Alert Security

Alert Security is a VS Code extension that helps prevent developers from accidentally committing or pushing secrets to remote repositories.

It combines:

rule-based secret detection for common credentials and private keys
risky filename detection for files like .env, *.pem, and *.key
optional AI-assisted review to summarize whether flagged content looks truly sensitive
git hook installation for pre-commit and pre-push

How it works

Install the extension from VS Code.
Open any git repository in VS Code.
Alert Security automatically installs repo-local hooks into .git/hooks.
Before git commit:
- staged files are inspected from the git index
Before git push:
- the refs being pushed are inspected
If suspicious content is found, the operation is blocked and a report is printed.

AI review is optional and acts as a second-pass summary layer. The hooks do not store your API key.

For manual scans launched from VS Code, set alertSecurity.openAIApiKey in your settings.
For hook-based scans, you can use OPENAI_API_KEY, OPENAI, or a repo-local .env file containing either variable before running git commands.

Open this folder in VS Code.
Press F5 to launch the Extension Development Host.
In the new window, open a git repository you want to protect.
Hooks auto-install when the repo opens, or you can run Alert Security: Install Git Hooks manually.

npm install
npm run verify
npm run package:vsix

See PUBLISHING.md in the project root for Marketplace release steps.

pre-commit scans staged content, not just working tree files.
pre-push scans the refs being pushed and reads file contents from git objects.
Large generated folders like node_modules, dist, and .git are skipped.
This project is scaffolded as a local extension workspace and can be packaged with vsce package.