io.github.corbat-tech/coding-standards
编码与调试by corbat-tech
提供面向生产环境的 AI coding standards,以 DDD、SOLID、TDD 作为约束与护栏。
什么是 io.github.corbat-tech/coding-standards?
提供面向生产环境的 AI coding standards,以 DDD、SOLID、TDD 作为约束与护栏。
README
CORBAT MCP
AI Coding Standards Server
AI-generated code that passes code review on the first try.
Works with GitHub Copilot, Continue, Cline, Tabnine, Amazon Q, and 25+ more tools
⚡ Try it in 30 seconds — just add the config below and start coding.
</div>The Problem
AI-generated code works, but rarely passes code review:
| Without Corbat | With Corbat |
|---|---|
| Methods with 50+ lines | Max 20 lines per method |
| No dependency injection | Proper DI with interfaces |
throw new Error('failed') | Custom exceptions with context |
| Missing or minimal tests | Tests included, TDD approach |
| God classes, mixed concerns | SOLID principles, clean layers |
| Works on my machine | Production-ready patterns |
Sound familiar? You spend more time fixing AI code than writing it yourself.
Corbat MCP solves this by injecting your team's coding standards before the AI generates code — not after.
Quick Start
1. Add to your MCP config:
{
"mcpServers": {
"corbat": {
"command": "npx",
"args": ["-y", "@corbat-tech/coding-standards-mcp"]
}
}
}
2. Config file location:
| Tool | Location |
|---|---|
| Cursor | .cursor/mcp.json |
| VS Code | .vscode/mcp.json |
| Windsurf | ~/.codeium/windsurf/mcp_config.json |
| JetBrains | Settings → AI Assistant → MCP |
| Claude Desktop | ~/.config/Claude/claude_desktop_config.json |
| Claude Code | claude mcp add corbat -- npx -y @corbat-tech/coding-standards-mcp |
Complete setup guide for all 25+ tools
3. Done! Corbat auto-detects your stack and applies the right standards.
Zero overhead. Corbat runs locally and adds ~50ms to detect your stack. After that, it's just context for the AI.
Fully customizable. Don't like a rule? Override it in
.corbat.json. Jump to customization →
See It In Action
You: "Create a user registration service"
Without Corbat, you get:
class UserService {
private users: Map<string, User> = new Map();
register(name: string, email: string, password: string) {
if (!name || !email || !password) throw new Error('Invalid input');
const user = { id: crypto.randomUUID(), name, email, password };
this.users.set(user.id, user);
return user;
}
}
// ✗ Hardcoded storage ✗ Password in plain text ✗ Generic error ✗ No tests
With Corbat, you get:
// Domain
interface UserRepository {
save(user: User): Promise<void>;
findByEmail(email: string): Promise<User | null>;
}
class EmailAlreadyExistsError extends Error {
constructor(email: string) {
super(`Email already registered: ${email}`);
}
}
// Application
class RegisterUserUseCase {
constructor(
private readonly repository: UserRepository,
private readonly hasher: PasswordHasher
) {}
async execute(input: RegisterUserInput): Promise<User> {
const existing = await this.repository.findByEmail(input.email);
if (existing) throw new EmailAlreadyExistsError(input.email);
const user = User.create({
...input,
password: await this.hasher.hash(input.password)
});
await this.repository.save(user);
return user;
}
}
// ✓ Repository interface ✓ Password hashing ✓ Custom error ✓ Testable
// Test included
describe('RegisterUserUseCase', () => {
const repository = { save: vi.fn(), findByEmail: vi.fn() };
const hasher = { hash: vi.fn() };
const useCase = new RegisterUserUseCase(repository, hasher);
beforeEach(() => vi.clearAllMocks());
it('should hash password before saving', async () => {
repository.findByEmail.mockResolvedValue(null);
hasher.hash.mockResolvedValue('hashed_password');
await useCase.execute({ name: 'John', email: 'john@test.com', password: 'secret' });
expect(hasher.hash).toHaveBeenCalledWith('secret');
expect(repository.save).toHaveBeenCalledWith(
expect.objectContaining({ password: 'hashed_password' })
);
});
it('should reject duplicate emails', async () => {
repository.findByEmail.mockResolvedValue({ id: '1', email: 'john@test.com' });
await expect(
useCase.execute({ name: 'John', email: 'john@test.com', password: 'secret' })
).rejects.toThrow(EmailAlreadyExistsError);
});
});
This is what "passes code review on the first try" looks like.
