Cubyts Code Analysis for IDE
Overview
Cubyts Code Analysis for IDE is a powerful code review tool that enforces your organization's coding and security standards directly within your IDE. The extension provides real-time code analysis using enterprise rules defined in the Cubyts platform and Abstract Syntax Trees (ASTs) tailored to your programming languages and connected repositories.
Key Benefits
- Real-time analysis: Automatically analyzes code (including AI-generated code) upon commit (push) or triggered from the development platform
- Enterprise integration: Seamlessly connects with your Cubyts account for unified code quality
- Contextual explanations: Detailed explanations help you understand the "why" behind each recommendation
- Production-ready code: Ensures consistent quality standards across projects
- Personal development: Acts as your code correction assistant to improve coding skills
Supported Languages
C#, VB.NET, JavaScript, TypeScript, HTML, CSS, Ruby, Golang, and Python
Getting Started
- Download Cubyts Code Analysis for IDE from the VS Code Extension Marketplace
- Connect to your Cubyts account for enterprise rule integration
- Start coding with automatic analysis and recommendations
Features
The extension provides four main code analysis workflows:
1. Post-commit Recommendations (Automatic)
Automatic analysis that runs after code commits, providing recommendations based on your organization's standards.
2. Pre-commit Recommendations (User triggered, on-demand)
Manual trigger of code review on changes in a file and/or the active branch, providing recommendations based on your organization's standards.
3. User Triggered Review (User triggered, on-demand)
Manual code review that you can trigger for specific functions, methods, or code blocks.
4. Managing Cubyts Rules
Ability to configure standard flags and define custom flags. These flags will be used for performing the code analysis across the platform.
Pre-commit and Post-commit Recommendations
Viewing Recommendations
After committing code, Cubyts automatically analyzes your changes and displays recommendations in the "Cubyts Recommendations" panel at the bottom of VS Code.
To access the recommendations panel:
- If visible: Check the bottom panel for "Cubyts Recommendations"
- If not visible: Go to View → Open View... and search for "Cubyts Recommendations"
- Alternative: Switch to the "Cubyts Code Analysis" extension tab
To view the recommendations:
- The "Cubyts Recommendations" view shows the list of all recommendations for the active editor.
- Pre-commit recommendations will be tagged as [LOCAL]
- Post-commit recommendations will be tagged as [REMOTE]
Managing Recommendations
Select any recommendation to highlight the relevant code section. Right-click on a recommendation to access these options:
Apply Recommendation
- Purpose: Implement the suggested code improvement
- Process: Preview the changes before accepting
- Control: Full review of proposed modifications
Dismiss Recommendation
- Purpose: Remove the recommendation permanently
- Behavior: Once dismissed, the recommendation won't appear again
- Use case: When you disagree with the suggestion or have alternative solutions
Previewing Code Changes
When you choose "Apply Recommendation":
- Refactor Preview Opens: Review proposed changes before implementation
- Select Changes: Use checkboxes to choose which modifications to apply
- Diff View: Click items to see detailed before/after comparison
- Decision Point:
- Apply: Implement the changes (remember to save and commit when ready)
- Discard: Cancel the operation and close the preview
Important: After applying changes, you must manually save the file and commit when your code is ready for publication.
Pre-commit Recommendations
Initiating a Review
Method 1: Current File Change Review
- Open any supported source code file
- Position your cursor within a function or method
- Right-click (or double-tap on touch devices) to open the context menu
- Select "Cubyts Code Review → All changes in File"
Method 2: Active Branch Change Review
- Open any supported source code file
- Position your cursor within a function or method
- Right-click (or double-tap on touch devices) to open the context menu
- Select "Cubyts Code Review → All changes in Branch"
Scope Limitation: Reviews analyze only the changes in the code of the file/branch specified, ensuring focused and specific recommendations to the changes performed.
Review Results
A notification will be received once the review is completed; once the recommendations are refreshed, you will see them in the "Cubyts Recommendations" panel alongside the "Post-commit Recommendations".
User Triggered Review
Initiating a Review
Method 1: Function/Method Review
- Open any supported source code file
- Position your cursor within a function or method
- Right-click (or double-tap on touch devices) to open the context menu
- Select "Cubyts Code Review → Code block"
- Choose from the quick pick menu based on available functions/methods
Method 2: Custom Code Block Review
- Select the specific code block you want to review
- Select "Cubyts Code Review → Code block"
- Review starts immediately (no quick pick menu required)
Scope Limitation: Reviews analyze only the exact lines of code specified, ensuring focused and relevant recommendations.
