Grok Chat for Visual Studio Code
A focused Grok coding workspace, directly inside VS Code.
Understand projects, discuss code, apply changes, and keep control of every workspace action.
[!IMPORTANT]
Grok Chat is an independent, unofficial extension. It is not affiliated with, endorsed by, or sponsored by xAI. Grok, xAI, and related names belong to their respective owners.
Why install Grok Chat?
Grok Chat brings conversation, project context, coding tools, model selection, and voice input into one VS Code sidebar. It is designed to feel native to your editor while keeping authentication and workspace permissions explicit.
- Native VS Code sidebar
- Project-aware chat and smart workspace context
- Grok OAuth login without an API key
- xAI API key support as a separate mode
- Ask Before Changes and Full Workspace Access controls
- Static, dynamically discovered, and custom model catalog
- Read, write, delete, and allowlisted terminal tools
- Conversation history and queued prompts
- Voice input with local and opt-in xAI providers
- Dark, light, and terminal-inspired appearances
- English, Spanish, Chinese, Portuguese, and French UI
@grok participant in the built-in VS Code Chat view
Preview
Screenshots
The preview above remains available from a public image host. Additional Marketplace screenshots will also use public URLs so they do not depend on a private source repository.
Get started
- Install Grok Chat from the Visual Studio Marketplace or from a trusted
.vsix.
- Open a folder in VS Code.
- Select the Grok Chat icon in the Activity Bar.
- Connect with Grok OAuth or an xAI API key.
- Choose a model and start a conversation.
The first-run experience can prepare a new project, integrate guidance into an existing project, or skip setup and open chat immediately.
Authentication: two separate modes
Grok Chat never treats OAuth and API billing as the same thing.
Mode 1 — Grok OAuth
- Opens the browser so you can sign in with your Grok account.
- Uses the subscription and access available to that account.
- Does not require an xAI API key.
- Stores the resulting OAuth session in VS Code Secret Storage.
Mode 2 — xAI API
- Requires an API key created for
api.x.ai.
- Uses the xAI API independently from the OAuth subscription mode.
- May consume paid credits or generate costs according to the xAI account.
- Stores the API key in VS Code Secret Storage.
If both credentials exist, Settings clearly shows which method is active. Switching methods does not silently delete the other credential.
Models
The model picker combines three sources:
- A stable built-in fallback so the extension remains usable offline or when discovery is unavailable.
- Models dynamically available to the active authenticated xAI account.
- Optional custom model IDs configured by the user.
Dynamic discovery is best effort. A discovery error never disables the static fallback.
Workspace context
| Mode |
What it includes |
Best for |
| Min |
Conversation and manually attached files or folders |
Quick questions and maximum context control |
| Smart |
A focused project tree plus a small set of relevant files |
Everyday coding; recommended |
| Deep |
A broader tree and more key-file content |
Architecture reviews and larger tasks |
Automatic context excludes common credential-bearing files such as .env, private keys, and cloud credential files. Regular files can still be attached manually when appropriate.
Permissions and user control
| Mode |
Reads |
Writes, deletes, terminal |
| Ask Before Changes |
Allowed automatically inside the workspace |
Requires confirmation before each protected action, unless allowed for the current chat |
| Full Workspace Access |
Allowed automatically inside the workspace |
Allowed tools run without repeated prompts after VS Code trusts the workspace |
Both modes retain these controls:
- Paths are constrained to the open workspace.
- Absolute paths and traversal outside the workspace are rejected.
- Symlink and junction escapes are checked against canonical paths.
- Terminal commands are restricted by allowlist and denylist policies.
- Full Workspace Access requires VS Code Workspace Trust.
- A repository cannot grant itself Full Workspace Access through workspace settings.
Grok Chat cannot use its agent file tools to browse or change arbitrary locations outside the open workspace. Full Workspace Access is not an operating-system sandbox; enable it only for workspaces and tasks you trust.
Privacy
Grok Chat does not include advertising, analytics, or behavioral telemetry, and it does not sell personal data.
When you send a model request, the payload can include:
- Your prompt and conversation messages.
- Files or folders you attached.
- Project context produced by the selected context mode.
- Tool definitions and tool results required to complete the conversation.
