Kodap - Enterprise Cloud & Code Intelligence for VS Code

Bring enterprise-grade compliance, security, and DevOps automation into VS Code. Kodap uses AI to analyze your cloud infrastructure (Azure, AWS, GCP), code repositories, and provide real-time remediation guidance. Chat naturally with your infrastructure, enforce compliance policies, and automate security fixes.

Key Capabilities

• Intelligent Chat Interface – Ask Kodap anything about your code, infrastructure, or compliance requirements. Natural conversation for complex DevOps queries.
• Real-Time Compliance Scanning – Automatically scan Azure, AWS, GCP, and Kubernetes for compliance violations, security misconfigurations, and policy drift.
• Multi-Cloud Policy Enforcement – Define and enforce policies across Azure Policy, AWS Config, GCP Org Policy, and custom compliance frameworks.
• AI-Powered Code Analysis – Analyze code for security vulnerabilities, performance issues, best practices, and generate refactoring suggestions.
• Automated Test Generation – Generate comprehensive unit tests with explanations for any code you're working on.
• Consensus-Based Remediation – Leverages multiple AI models to reach consensus on security fixes and architectural improvements, showing rationale for each suggestion.
• Infrastructure as Code (IaC) Support – Analyze and improve Terraform, Bicep, CloudFormation, Helm, and Kubernetes manifests.
• Real-Time Compliance Dashboard – Monitor compliance posture, track remediation progress, and generate audit reports directly from VS Code.
• Policy Versioning & Branch Awareness – Maintain policy consistency across development, staging, and production branches with intelligent policy mapping.
• Automated Remediation – Let Kodap suggest and optionally auto-apply fixes with audit trails for compliance tracking.

Enterprise-Ready: Kodap is designed for teams that manage complex multi-cloud environments. It integrates with your existing tools (Jira, Confluence, GitHub, Azure DevOps) and respects your organization's approval workflows.

Installation & Setup

Step 1: Install the Extension

1. Open VS Code
2. Go to Extensions (Cmd+Shift+X)
3. Search for "Kodap"
4. Click Install

Step 2: Start Using It

1. Look for the Kodap icon in the left sidebar (or click the Kodap activity bar icon)
2. Click "Chat with Kodap"
3. Start typing questions about your code

That's it. No complicated setup needed.

How to Use

Example 1: Find Security Issues

You: "Find security issues in this code"
[Select code in your editor]
Kodap: "I found 3 potential issues... [shows analysis and fixes]"
You: Click "Apply This Code" to insert the fix

Example 2: Understand Your Infrastructure

You: "Show me compliance issues in my Azure resources"
Kodap: "I found 5 issues... [lists problems and solutions]"
You: Review and implement

Example 3: Get Refactoring Help

You: "How can I improve this function?"
Kodap: "Here's a better version... [shows improved code]"
You: Click "Copy to Clipboard" or "Apply This Code"

Core Commands

All commands accessible via Command Palette (Cmd+Shift+P on macOS, Ctrl+Shift+P on Windows/Linux) or context menus.

Intelligent Chat

• Infrastructure as Code Review – Chat about Terraform, Bicep, CloudFormation, Kubernetes manifests
• Compliance Queries – Ask about specific compliance requirements (SOC 2, HIPAA, PCI-DSS, CIS, etc.)
• Policy Analysis – Understand why resources are flagged and what policies apply
• Natural Conversation – Ask complex multi-part questions and get contextualized responses
• Persistent Chat History – Review past conversations and reference previous analyses
• Multi-Model Consensus – Kodap uses multiple AI models and shows you where they agree and disagree

Quick Start Examples

Example 1: Compliance Scan

You: "Scan my Azure resources for compliance issues"
Kodap: [Runs scan, returns findings]
- 3 critical security issues
- 7 policy violations
- Automated remediation available
You: Click to view details or apply fixes

Example 2: Infrastructure Review

You: "Review this Terraform file for security best practices"
[File shown in context]
Kodap: [Returns analysis with specific recommendations]
You: Ask follow-up questions or request refactoring

Example 3: Policy Compliance

You: "What CIS benchmarks are we failing?"
Kodap: [Lists all CIS benchmark violations with severity and fix guidance]
You: "Show me how to fix the top 3"
Kodap: [Provides detailed remediation steps]

Configuration

Default Settings (No setup needed)

The extension works out of the box. Just authenticate once and start chatting.

Optional Settings

If you want to customize, add to your VS Code settings:

{
  "kodap.apiUrl": "http://localhost:7071/api",
  "kodap.autoConnect": true
}

Troubleshooting

• Chat not responding – Reload VS Code (Cmd+Shift+P → "Reload Window")
• Can't authenticate – Verify your backend is running (npm start in backend folder)
• Slow responses – Check your internet connection and backend status
• No chat history – Clear browser cache and reload the extension

Architecture & How It Works

Request Flow

1. Context Gathering – Kodap collects your code, infrastructure configs, selected text, and organizational policies
2. Multi-Model Analysis – Multiple AI models (Claude, GPT-4, Gemini) independently analyze your request
3. Consensus & Comparison – Models vote on solutions; Kodap shows areas of agreement and disagreement with reasoning
4. Response Generation – Returns comprehensive analysis with:
   • Detailed findings with severity levels
   • Compliance references (CIS, SOC 2, PCI-DSS, HIPAA, etc.)
   • Specific remediation steps
   • Citations and explanations
5. Audit Trail – All findings, recommendations, and applied fixes are logged for compliance reporting

Supported Cloud Platforms

• Azure: Azure Policy, Blueprints, RBAC, resource compliance
• AWS: AWS Config, Security Hub, CloudTrail, organizational policies
• GCP: GCP Org Policy, Cloud Security Command Center, custom rules
• Kubernetes: Pod policies, network policies, RBAC configurations
• Multi-Cloud: Policy consistency across different platforms

Integration Points

• Jira: Link findings to tickets, track remediation progress
• Confluence: Publish compliance reports and remediation guides
• GitHub/GitLab: Create PRs for infrastructure fixes, policy updates
• Azure DevOps: Sync with pipelines and approval workflows
• Slack: Get compliance alerts and summary updates

Development

cd vscode-extension
npm install
npm run watch   # iterative development
npm run build   # production bundle

Press F5 inside VS Code to launch a development host with the extension loaded.

Support & Documentation

• In-Extension Help – Ask Kodap "How do I..." and it will explain features and capabilities
• Email Support – support@kodap.dev
• GitHub Issues – Report bugs or request features at https://github.com/kodap-ai/kodap-ai/issues
• Local Development – Make sure backend is running (npm start in backend folder)

Common Use Cases

For DevOps Teams

• Enforce multi-cloud compliance policies
• Automate security scanning in CI/CD pipelines
• Track compliance drift and remediation progress

For Security Teams

• Identify and prioritize security misconfigurations
• Get remediation guidance tied to specific compliance frameworks
• Maintain audit trails of all security changes

For Development Teams

• Get code review assistance with security context
• Generate tests with better coverage
• Understand architectural implications of changes

For Compliance Teams

• Generate compliance reports for audits
• Track compliance metrics across teams
• Monitor remediation SLAs and status

License

MIT © Kodap