Helios

Helios is a Python-based MCP server that provides security-focused checks and guidance for code produced in AI-assisted development. It relies on the uv tool to manage Python projects and dependencies, and is started by running the helios.helios module. After obtaining a Bailian API key, you configure an MCP client to direct requests to the Helios MCP endpoint. The server exposes a security-checking workflow that can detect patterns like SQL injection, command injection, hardcoded credentials, and other common security issues, and it offers guidance via the MCP tool interface.

To use Helios, first install and run uv, then launch the server module with uv run -m helios.helios. Set the BAILIAN_API_KEY environment variable to authenticate with Bailian services. In MCP-compatible clients, add a server entry pointing to http://127.0.0.1:8000/mcp (as shown in the example configuration). Ensure your editor/project rules reference config/project_rules.md so MCP tools are properly invoked during development. When interacting with Helios, you can trigger its security checks and review the generated guidelines and suggested fixes through the MCP tool prompts and results.

Prerequisites:

• Python 3.12 or higher
• uv (Python project tooling) installed on your system

Installation steps:

1. Install uv (if not already installed):
   • Run the install script: curl -LsSf https://astral.sh/uv/install.sh | sh
2. Confirm uv is working and up to date:
   • uv self update
3. Install and bootstrap the Helios MCP server environment (no separate package installation required beyond uv):
   • Ensure you have a Bailian API key from https://bailian.console.aliyun.com
4. Start the Helios MCP server (from your project root):
   • Set the Bailian API key in your environment: export BAILIAN_API_KEY=your_key_here
   • Run the module via uv: uv run -m helios.helios
5. Configure an MCP client to connect to the server, for example: { "mcpServers": { "sec-server": { "url": "http://127.0.0.1:8000/mcp" } } }

Note: If you encounter issues with environment variables or module imports, verify your Python environment is active and uv is properly installed.

Tips and common notes:

• Ensure BAILIAN_API_KEY is set in the environment before starting the server.
• The MCP client configuration should point to http://127.0.0.1:8000/mcp (as shown in the example).
• Add config/project_rules.md to your editor's project rules to ensure MCP tools run correctly.
• You can include the following prompt snippet in inputs to enforce security guidelines: After writing files or generating files, you must call the MCP tool query_guide_line to query the best file security writing guidelines, then check and correct files according to the guidelines.
• Helios focuses on detecting SQL injection, command injection, file operation security, network request security, hardcoded credentials, weak encryption, and sensitive data leakage, among other checks.