python + FastAPI | Async patterns, pytest |
go | Go 1.22+ | Idiomatic Go, table-driven tests |
rust | Rust + Axum | Ownership patterns, proptest |
csharp-dotnet | C# 12 + ASP.NET Core 8 | Clean + CQRS, xUnit |
flutter | Dart 3 + Flutter | BLoC/Riverpod, widget tests |
Auto-detection: Corbat reads pom.xml, package.json, go.mod, Cargo.toml, etc.
When to Use Corbat
| Use Case | Why Corbat Helps |
|---|---|
| Starting a new project | Correct architecture from day one |
| Teams with juniors | Everyone produces senior-level patterns |
| Strict code review standards | AI code meets your bar automatically |
| Regulated industries | Consistent security and documentation |
| Legacy modernization | New code follows modern patterns |
When Corbat Might Not Be Needed
- Quick prototypes where quality doesn't matter
- One-off scripts you'll throw away
- Learning projects where you want to make mistakes
Customize
Option 1: Interactive Setup
npx corbat-init
Detects your stack and generates a .corbat.json with sensible defaults.
Option 2: Manual Configuration
Create .corbat.json in your project root:
{
"profile": "java-spring-backend",
"architecture": {
"pattern": "hexagonal",
"layers": ["domain", "application", "infrastructure", "api"]
},
"quality": {
"maxMethodLines": 20,
"maxClassLines": 200,
"minCoverage": 80
},
"rules": {
"always": [
"Use records for DTOs",
"Prefer Optional over null"
],
"never": [
"Use field injection",
"Catch generic Exception"
]
}
}
Option 3: Use a Template
Browse 14 ready-to-use templates for Java, Python, Node.js, React, Go, Rust, and more.
How It Works
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Your Prompt │────▶│ Corbat MCP │────▶│ AI + Rules │
└─────────────┘ └──────┬──────┘ └─────────────┘
│
┌──────────────┼──────────────┐
▼ ▼ ▼
┌────────────┐ ┌────────────┐ ┌────────────┐
│ 1. Detect │ │ 2. Load │ │ 3. Inject │
│ Stack │ │ Profile │ │ Guardrails │
└────────────┘ └────────────┘ └────────────┘
pom.xml hexagonal max 20 lines
package.json + DDD + interfaces
go.mod + SOLID + custom errors
Corbat doesn't modify AI output — it ensures the AI knows your standards before generating.
Important: Corbat provides context and guidelines to the AI. The actual code quality depends on how well the AI model follows these guidelines. In our testing, models like Claude and GPT-4 consistently respect these guardrails.
Documentation
| Resource | Description |
|---|---|
| Setup Guide | Installation for Cursor, VS Code, JetBrains, and 25+ more |
| Templates | Ready-to-use .corbat.json configurations |
| Compatibility | Full list of supported AI tools |
| Benchmark Analysis | Detailed results from 15 scenarios |
| API Reference | Tools, prompts, and configuration options |
Stop fixing AI code. Start shipping it.
Add to your MCP config and you're done:
{ "mcpServers": { "corbat": { "command": "npx", "args": ["-y", "@corbat-tech/coding-standards-mcp"] }}}
Your code reviews will thank you.
Developed by corbat-tech
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Registryactive
Package@corbat-tech/coding-standards-mcp
TransportSTDIO
UpdatedJan 21, 2026