Gauntlet - Secure Code Assistant
Your AI-powered secure code assistant with adversarial verification. Chat about security concepts or generate verified code directly in VS Code.
✨ Features
- 💬 Chat Mode: Ask questions about security best practices, vulnerabilities, and secure coding
- ⚡ Generate Mode: Create secure, verified code using adversarial testing
- 🛡️ Adversarial Verification: Code is tested against security attacks before delivery
- 🎯 Abort Requests: Cancel long-running requests anytime
- 📊 Security Reports: Detailed analysis with confidence scores
- ☁️ Cloud-Hosted: No local setup required - backend runs on Azure
🚀 Quick Start
- Install the extension from the VS Code Marketplace
- Click the 🛡️ shield icon in the status bar
- Choose your mode:
- Chat: Ask security questions, get guidance
- Generate: Create verified secure code
- Start coding securely!
By default, Gauntlet uses the hosted backend with shared API keys. For better performance and higher rate limits, add your own:
- Open VS Code Settings (
Ctrl+, or Cmd+,)
- Search for "Secure LLM"
- Choose your AI provider (OpenRouter, OpenAI, Claude, or Gemini)
- Enter your API key
💬 Chat Mode
Ask anything about secure coding:
- "What are common SQL injection vulnerabilities?"
- "How do I securely handle user passwords?"
- "Explain CSRF attacks and prevention"
- "Best practices for API authentication"
⚡ Generate Mode
Request secure code implementations:
- "Create a secure password validation function"
- "Write a function to sanitize user input"
- "Generate a secure file upload handler"
- "Build an SQL query sanitizer"
🔒 How Adversarial Verification Works
When you generate code, Gauntlet runs it through multiple security layers:
- Blue Agent: Generates code using advanced LLMs
- Static Analysis: Scans for security issues (Bandit, Semgrep, Pylint)
- Red Agent: Creates adversarial test cases and exploits
- Dynamic Testing: Executes code in sandboxed environment
- Adjudicator: Makes final security verdict (PASS/WARN/FAIL)
📊 What You Get
For each code generation:
- ✅ Verified Code: Secure implementation ready to use
- 📄 Security Report: Detailed analysis with:
- Verification status (PASS/WARN/FAIL)
- Confidence score (0-100%)
- Security violations found
- Evidence and recommendations
⚙️ Configuration
| Setting |
Default |
Description |
secureLlm.serverUrl |
Azure hosted |
Backend server URL |
secureLlm.timeout |
120000 |
Request timeout (ms) |
secureLlm.aiProvider |
openrouter |
AI provider to use |
secureLlm.openrouterApiKey |
"" |
Your OpenRouter API key (optional) |
secureLlm.openaiApiKey |
"" |
Your OpenAI API key (optional) |
secureLlm.claudeApiKey |
"" |
Your Claude API key (optional) |
secureLlm.geminiApiKey |
"" |
Your Gemini API key (optional) |
🎨 Modern Design
- Clean, neutral interface that adapts to your VS Code theme
- Animated loading states to keep you engaged
- Abort button for long-running requests
- Centered, modern typography
🛠️ Troubleshooting
"Request timeout"
- Click the Abort button to cancel
- Try a simpler prompt
- Or increase timeout in settings
Slow responses
- Add your own API key for better performance
- The shared backend may have rate limits
Connection issues
- Check your internet connection
- The Azure backend should be accessible at all times
- Report issues on GitHub if problems persist
📚 Documentation
🆕 What's New in v0.0.5
- ✅ Abort request feature - cancel anytime
- ✅ Animated loading messages
- ✅ Modern neutral design
- ✅ Cleaner, centered UI
- ✅ Better typography and spacing
🤝 Contributing
Contributions welcome! Visit the main repository for details.
📄 License
MIT License - see LICENSE for details.
🔗 Links
Gauntlet - Generate secure code with confidence. Powered by adversarial AI testing.
| |
