🐰 BunnyAI Pro — Production-Ready VS Code Extension
BunnyAI Pro is a comprehensive, enterprise-grade VS Code extension designed to supercharge your development workflow. Built with a robust TypeScript architecture, it combines advanced AI capabilities with powerful API testing tools, multi-file refactoring, automated migrations, architecture governance, and project-wide code intelligence (complexity analysis, security scanning, architecture insights), supporting a wide array of modern web frameworks.
Key Differentiators:
- 🔥 Multi-file AI reasoning - Understands entire workspace, dependencies, and architecture
- 🔥 Workspace Refactor Engine - Atomic multi-file edits, moves, and transformations
- 🔥 Migration Engine - Automated framework migrations (JS→TS, Express→NestJS, React Class→Hooks)
- 🔥 Architecture Rule Enforcement - Enterprise-level governance with auto-fix
- 🔥 GitHub PR Integration - AI-powered PR reviews with inline comments
- 🔥 Runtime Diagnostics - Parse logs, diagnose errors, and suggest fixes
- 🔥 Architecture Overview - Generate diagrams and documentation automatically
✨ Features
🚀 Built-in API Client
A full-featured HTTP client integrated directly into VS Code:
- Complete HTTP Methods: Support for GET, POST, PUT, DELETE, PATCH, HEAD, and OPTIONS
- Interactive Request Panel: Beautiful webview interface for crafting and sending API requests
- Request Body Editor: JSON editor with syntax highlighting for request bodies
- Custom Headers: Add and manage custom HTTP headers per request
- Response Display: Formatted response viewer with status badges, duration, and size metrics
- Real-time Execution: Send requests and view responses instantly without leaving VS Code
- Request/Response Size Tracking: Monitor request body and response sizes
- Timeout Handling: Configurable request timeouts (default 30s) with clear error messages
- URL Validation: Security-first validation allowing only
http:// and https:// protocols
- Size Limits: Configurable request body (default 1MB) and response (default 10MB) size limits
Leverage advanced AI to automate tedious development tasks:
Smart Test Generation: Automatically generate comprehensive unit and integration tests for your code
- Supports multiple testing frameworks
- Includes edge cases and error handling
- Generates mock data where appropriate
- Context-aware test generation
Auto-Documentation: Generate comprehensive code documentation instantly
- Function/method descriptions
- Parameter and return value documentation
- Usage examples
- Language-appropriate formats (JSDoc, docstrings, etc.)
Intelligent Error Analysis: Get actionable insights for runtime errors
- Clear explanations of error meanings
- Common causes identification
- Step-by-step solutions
- Prevention tips
AI Code Review & Refactoring: Get AI-powered code reviews and refactoring suggestions
- Select code and get instant review feedback
- Refactored code suggestions with explanations
- Identifies complexity issues and code smells
- Command:
BunnyAI: Review & Refactor Selection
GitHub PR Review: AI-powered code review for GitHub Pull Requests
- Reviews PR diffs and suggests improvements
- Identifies architecture issues, code smells, and security concerns
- Provides file-by-file feedback
- Optional: Post comments directly to PR
- Command:
BunnyAI: Review Pull Request
- Example: Review a PR before merging to catch issues early
Runtime Error Diagnosis: AI-powered diagnosis for runtime errors
- Parses stack traces from Node.js, Python, Java, Go logs
- Extracts error details and call stacks
- AI root cause analysis with fix suggestions
- Auto-jump to source file and line
- Commands:
BunnyAI: Analyze Logs, BunnyAI: Diagnose Runtime Error
- Example: Paste a stack trace to get instant diagnosis and fix suggestions
Multi-Provider Support:
- OpenAI (GPT-4, GPT-3.5-turbo, etc.)
- Anthropic (Claude 3 Opus, Sonnet, etc.)
- Custom AI Providers (configurable endpoints)
Secure API Key Management:
- Encrypted storage using VS Code SecretStorage
- Automatic migration from settings
- Rate limiting (500ms minimum between calls)
- Easy configuration via command palette
🧠 Code Intelligence & Security
Comprehensive code analysis and security scanning capabilities:
Code Quality Analyzer: Analyze code complexity and maintainability
- Cyclomatic complexity metrics for functions
- Maintainability grades (A-F) based on complexity and nesting
- Visual diagnostics highlighting complex code
- File-level quality reports with function breakdowns
- Command:
BunnyAI: Analyze Code Quality
- Example: Select a function and instantly see its complexity score and maintainability grade
Multi-Language Comment Remover: Safely remove comments while preserving code
- Supports JavaScript/TypeScript, Python, Java, C/C++, C#, PHP, Go, Rust, HTML/CSS, Shell
- Preserves comment-like text inside strings and template literals
- Works on selections or entire files
- Undo-friendly single operation
- Command:
BunnyAI: Remove Comments from Selection
- Example: Clean up code before minification or remove outdated comments without breaking strings
Security Scanner: Static analysis for common security vulnerabilities
- Detects hardcoded secrets (API keys, tokens, passwords)
- Identifies dangerous code patterns (eval, Function constructor, exec)
- Flags SQL injection risks (string concatenation, template literals)
- Warns about insecure HTTP usage
- Highlights weak cryptography (MD5, SHA-1)
- XSS risk detection (innerHTML, dangerouslySetInnerHTML)
- VS Code diagnostics integration
- Command:
BunnyAI: Security Scan File
- Example: Scan a file before committing to catch hardcoded API keys or SQL injection risks
AI Security Explanations: Get detailed AI-powered explanations for security issues
- Severity justification and risk assessment
- Exploitation scenarios explained
- Suggested fixes with code examples
- Works with security scan results
- Command:
BunnyAI: Explain Security Issues (with AI)
- Example: After scanning, get AI explanations for why a detected issue is critical and how to fix it
Workspace Code Health Dashboard: Project-wide code health analysis
