Guardrail for Visual Studio Code

Guardrail

Four guardrails in your editor: Reality, Security, Compliance, and AI safety.

VS Marketplace · Website · Documentation · Source

Why Guardrail?

AI-assisted development moves fast. That speed often hides:

Mock or placeholder data that looks “real” but is not wired to production paths
Hallucinated imports, dead branches, and “success” UI that does nothing
Secrets and unsafe patterns that belong in env vars or design review, not in main

Guardrail brings continuous, local-first signals into the editor: diagnostics, CodeLens, hovers, a production readiness score in the status bar, and a Guardrail activity-bar view organized around the four guardrails below.

The four guardrails

Guardrail	What it covers	Typical actions
Reality	Ship-ready truth: mocks, wiring, fake success paths, workspace scan score	Scan workspace, Ship check, Check current file
Security	Secrets, vulnerable dependencies, exploitable patterns	Security scanner, Secrets scan, Vulnerability scan
Compliance	Framework posture, audit-style signals, CI gates	Compliance dashboard, Gate (JSON), Vibe check
AI safety	Model output verification, prompt risk, hallucination-style issues	Verify clipboard/selection, AI firewall, Prompt firewall

Specialized enterprise panels (performance, change impact, team, etc.) sit behind the same mental model — more depth on Security, Compliance, and cross-cutting analysis where your plan allows.

Install

From the Marketplace

Search for Guardrail (Guardrail-AI.guardrail) in the Extensions view, or use:

ext install Guardrail-AI.guardrail

From a `.vsix` (local or CI artifact)

Build or download guardrail-<version>.vsix (see Packaging).
In VS Code: Extensions → ⋯ → Install from VSIX… and select the file.
Reload the window if prompted.

Requirements: VS Code 1.85.0 or newer. Full CLI-backed commands assume the Guardrail CLI is installed and on your PATH (see CLI integration).

Quick start

Open a workspace (JavaScript, TypeScript, Python, Go, Rust, Java, or C#).
Run Guardrail: Scan Workspace (default shortcut Ctrl+Shift+G / Cmd+Shift+G).
Watch the status bar score and open View → Open View… → Guardrail for the sidebar hub.
Use the Problems panel for issues; use the lightbulb Quick Fix where available.
Optional: run the Get Started with guardrail walkthrough from the Welcome page.

What you get in the editor

Capability	What it does
Four-guardrail sidebar	Activity-bar view leads with Reality, Security, Compliance, and AI safety — each with shortcuts to the right command.
Score badge	Live workspace health score in the status bar (thresholds aligned with Guardrail ship logic).
Diagnostics	Issues surfaced in the Problems view with stable rule ids (e.g. `CG00x` severities configurable in settings).
CodeLens & hovers	Extra context above symbols and on hover for risky or misleading patterns.
AI verification	Verify selected code or clipboard output before you trust it.
Dashboard	Full-width readiness view; specialized panels open from the sidebar.
Quick fixes	Actions such as explaining a finding, moving secrets toward `.env`, or contract diff where applicable.

Enterprise-oriented commands (performance, change impact, AI explainer, team collaboration, production integrity, MDC generator, etc.) are registered under the guardrail Enterprise category and follow your account tier.

Commands

Open the Command Palette (Ctrl+Shift+P / Cmd+Shift+P) and type guardrail:.

Core

Command	Description
Scan Workspace	Full workspace scan.
Show Dashboard	In-editor dashboard / readiness view.
Show All Findings	Focus findings across the workspace.
Check Current File	Reality-style pass on the active file.
Toggle Inline Hints	Show or hide inline decorations.
Apply Quick Fix	Apply the selected quick fix.
Explain Finding	Deeper explanation for a finding.
Move Secret to .env	Assist relocating hardcoded secrets.
Show API Contract Diff (open file)	Contract diff workflow for the open file.

AI safety

Command	Description
Verify AI Output from Clipboard	Validate clipboard content (when not focused in editor).
Verify Selected Code	Validate the current selection (when editor has selection).

Scans & checks

Command	Description
Run Ship Check	Ship / readiness-style check via CLI integration.
Run Reality Mode	Reality mode pass.
Scan for Secrets	Secret detection scan.
Scan Vulnerabilities	Vulnerability-oriented scan.
Analyze Code Smells	Smell / quality analysis.
Run Auto-Fix	Auto-fix flow when supported.