What Corbat Enforces
Corbat injects these guardrails before code generation:
Code Quality
| Rule | Why It Matters |
|---|---|
| Max 20 lines per method | Readable, testable, single-purpose functions |
| Max 200 lines per class | Single Responsibility Principle |
| Meaningful names | No data, info, temp, x |
| No magic numbers | Constants with descriptive names |
Architecture
| Rule | Why It Matters |
|---|---|
| Interfaces for dependencies | Testable code, easy mocking |
| Layer separation | Domain logic isolated from infrastructure |
| Hexagonal/Clean patterns | Framework-agnostic business rules |
Error Handling
| Rule | Why It Matters |
|---|---|
| Custom exceptions | UserNotFoundError vs Error('not found') |
| Error context | Include IDs, values, state in errors |
| No empty catches | Every error handled or propagated |
Security (verified against OWASP Top 10)
| Rule | Why It Matters |
|---|---|
| Input validation | Reject bad data at boundaries |
| No hardcoded secrets | Environment variables only |
| Parameterized queries | Prevent SQL injection |
| Output encoding | Prevent XSS |
Benchmark Results v3.0
We evaluated Corbat across 15 real-world scenarios in 6 languages.
The Key Insight
Corbat generates focused, production-ready code — not verbose boilerplate:
| Scenario | With Corbat | Without Corbat | What This Means |
|---|---|---|---|
| Kotlin Coroutines | 236 lines | 1,923 lines | Same functionality, 8x less to maintain |
| Java Hexagonal | 623 lines | 2,740 lines | Clean architecture without the bloat |
| Go Clean Arch | 459 lines | 2,012 lines | Idiomatic Go, not Java-in-Go |
| TypeScript NestJS | 395 lines | 1,554 lines | Right patterns, right size |
This isn't "less code for less code's sake" — it's the right abstractions without over-engineering.
Value Metrics
When we measure what actually matters for production code:
| Metric | Result | What It Means |
|---|---|---|
| Code Reduction | 67% | Less to maintain, review, and debug |
| Security | 100% | Zero vulnerabilities across all scenarios |
| Maintainability | 93% win | Easier to understand and modify |
| Architecture Efficiency | 87% win | Better patterns per line of code |
| Cognitive Load | -59% | Faster onboarding for new developers |
Security: Zero Vulnerabilities Detected
Every scenario was analyzed using pattern detection for OWASP Top 10 vulnerabilities:
- ✓ No SQL/NoSQL injection patterns
- ✓ No XSS vulnerabilities
- ✓ No hardcoded credentials
- ✓ Input validation at all boundaries
- ✓ Proper error messages (no stack traces to users)
Languages & Patterns Tested
| Language | Scenarios | Patterns |
|---|---|---|
| ☕ Java | 5 | Spring Boot, DDD Aggregates, Hexagonal, Kafka Events, Saga |
| 📘 TypeScript | 4 | Express REST, NestJS Clean, React Components, Next.js Full-Stack |
| 🐍 Python | 2 | FastAPI CRUD, Repository Pattern |
| 🐹 Go | 2 | HTTP Handlers, Clean Architecture |
| 🦀 Rust | 1 | Axum with Repository Trait |
| 🟣 Kotlin | 1 | Coroutines + Strategy Pattern |
📖 Full benchmark methodology · Value analysis
Built-in Profiles
Corbat auto-detects your stack and applies the right standards:
| Profile | Stack | What You Get |
|---|---|---|
java-spring-backend | Java 21 + Spring Boot 3 | Hexagonal + DDD, TDD with 80%+ coverage |
kotlin-spring | Kotlin + Spring Boot 3 | Coroutines, Kotest + MockK |
nodejs | Node.js + TypeScript | Clean Architecture, Vitest |
nextjs | Next.js 14+ | App Router patterns, Server Components |
react | React 18+ | Hooks, Testing Library, accessible components |
vue | Vue 3.5+ | Composition API, Vitest |
angular | Angular 19+ | Standalone components, Jest |
python | Python + FastAPI | Async patterns, pytest |
go | Go 1.22+ | Idiomatic Go, table-driven tests |
rust | Rust + Axum | Ownership patterns, proptest |
csharp-dotnet | C# 12 + ASP.NET Core 8 | Clean + CQRS, xUnit |
flutter | Dart 3 + Flutter | BLoC/Riverpod, widget tests |
Auto-detection: Corbat reads pom.xml, package.json, go.mod, Cargo.toml, etc.
When to Use Corbat
| Use Case | Why Corbat Helps |
|---|---|
| Starting a new project | Correct architecture from day one |
| Teams with juniors | Everyone produces senior-level patterns |
| Strict code review standards | AI code meets your bar automatically |
| Regulated industries | Consistent security and documentation |
| Legacy modernization | New code follows modern patterns |
When Corbat Might Not Be Needed
- Quick prototypes where quality doesn't matter
- One-off scripts you'll throw away
- Learning projects where you want to make mistakes
Customize
Option 1: Interactive Setup
npx corbat-init
Detects your stack and generates a .corbat.json with sensible defaults.
