Kirin for GitHub Copilot
Real-time security monitoring for GitHub Copilot configurations and AI-generated code.
Features
- Real-time Monitoring - Continuously monitors your Copilot settings and config files
- AI Code Monitoring - Security monitoring for AI-generated code via chat participant
- Security Scanning - Detects suspicious configurations and potential security vulnerabilities
- Auto-blocking - Automatically quarantines suspicious configurations to protect your environment
- Dashboard - View security status, scan results, and alerts in the Kirin web app
Getting Started
- Install the Kirin extension from the VS Code marketplace
- Sign up (or log in) to Kirin's website, go to Get Started → API Key Management to generate your API Key.
- Run the command
Kirin: Set API Key to configure your API key
- The extension will automatically start monitoring your environment
Commands
Kirin: Welcome - Show the welcome screenKirin: Scan Now - Trigger a manual security scanKirin: Show Dashboard - Open the Kirin web dashboard (alerts page)Kirin: Set API Key - Configure your API keyKirin: Clear API Key - Remove your API keyKirin: View Quarantine - View quarantined configurations
Configuration
| Setting |
Description |
Default |
kirin.serverUrl |
Security scanning server URL |
https://api.getkirin.com/ |
Chat Participant
This extension includes a chat participant @kirin that provides security monitoring for AI-generated code within GitHub Copilot Chat.
Limitations
What Kirin can detect and prevent in this extension is limited by the hook types that GitHub Copilot exposes in VS Code. Copilot's hook API supports session, prompt, and tool-use lifecycle events (e.g. UserPromptSubmit, PreToolUse, PostToolUse); it does not provide file-level hooks such as "before read file" or "before file edit." As a result, Kirin cannot intercept or block access to specific files (e.g. before sensitive content is read) in the Copilot extension. Detection and prevention are limited to the content and events available through the supported hooks (prompts, tool inputs/outputs, and related context). Other Kirin offerings (e.g. for Cursor) may support additional hook types and thus broader detection and prevention.
Support
For support, please contact support@knostic.ai
Legal
Terms of Service: https://www.knostic.ai/terms-of-service
Privacy Policy: https://www.knostic.ai/privacy-policy
By using this extension, you agree to be bound by the Knostic Terms of Service.
Copyright © 2024-2025 Knostic Inc. All Rights Reserved.