Additional network activity occurs only for the feature being used:
- OAuth communicates with xAI authentication services.
- API chat communicates with the allowlisted
api.x.ai endpoint.
- SuperGrok usage refresh performs a separate authenticated usage request.
- Local voice stays on the device.
- Opt-in xAI voice sends microphone audio to xAI for transcription while the microphone session is active.
OAuth tokens, API keys, and a dedicated voice key are persisted only through VS Code Secret Storage. Chat history is stored locally in VS Code workspace storage after secret redaction; embedded image data is not retained in persisted history. Temporary xAI voice recordings are deleted on a best-effort basis after transcription.
Security
- OAuth authorization code flow with PKCE, state, and nonce validation.
- OS-backed VS Code Secret Storage for persisted credentials.
- Strict allowlist before authentication headers can be sent.
- Webview Content Security Policy and validated message types.
- Escaped model output; raw model HTML is not executed.
- Secret redaction in errors, history, and tool activity.
- Workspace Trust, path protection, and protected tool approval.
To report a security concern, follow the instructions in the extension's SECURITY.md file or contact the publisher privately through An Unknown Artist.
The microphone communicates its current state: ready, opening, listening, processing, or error.
- Local: private Windows speech recognition with system dictation fallback.
- xAI: opt-in cross-platform transcription; requires explicit consent, FFmpeg, and may be metered.
- Auto: selects local voice on Windows and xAI voice on macOS or Linux.
The phrase grok send can submit the final transcript hands-free. If a response is already running, the prompt joins the existing queue.
VS Code Chat
Use @grok in the built-in Chat view:
/explain
/fix
/tests
/refactor
Commands
| Command |
Purpose |
| Grok Chat: Open Grok Chat |
Focus the sidebar |
| Grok Chat: Sign in with SuperGrok |
Start OAuth login |
| Grok Chat: Sign out |
Clear the session and local secrets |
| Grok Chat: Open Connect Screen |
Manage authentication |
| Grok Chat: Clear API Key only |
Remove only the stored API key |
| Grok Chat: Open VS Code Chat with @grok |
Open the built-in Chat view |
Requirements
- Visual Studio Code 1.104 or later, or a compatible host.
- A Grok account with applicable access, or an xAI API key.
- An open workspace folder for project context and file tools.
- Microphone permission for voice input.
- FFmpeg only when using xAI voice capture.
FAQ
Is this an official xAI extension?
No. Grok Chat is independent and is not affiliated with, endorsed by, or sponsored by xAI.
Does OAuth use my API credits?
OAuth and API key mode are separate. OAuth uses access associated with the signed-in Grok account. API key mode uses api.x.ai and may consume paid API credits.
Can a project enable Full Workspace Access itself?
No. The extension accepts Full Workspace Access only from the user's global configuration and only after VS Code trusts the workspace.
Are my credentials stored in the project?
No. Persisted credentials use VS Code Secret Storage, not project files or normal workspace settings.
Why do some models appear or disappear?
Dynamic models reflect what the active account reports. The built-in fallback remains available when discovery cannot be completed, and custom model IDs can be added in Settings.
Troubleshooting
Login does not complete
- Finish the browser authorization and return to VS Code.
- Retry Sign in with SuperGrok from the Command Palette.
- Check whether a firewall is blocking the temporary localhost OAuth callback.
API key validation fails
- Confirm the key belongs to xAI and has access to the chosen model.
- Check account credits and endpoint permissions.
- Save without validation only when you understand that the first real request may still fail.
- Open a folder rather than an empty VS Code window.
- Trust the workspace for protected actions.
- Check whether Ask Before Changes is waiting for an approval card.
- Allow microphone access for the VS Code host application in operating-system privacy settings.
- For xAI voice, install FFmpeg or configure its machine-specific path.
- Select a microphone device if automatic detection chooses the wrong input.
Known issues
- Dynamic model discovery depends on the active account and may fall back to the built-in catalog.
- Local voice quality depends on installed Windows speech languages.
- xAI voice requires FFmpeg and explicit consent.
- Compatible VS Code forks may expose different Chat or microphone behavior.
- The current Marketplace preview is a static image; an animated demonstration will be added only when a genuine workflow recording is available.
Created by An Unknown Artist.