Option 2: Manual Configuration
Create .corbat.json in your project root:
{
"profile": "java-spring-backend",
"architecture": {
"pattern": "hexagonal",
"layers": ["domain", "application", "infrastructure", "api"]
},
"quality": {
"maxMethodLines": 20,
"maxClassLines": 200,
"minCoverage": 80
},
"rules": {
"always": [
"Use records for DTOs",
"Prefer Optional over null"
],
"never": [
"Use field injection",
"Catch generic Exception"
]
}
}
Option 3: Use a Template
Browse 14 ready-to-use templates for Java, Python, Node.js, React, Go, Rust, and more.
How It Works
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Your Prompt │────▶│ Corbat MCP │────▶│ AI + Rules │
└─────────────┘ └──────┬──────┘ └─────────────┘
│
┌──────────────┼──────────────┐
▼ ▼ ▼
┌────────────┐ ┌────────────┐ ┌────────────┐
│ 1. Detect │ │ 2. Load │ │ 3. Inject │
│ Stack │ │ Profile │ │ Guardrails │
└────────────┘ └────────────┘ └────────────┘
pom.xml hexagonal max 20 lines
package.json + DDD + interfaces
go.mod + SOLID + custom errors
Corbat doesn't modify AI output — it ensures the AI knows your standards before generating.
Important: Corbat provides context and guidelines to the AI. The actual code quality depends on how well the AI model follows these guidelines. In our testing, models like Claude and GPT-4 consistently respect these guardrails.
Documentation
| Resource | Description |
|---|---|
| Setup Guide | Installation for Cursor, VS Code, JetBrains, and 25+ more |
| Templates | Ready-to-use .corbat.json configurations |
| Compatibility | Full list of supported AI tools |
| Benchmark Analysis | Detailed results from 15 scenarios |
| API Reference | Tools, prompts, and configuration options |
<div align="center">
Stop fixing AI code. Start shipping it.
Add to your MCP config and you're done:
{ "mcpServers": { "corbat": { "command": "npx", "args": ["-y", "@corbat-tech/coding-standards-mcp"] }}}
Your code reviews will thank you.
Developed by corbat-tech
</div>常见问题
io.github.corbat-tech/coding-standards 是什么?
提供面向生产环境的 AI coding standards,以 DDD、SOLID、TDD 作为约束与护栏。
相关 Skills
网页构建器
by anthropics
面向复杂 claude.ai HTML artifact 开发,快速初始化 React + Tailwind CSS + shadcn/ui 项目并打包为单文件 HTML,适合需要状态管理、路由或多组件交互的页面。
✎ 在 claude.ai 里做复杂网页 Artifact 很省心,多组件、状态和路由都能顺手搭起来,React、Tailwind 与 shadcn/ui 组合效率高、成品也更精致。
前端设计
by anthropics
面向组件、页面、海报和 Web 应用开发,按鲜明视觉方向生成可直接落地的前端代码与高质感 UI,适合做 landing page、Dashboard 或美化现有界面,避开千篇一律的 AI 审美。
✎ 想把页面做得既能上线又有设计感,就用前端设计:组件到整站都能产出,难得的是能避开千篇一律的 AI 味。
网页应用测试
by anthropics
用 Playwright 为本地 Web 应用编写自动化测试,支持启动开发服务器、校验前端交互、排查 UI 异常、抓取截图与浏览器日志,适合调试动态页面和回归验证。
✎ 借助 Playwright 一站式验证本地 Web 应用前端功能,调 UI 时还能同步查看日志和截图,定位问题更快。
相关 MCP Server
GitHub
编辑精选by GitHub
GitHub 是 MCP 官方参考服务器,让 Claude 直接读写你的代码仓库和 Issues。
✎ 这个参考服务器解决了开发者想让 AI 安全访问 GitHub 数据的问题,适合需要自动化代码审查或 Issue 管理的团队。但注意它只是参考实现,生产环境得自己加固安全。
Context7 文档查询
编辑精选by Context7
Context7 是实时拉取最新文档和代码示例的智能助手,让你告别过时资料。
✎ 它能解决开发者查找文档时信息滞后的问题,特别适合快速上手新库或跟进更新。不过,依赖外部源可能导致偶尔的数据延迟,建议结合官方文档使用。
by tldraw
tldraw 是让 AI 助手直接在无限画布上绘图和协作的 MCP 服务器。
✎ 这解决了 AI 只能输出文本、无法视觉化协作的痛点——想象让 Claude 帮你画流程图或白板讨论。最适合需要快速原型设计或头脑风暴的开发者。不过,目前它只是个基础连接器,你得自己搭建画布应用才能发挥全部潜力。