Selecting Review Scope
When you haven't pre-selected code, the quick pick menu appears with options based on your cursor position:
- Automatic Detection: Menu options are generated by analyzing cursor position and identifying code blocks
- Selection Process: Choose the relevant function or method to review
- Processing Time: Reviews typically complete within 15 seconds, depending on code complexity
Understanding Review Results
Review results appear in a dedicated panel alongside your source code with these features:
Organization
- Severity-based grouping: Issues categorized by importance level
- Expandable sections: Click recommendations to view detailed information
- Source highlighting: Problematic code lines highlighted in the editor
Interactive Features
- Detailed explanations: Understand the nature of each problem
- Code context: See the specific lines causing issues
- Actionable recommendations: Clear guidance for resolution
Applying or Dismissing Recommendations
When you expand a recommendation section, you'll see:
- Problem description: Clear explanation of the issue
- Affected code lines: Specific lines causing the problem
- Recommended solution: Detailed fix suggestions
- Git-style diff: Visual representation of proposed changes
- Green lines (+): Code to be added
- Red lines (-): Code to be removed
Available Actions
- Apply Fix: Implement the suggested changes
- Dismiss: Remove the recommendation from the list
Note: Both actions remove the recommendation from the current list and display remaining suggestions.
Managing Cubyts Rules
Cubyts Rules allow you to configure standard flags and define custom flags for code analysis across the platform. You can create rules files using templates and manage flags directly within VS Code.
Creating a New Rules File
- Open Command Palette (
Ctrl+Shift+P / Cmd+Shift+P)
- Type "Cubyts: Create Rules File"
- Select a template based on your needs:
- Minimal - Basic setup with essential flags for quick start
- Standard - Recommended configuration for most projects
- Advanced - Comprehensive rules with all available options
- The file is created in your workspace root as
.cubyts-rules.yaml
Adding Standard Flags
Standard flags are pre-configured rules for common code quality, security, performance, and best practice checks.
NOTE You can change the audit_relevant value to suit your needs.
Method 1: IntelliSense (Quick Pick)
- Open your rules file (
.cubyts-rules.yaml)
- Position cursor where you want to add the flag
- Press
Ctrl+Space (Windows/Linux) or Cmd+Space (Mac)
- Select the desired flag from the suggestion list
- The flag is inserted with default configuration
- Open your rules file
- Right-click at the desired location
- Select "Add Standard Flag"
- Choose the flag from the quick pick menu
- The flag is inserted at cursor position
Method 3: Command Palette
- Open your rules file
- Open Command Palette (
Ctrl+Shift+P / Cmd+Shift+P)
- Type "Cubyts: Add Standard Flag"
- Select the flag from the list
- The flag is inserted with default configuration
Available Standard Flags
- Code Quality: Complexity analysis, duplication detection, style enforcement
- Security: Vulnerability scanning, secrets detection, dependency checks
- Performance: Optimization opportunities, memory usage, efficiency analysis
- Best Practices: Design patterns, naming conventions, documentation standards
Adding Custom Flags
Custom flags allow you to define organization-specific or project-specific rules tailored to your coding standards.
Creating a Custom Flag
- Open your rules file (
.cubyts-rules.yaml)
- Open Command Palette (
Ctrl+Shift+P / Cmd+Shift+P)
- Type "Cubyts: Add Custom Flag"
- Enter the flag title when prompted:
- Example: "Company Naming Convention" or "API Response Validation"
- Requirement: Must be unique within the rules file
- The custom flag template is inserted at cursor position
Custom Flag Structure
After insertion, customize the following properties:
- title: "Your Custom Flag Title"
description: "Detailed explanation of what this flag checks"
category: "security | quality | maintenance | performance | architecture | testing | documentation | compliance"
severity: "critical | high | warning | suggestion | info"
audit_relevant: true | false
checks:
- check_name_1: "First validation rule"
- check_name_2: "Second validation rule"
# Add more checks as needed
Property Definitions:
- title: Unique identifier for your flag (required)
- description: Clear explanation of the rule's purpose (required)
- category: Classification of the rule type (required)
- severity: Impact level of violations (required)
- audit_relevant: Whether this flag is tracked for compliance audits (optional)
- checks: Specific validation rules to be enforced (required)
IntelliSense and Validation
The extension provides intelligent code assistance and real-time validation while editing rules files.