CLI helpers

Command	Description
Run CLI Doctor (environment check)	Environment diagnostics.
Run CLI Whoami (account / plan)	Account / plan info.
Run CLI Gate (CI-style --json)	CI-style gate with JSON-oriented output.
Sync Login to Guardrail CLI	Sync VS Code auth state to CLI credential storage.

Web & hub

Command	Description
Open Web App (browser)	Open the Guardrail web app (see `guardrail.webAppUrl` and local preference below).
Open MDC Generator	Enterprise — MDC / rules documentation helper.
Open Compliance Dashboard	Enterprise — compliance-oriented view.
Open Security Scanner	Enterprise — security scanner panel.
Open Performance Monitor	Enterprise — performance panel.
Open Change Impact Analyzer	Enterprise — change impact analysis.
Open AI Code Explainer	Enterprise — AI explainer panel.
Open Team Collaboration	Enterprise — collaboration panel.
Open Production Integrity	Enterprise — production integrity panel.

Keyboard shortcuts

Default keybindings (changeable in Keyboard Shortcuts):

Shortcut	Command
Ctrl+Shift+G / Cmd+Shift+G	Scan Workspace
Ctrl+Shift+V / Cmd+Shift+V	Verify AI Output from Clipboard (when editor not focused)
Ctrl+Shift+V / Cmd+Shift+V	Verify Selected Code (when editor focused and text selected)
Ctrl+Shift+C / Cmd+Shift+C	Check Current File (when editor focused)

Settings

All settings are under the guardrail section in VS Code settings.

Setting	Default	Purpose
`guardrail.enabled`	`true`	Master switch for analysis.
`guardrail.analyzeOnSave`	`true`	Re-run analysis on save.
`guardrail.analyzeOnType`	`false`	Analyze as you type (can affect performance).
`guardrail.showInlineHints`	`true`	Inline decorations for issues.
`guardrail.severity`	per-rule map	Severity per rule id (`error`, `warning`, `hint`, `off`).
`guardrail.ignorePaths`	globs	Additional ignore globs (e.g. `node_modules`, `dist`, tests).
`guardrail.apiEndpoint`	`https://api.guardrailai.dev`	API base URL for cloud / team features.
`guardrail.uploadRunsToCloud`	`false`	After Ship Check, upload results to the API when configured.
`guardrail.openaiApiKey`	`""`	OpenAI key for AI intent verification (optional).
`guardrail.webAppUrl`	`https://guardrailai.dev`	Base URL for Open Web App and dashboard links.
`guardrail.openLocalWebAppFirst`	`false`	Prefer `http://localhost:3000` when it responds (local dev).
`guardrail.syncCredentialsToCli`	`true`	After sign-in/out, sync credentials for the Guardrail CLI.

CLI integration

Many flows delegate to the Guardrail CLI (guardrail on your PATH). If a command reports that the CLI is missing, install it from the documentation or your team’s internal registry, then run Run CLI Doctor to validate the environment.

Use Sync Login to Guardrail CLI so your editor session and terminal tooling stay aligned (see guardrail.syncCredentialsToCli).

Privacy & data

Summary:

Core analysis is designed to run locally.
No telemetry without opt-in; cloud features require explicit configuration (API keys, endpoints, upload flags).

Details: see PRIVACY.md in this folder.

Packaging a VSIX

From the monorepo root (recommended, uses workspace dependencies):

pnpm --filter guardrail run package

Or from vscode-extension/:

npm run build:prod
npx @vscode/vsce package --no-dependencies

The --no-dependencies flag avoids a brittle npm ls check when this package lives inside a large pnpm workspace. The output artifact is:

vscode-extension/guardrail-<version>.vsix

Publishing to the Marketplace uses vsce publish with your publisher token; see DEPLOY.md for a full checklist.

Troubleshooting

Symptom	What to try
Commands no-op or mention CLI	Install Guardrail CLI, verify `PATH`, run Run CLI Doctor.
Enterprise panels unavailable	Confirm account tier; enterprise commands are gated by product entitlements.
Wrong dashboard URL	Adjust `guardrail.webAppUrl` or enable `guardrail.openLocalWebAppFirst` for local dev.
Package command fails in monorepo	Use `vsce package --no-dependencies` or the `pnpm --filter guardrail run package` script.

Contributing & support

Issues & source: github.com/guardiavault-oss/guardrail-Ofiicial (this extension lives under vscode-extension/).
Changelog: CHANGELOG.md
License: LICENSE (MIT)
Publish checklist: PUBLISH_READINESS_AUDIT.md — run npm test and npm run package before vsce publish.

Built for teams that ship AI-assisted code with confidence.

Guardrail — AI code verification