Kirin for GitHub Copilot
Real-time security monitoring for GitHub Copilot configurations and AI-generated code.
Features
- Real-time Monitoring - Continuously monitors your Copilot settings and config files
- AI Code Monitoring - Security monitoring for AI-generated code via chat participant
- Security Scanning - Detects suspicious configurations and potential security vulnerabilities
- Auto-blocking - Automatically quarantines suspicious configurations to protect your environment
- Dashboard - View security status and scan results at a glance
Getting Started
- Install the Kirin extension from the VS Code marketplace
- Sign up (or log in) to Kirin's website, go to Get Started → API Key Management to generate your API Key.
- Run the command
Kirin: Set API Key to configure your API key
- The extension will automatically start monitoring your environment
Commands
Kirin: Welcome - Show the welcome screenKirin: Scan Now - Trigger a manual security scanKirin: Show Dashboard - Open the security dashboardKirin: Set API Key - Configure your API keyKirin: Clear API Key - Remove your API keyKirin: View Quarantine - View quarantined configurations
Configuration
| Setting |
Description |
Default |
kirin.serverUrl |
Security scanning server URL |
https://api.getkirin.com/ |
kirin.enableRealTimeMonitoring |
Enable real-time monitoring of Copilot settings and config files |
true |
kirin.enableChatParticipant |
Enable chat participant for monitoring AI-generated code |
true |
kirin.autoBlock |
Automatically quarantine suspicious configurations |
true |
Chat Participant
This extension includes a chat participant @kirin that provides security monitoring for AI-generated code within GitHub Copilot Chat.
Limitations
What Kirin can detect and prevent in this extension is limited by the hook types that GitHub Copilot exposes in VS Code. Copilot’s hook API supports session, prompt, and tool-use lifecycle events (e.g. userPromptSubmitted, preToolUse, postToolUse); it does not provide file-level hooks such as “before read file” or “before file edit.” As a result, Kirin cannot intercept or block access to specific files (e.g. before sensitive content is read) in the Copilot extension. Detection and prevention are limited to the content and events available through the supported hooks (prompts, tool inputs/outputs, and related context). Other Kirin offerings (e.g. for Cursor) may support additional hook types and thus broader detection and prevention.
Support
For support, please contact support@knostic.ai
Legal
Terms of Service: https://www.knostic.ai/terms-of-service
Privacy Policy: https://www.knostic.ai/privacy-policy
By using this extension, you agree to be bound by the Knostic Terms of Service.
Copyright © 2024-2025 Knostic Inc. All Rights Reserved.