IntelliSense Features
Auto-completion
- Automatically suggests valid values as you type
- Provides context-aware completions for properties
- Shows available flag options and categories
- Manual trigger:
Ctrl+Space (Windows/Linux) or Cmd+Space (Mac)
Hover Documentation
- Hover over any property to see detailed descriptions
- View valid values and usage examples
- Understand property constraints and requirements
Real-time Validation
The extension performs continuous validation and highlights errors:
Validated Elements:
- ✓ Cubyts Rules syntax and structure
- ✓ Invalid or unknown flag names
- ✓ Incorrect severity levels
- ✓ Malformed regex patterns
- ✓ Duplicate flag definitions
- ✓ Required property omissions
Error Display:
- In-editor: Red squiggly underlines beneath problematic code
- Problems Panel: View all issues via
Ctrl+Shift+M / Cmd+Shift+M
- Quick Fixes: Automatic correction suggestions for common errors
Accessing Quick Fixes
When validation errors appear:
- Position cursor on the underlined error
- Click the lightbulb icon or press
Ctrl+. / Cmd+.
- Select the appropriate quick fix from the menu
- The correction is applied automatically
Rules File Structure Example
version: "1.0"
# Standard flags
flags:
- name: code-complexity
severity: warning
enabled: true
- name: security-vulnerabilities
severity: critical
enabled: true
# Custom flags
custom_flags:
- title: "API Response Validation"
description: "Ensures all API responses include proper error handling, consistent structure, and appropriate HTTP status codes"
category: "quality"
severity: "high"
audit_relevant: true
checks:
- error_handling: "All API endpoints must handle errors with try-catch blocks"
- response_structure: "Responses must follow standardized JSON schema with data, error, and metadata fields"
- status_codes: "HTTP status codes must be appropriate (2xx success, 4xx client errors, 5xx server errors)"
- error_messages: "Error responses must include descriptive messages without exposing sensitive information"
- null_checks: "All response fields must be validated for null or undefined values"
- timeout_handling: "API calls must implement timeout handling and graceful degradation"
- data_validation: "Response data must be validated against expected types and formats"
- logging: "All API responses and errors must be logged for debugging and audit purposes"
- response_codes: "Success responses must return 200/201, errors must return appropriate 4xx/5xx codes"
- content_type: "Response Content-Type header must be set correctly (application/json)"
Best Practices
For Post-commit Recommendations
- Review regularly: Check recommendations after each commit (push)
- Understand before applying: Read explanations to learn from suggestions
- Selective application: Apply recommendations that align with your code goals
- Team consistency: Coordinate with team members on dismissed recommendations
For User Triggered Reviews
- Strategic timing: Use before committing critical code sections
- Focus areas: Target complex algorithms or security-sensitive code
- Learning opportunity: Use detailed explanations to improve coding skills
- Iterative improvement: Re-run reviews after applying fixes
For Managing Rules
Standard Flags
- Start with templates: Use the Standard template and customize as needed
- Enable incrementally: Add a few flags at a time to avoid overwhelming results
- Team alignment: Coordinate with team members on enabled flags
- Version control: Commit
.cubyts-rules.yaml to your repository for consistency
Custom Flags
- Clear descriptions: Write detailed explanations for team understanding
- Appropriate severity: Match severity to actual impact on code quality
- Document checks: Clearly define what each check validates
- Use comments: Add YAML comments to explain complex custom rules
# Custom rule for legacy code modules - relaxed complexity threshold
- title: "Legacy Module Complexity"
description: "Higher complexity allowed for legacy modules under refactoring"
category: "maintenance"
severity: "suggestion"
audit_relevant: false
checks:
- max_complexity: "Complexity threshold set to 20"
General Guidelines
- Test locally first: Validate rules on a small codebase before broad deployment
- Regular reviews: Periodically assess and update rules as standards evolve
- Balance strictness: Ensure rules promote quality without hindering productivity
Troubleshooting
Common Issues
Post-commit Recommendations
- No recommendations appearing: Verify Cubyts account connection and repository setup
- Outdated recommendations: Ensure latest version of extension is installed
User Triggered Reviews
- Quick pick menu not showing: Ensure cursor is positioned within a function or method
- Review timeout: Large code blocks may require additional processing time
- No results: Verify internet connection and Cubyts platform connectivity
Rules File Issues
Standard Flag Issues
- Flags not appearing in suggestions: Update to latest extension version
- Applied flag shows errors: Review flag documentation for required properties
Custom Flag Issues
- Duplicate title error: Ensure custom flag titles are unique within the file
- Category/severity not recognized: Use only predefined values from the specification
Getting Help
- Check the Cubyts documentation
- Contact support for enterprise account issues
- Report extension bugs through VS Code marketplace
Privacy and Security
- Enterprise integration: All analysis respects your organization's security policies
- Code privacy: Analysis follows your Cubyts platform configuration
- Secure transmission: All communications use secure protocols
Summary
Cubyts Code Analysis for IDE transforms your development workflow by providing:
- Automated quality assurance through post-commit analysis
- On-demand code review for focused improvements
- Educational insights to enhance coding skills
- Enterprise compliance with organizational standards
Start improving your code quality today with intelligent, contextual recommendations tailored to your development needs.
