Code Insight AI
AI-powered code analysis for VS Code and Cursor IDE.
Code Insight AI acts like a Staff Engineer reviewing your code in real time. It analyzes the currently open file (and optionally your entire project) to provide explanations, architectural insights, security reviews, performance suggestions, bug detection, and visual Mermaid flow diagrams.
Features
- Framework Detection — React, React Native, Next.js, Node.js, Express, NestJS, Vue, Angular, Electron, Expo, Fastify, Hono, Remix, Svelte, TypeScript, JavaScript
- Deep File Analysis — Overview, imports, exports, functions, variables, React/Node-specific patterns
- Execution Flow — Human-readable runtime trace with async/API/DB/hook annotations
- Call Graph & Mermaid Diagrams — Flowcharts, sequence diagrams, dependency graphs with one-click copy
- Bug Detection — Missing await, unhandled promises, infinite loops, missing cleanup, high complexity
- Security Scanner — XSS, SQL/NoSQL injection, command injection, hardcoded secrets, path traversal
- Performance Review — Nested loops, N+1 queries, sync I/O, re-render hotspots
- Code Quality Scoring — SOLID notes, DRY violations, 1–10 health score
- Refactoring Suggestions — With before/after examples
- Multi-Level Explanations — Beginner, intermediate, expert
- Project-Wide Context — Cross-file imports, routes, services, utilities
- Interactive Sidebar — Expandable sections, search/filter, copy, refresh, pin
- Report Export — Markdown, HTML, JSON, PDF (via print)
- AI Chat — Ask follow-up questions about your code
- Incremental Caching — Fast re-analysis with content-hash cache
- Offline Mode — Full static analysis without sending code externally
- Pluggable AI Providers — OpenAI, Anthropic, Gemini, or local-only
Requirements
- VS Code
^1.85.0 or Cursor IDE (VS Code compatible)
- Node.js 18+
Installation
From Source (Development)
git clone <your-repo-url>
cd CodeViewer
npm install
npm run build
Press F5 in VS Code/Cursor to launch the Extension Development Host.
Package as VSIX
npm install -g @vscode/vsce
npm run package
Install the generated .vsix:
code --install-extension code-insight-ai-1.0.0.vsix
# or in Cursor:
cursor --install-extension code-insight-ai-1.0.0.vsix
Quick Start
- Open any TypeScript/JavaScript/React file
- Click the Code Insight icon in the Activity Bar
- Click Analyze (or run
Code Insight: Analyze Current File from Command Palette)
- Explore sections: Overview, Bugs, Security, Performance, Diagrams, etc.
- Ask questions in the chat panel at the bottom
Commands
| Command |
Description |
Code Insight: Analyze Current File |
Analyze the active editor file |
Code Insight: Analyze Project Context |
Re-index project and analyze with cross-file context |
Code Insight: Refresh Analysis |
Force refresh (bypass cache) |
Code Insight: Export as Markdown |
Export report to .md |
Code Insight: Export as HTML |
Export report to .html with Mermaid diagrams |
Code Insight: Export as JSON |
Export raw analysis JSON |
Code Insight: Export as PDF |
Export printable HTML (Print → Save as PDF) |
Code Insight: Pin Analysis |
Pin current analysis result |
Code Insight: Ask About Code |
Open AI chat |
Code Insight: Explain Selection |
Explain selected code in a new tab |
Code Insight: Clear Analysis Cache |
Clear cached results |
Configuration
| Setting |
Default |
Description |
codeInsight.aiProvider |
local |
AI provider: local, openai, anthropic, gemini |
codeInsight.openai.apiKey |
"" |
OpenAI API key |
codeInsight.openai.model |
gpt-4o-mini |
OpenAI model |
codeInsight.anthropic.apiKey |
"" |
Anthropic API key |
codeInsight.anthropic.model |
claude-3-5-haiku-latest |
Anthropic model |
codeInsight.gemini.apiKey |
"" |
Gemini API key |
codeInsight.gemini.model |
gemini-2.0-flash |
Gemini model |
codeInsight.enableProjectContext |
true |
Include project-wide context |
codeInsight.autoAnalyzeOnSave |
false |
Auto-analyze on file save |
codeInsight.excludePatterns |
["**/.env*", ...] |
Files excluded from AI transmission |
codeInsight.explanationLevel |
intermediate |
Default explanation level |
codeInsight.showTransmissionWarning |
true |
Warn before sending code to AI |
codeInsight.cacheTTLMinutes |
30 |
Cache TTL in minutes |
Privacy
- Local mode (
codeInsight.aiProvider: "local") performs all analysis on-device. No code is transmitted.
- External AI providers require explicit API key configuration.
- A confirmation dialog appears before code is sent externally (configurable).
- Sensitive file patterns (
.env, keys, credentials) are excluded by default.
Architecture
src/
├── extension.ts # Entry point, commands, lifecycle
├── providers/
│ └── AnalysisViewProvider # Sidebar webview host
├── services/
│ ├── analysis/
│ │ ├── AnalysisOrchestrator # Coordinates all analysis
│ │ ├── AstParser # TypeScript Compiler API parsing
│ │ ├── FrameworkDetector # Stack detection
│ │ ├── BugDetector # Static bug patterns
│ │ ├── SecurityScanner # Security pattern matching
│ │ ├── PerformanceAnalyzer # Performance heuristics
│ │ └── QualityScorer # Quality metrics & refactoring
│ ├── ai/
│ │ ├── AIProvider # Provider interface
│ │ ├── LocalAnalyzer # Offline analysis
│ │ └── ExternalProviders # OpenAI, Anthropic, Gemini
│ ├── indexing/
│ │ └── ProjectIndexer # Workspace indexing
│ ├── diagrams/
│ │ └── MermaidGenerator # Diagram + call graph generation
│ ├── export/
│ │ └── ReportExporter # MD/HTML/JSON export
│ └── cache/
│ └── AnalysisCache # Content-hash caching
├── types/ # Shared TypeScript types
└── utils/ # Config, logging
webview-ui/ # Sidebar UI (bundled to dist/)
Design Principles
- Separation of concerns — Parsing, analysis, AI, rendering, and export are independent modules
- Offline-first — Static analysis works without any API key
- Incremental — Cache invalidates per-file on edit; project index refreshes every 60s
- Non-blocking — Analysis runs in progress notification; UI updates via webview messages
- Extensible — Add new AI providers by implementing
AIProvider interface
Development
# Install dependencies
npm install
# Build extension + webview
npm run build
# Watch mode
npm run watch
# Type check
npm run compile
# Run smoke tests (after build)
npm test
Project Structure for Publishing
The .vscodeignore file ensures only dist/ and media/ are packaged. Source files are excluded from the VSIX.
- Static analysis completes in < 2 seconds for typical files (< 1000 lines)
- Cached results return instantly
- Project indexing capped at 500 files
- AI enhancement is async and non-blocking
Cursor IDE Compatibility
This extension uses the standard VS Code Extension API and is fully compatible with Cursor IDE. No Cursor-specific APIs are required.
Roadmap (Stretch Goals)
- [ ] Live code health score in status bar
- [ ] Duplicate code detection across project
- [ ] Circular dependency visualization
- [ ] Complexity heat maps
- [ ] Git diff / PR review mode
- [ ] AI-powered fix suggestions applied directly in editor
License
MIT
Contributing
- Fork the repository
- Create a feature branch
- Run
npm run compile and npm test
- Submit a pull request
Built with TypeScript, VS Code Extension API, TypeScript Compiler API, and Mermaid.
CodeInsights
| |
