Security Agent – VS Code / Cursor Extension
Run security checks and tests alongside your code. The extension talks to the Security Agent API and shows findings in the editor (Problems panel and squiggles) and runs tests (e.g. pytest or npm test) on demand or on save.
Requirements
- Security Agent must be running (e.g.
python -m uvicorn security_agent.api.main:app --port 9000 from the agent folder with PYTHONPATH set). Default URL is http://localhost:9000.
Commands
| Command |
Description |
| Security Agent: Run security check |
Scans the workspace folder via the agent and shows findings as diagnostics. |
| Security Agent: Run tests |
Runs the configured test command (e.g. pytest) in the workspace. |
| Security Agent: Run check & tests |
Runs both security check and tests. |
| Security Agent: Clear findings |
Clears all Security Agent diagnostics from the Problems panel. |
Configuration
securityAgent.url – Agent API base URL (default: http://localhost:9000).securityAgent.runOnSave – Run on file save: off, check, tests, or both (default: off).securityAgent.testCommand – Command to run tests (default: pytest). Can include args, e.g. npm test.securityAgent.testArgs – Extra arguments for the test command (e.g. ["-v", "--tb=short"]).securityAgent.debounceMs – Debounce delay in ms before running check/tests on save (default: 1500).
Run on save
Set securityAgent.runOnSave to check, tests, or both. After you save a file, the extension will wait for the debounce period, then run the selected action(s). Results appear in the Security Agent output channel and (for checks) in the Problems panel.
Install (development)
- Open the
agent/extension folder in VS Code or Cursor.
- Run npm install, then npm run compile.
- Press F5 to launch an Extension Development Host; open your project folder there and use the commands.
Package (vsix)
From agent/extension run:
npm install
npm run compile
npx @vscode/vsce package
Install the generated .vsix via Extensions > ... > Install from VSIX.
Publish to the VS Code Marketplace
See PUBLISHING.md for step-by-step instructions: create a publisher, log in with vsce, and run vsce publish. Before publishing, set your publisher and repository (and optional bugs) URL in package.json.
Status bar
The status bar item shows Security Agent by default. After a check it shows OK (no findings) or the number of findings; after tests it shows Tests passed or Tests failed. Clicking it does nothing by default; use the Command Palette for actions.
