🔐 Code Guardian
Code Guardian is a Visual Studio Code extension that integrates AI-powered security analysis into your coding workflow. It uses Ollama to analyze JavaScript and TypeScript code for potential security vulnerabilities, bad practices, and insecure coding patterns.
✨ Features
🔍 Real-time Analysis
Automatically analyzes the function under your cursor as you type, highlighting potential security issues.
📄 Full File Analysis
Scan your entire file for security vulnerabilities with a single command.
🤖 AI-Powered Analysis
Select code or a line and get an AI-generated security analysis with detailed explanations.
💬 Interactive Follow-up Q&A
Ask follow-up questions inside a custom webview for deeper insights about detected issues.
🛠️ Quick Fixes
Apply AI-suggested secure code fixes directly from the editor.
🧠 Powered by Ollama LLM
Uses local models via Ollama (e.g., gemma3:1b) for fast, private code analysis.
📝 Markdown-formatted Responses
Clear, beautifully formatted AI responses with syntax highlighting and tips.
📸 Demo
🚀 Getting Started
1. Prerequisites
2. Install Dependencies
npm install
3. Compile and Launch the Extension
npm run watch
Then press F5 in VS Code to start a new Extension Development Host.
🧪 Usage
Real-time Analysis
- Open a JavaScript or TypeScript file in VS Code.
- Place your cursor inside a function.
- The extension will automatically analyze the function and highlight potential security issues.
Full File Analysis
- Open a JavaScript or TypeScript file in VS Code.
- Open Command Palette (
Ctrl+Shift+P) → Run 🔍 Analyze Full File for Security Issues.
- View the diagnostics in the Problems panel and hover over highlighted issues for details.
AI Analysis of Selected Code
- Open any file in VS Code.
- Select a block of code or just place the cursor on a line.
- Open Command Palette (
Ctrl+Shift+P) → Run Analyze with AI Security CO-Pilot.
- View the analysis in the webview panel.
- Ask follow-up questions directly in the UI for deeper insights.
Applying Quick Fixes
- Hover over a highlighted security issue.
- Click the lightbulb icon (💡) or press
Ctrl+..
- Select
💡 Apply Secure Fix to apply the AI-suggested fix.
🛠️ Project Structure
src/
├── extension.ts # Entry point for the VS Code extension
├── analyzer.ts # Core logic for AI chat and streaming
├── diagnostic.ts # Handles diagnostics reporting in the editor
├── actions.ts # Provides quick fixes for security issues
├── functionExtractor.ts # Extracts functions for real-time analysis
└── webview.ts # HTML generation for the UI
media/
├── app.js # Client-side JavaScript for the webview
├── marked.min.js # Markdown parser for formatting responses
└── style.css # Styling for the webview
🧠 Models & AI
- Default model:
gemma3:1b (can be configured to use other Ollama-compatible LLMs)
- Conversation context is retained for better follow-up answers
- The extension uses two AI analysis approaches:
- Structured JSON output for editor diagnostics
- Markdown-formatted responses for the interactive webview
⚙️ Configuration
You can modify the model and other Ollama settings in src/analyzer.ts:
const stream = await ollama.chat({
model: 'gemma3:1b',
messages: conversationHistory,
stream: true
});
📦 Packaging Extension
npm install -g @vscode/vsce
npm run package
vsce package
📄 License
MIT License © 2025 Md Hafizur Rahman
🙌 Acknowledgements
💡 Future Ideas
- Support for additional programming languages
- Model selection dropdown in the UI
- Security issue severity scoring and filtering
- Integration with static code analysis tools (e.g., ESLint, Semgrep)
- Multi-file analysis for detecting cross-file vulnerabilities
- Custom security rules and policies
- Offline mode with cached analysis patterns
⚠️ This tool is meant for developer assistance. Always validate results manually or with expert review in production workflows.