- Recursively scans entire workspace (respects .gitignore)
- Aggregates complexity metrics across all files
- Identifies top 10 most complex functions
- Security issues grouped by severity
- Worst offender files highlighted
- Interactive webview panel with clickable file navigation
- Progress tracking and cancellable scans
- Sidebar view showing last scan summary
- Command:
BunnyAI: Analyze Workspace Code Health
- Example: Run a full workspace scan to identify the most complex files and security hotspots before a code review
🔄 Workspace Refactor Engine
Enterprise-grade multi-file refactoring powered by AI:
Multi-File Analysis: Understand entire workspace structure
- Scans all files and builds dependency graphs
- Identifies complex modules and architecture smells
- Detects circular dependencies
- Analyzes file relationships and coupling
AI-Powered Refactoring: Intelligent refactoring suggestions
- Proposes file moves and renames
- Suggests interface changes across files
- Identifies refactoring opportunities
- Generates comprehensive refactor plans
Atomic Multi-File Edits: Safe, coordinated transformations
- Edit multiple files atomically
- Move and rename files with dependency updates
- Create new files and modules
- Preview diffs before applying
- Undo-friendly using VS Code WorkspaceEdit
Refactor Plan Execution:
- JSON-based refactor plans
- Validation before execution
- Conflict detection
- Selective application of changes
- Commands:
BunnyAI: Analyze Workspace for Refactor, BunnyAI: Apply Workspace Refactor
- Example: Refactor a large codebase by moving files, updating imports, and restructuring modules all at once
🚀 Migration Engine
Automated framework and language migrations:
JavaScript → TypeScript: Convert JS projects to TypeScript
- Renames files (.js → .ts, .jsx → .tsx)
- Adds type annotations
- Creates tsconfig.json if needed
- Preserves all functionality
Express → NestJS: Migrate Express routes to NestJS
- Converts routes to NestJS controllers
- Creates module structure
- Transforms route handlers
- Generates NestJS boilerplate
React Class → Hooks: Convert class components to functional components
- Converts class components to hooks
- Transforms lifecycle methods to useEffect
- Converts state to useState
- Preserves component behavior
Migration Workflow:
- Analyzes project to determine applicability
- Shows migration preview with before/after examples
- Generates AI-powered migration plan
- Requires user confirmation before applying
- Command:
BunnyAI: Run Migration
- Example: Migrate a large React codebase from class components to hooks automatically
📐 Architecture Rule Enforcement
Enterprise-level architecture governance:
🏗️ Architecture Overview Generator
Visualize and document your codebase architecture:
Architecture Scanning: Comprehensive workspace analysis
- Detects modules, components, and services
- Maps dependencies and relationships
- Identifies architectural patterns
- Analyzes code organization
Diagram Generation: Visual architecture documentation
- Mermaid flowcharts and class diagrams
- Module dependency graphs
- Component relationship charts
- Sequence diagrams for interactions
AI-Powered Documentation:
- Generates architecture descriptions
- Explains module purposes and relationships
- Identifies architectural patterns
- Highlights hotspots and complexity
Export Options:
- Export to Markdown with embedded diagrams
- Save architecture documentation
- Generate visual reports
- Commands:
BunnyAI: Generate Architecture Overview, BunnyAI: Export Architecture Docs
- Example: Generate comprehensive architecture documentation for onboarding new team members
🔍 Route Detection & CodeLens Integration
Intelligent route detection with inline execution:
CodeLens Buttons: Click-to-run buttons appear above route definitions
Automatic Route Parsing: Detects routes from your code files
Multi-Framework Support:
- Node.js: Express.js, NestJS, GraphQL
- Python: FastAPI, Django, Flask
- Java: Spring Boot
- PHP: Laravel
- Go: Gin
Advanced Express Parsing:
- Route parameters (
:id, :userId)
- Template strings with variables
- Router instances (
express.Router())
- Router mounting (
app.use('/api', router))
- Nested route path resolution
- Middleware array support
- All HTTP methods (GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS, ALL)
Performance Optimized:
- Route parsing cache (5 second TTL)
- Debouncing for CodeLens (300ms)
- Content hash-based cache invalidation
📊 Request History & Collections
Never lose track of your API interactions:
Request History:
- Persistent storage of all API requests and responses
- View method, URL, status, duration, and timestamp
- History size limiting (100 entries)
- Clear history functionality
- Tree view in sidebar
API Collections:
- Organize requests into collections
- Group related API calls
- Export collections to JSON
- Import collections from JSON
- Export/import all collections
- Persistent storage
🛠️ Middleware & Advanced Features
Production-ready request processing pipeline:
🎯 Workspace Detection
Automatic framework and project detection:
- Auto-Detection: Automatically detects your project framework
- Confidence Scoring: Provides confidence levels for detection
- Config File Detection: Identifies frameworks from configuration files
- File-Based Detection: Analyzes project structure
- Status Bar Integration: Shows detected framework in status bar
📱 VS Code Integration
Seamless integration with VS Code:
🔒 Security Features
Enterprise-grade security built-in:
- Secret Storage: AI API keys stored using VS Code's encrypted SecretStorage
- URL Validation: Only
http:// and https:// protocols allowed (prevents SSRF attacks)
- Size Limits: Prevents memory exhaustion and DoS attacks
- Rate Limiting: Prevents API abuse and accidental rapid-fire requests
- Secure Migration: Automatic migration of API keys from settings to SecretStorage
- No Sensitive Data Logging: API keys never logged or exposed in error messages
- Static Security Scanning: Built-in security scanner detects vulnerabilities before deployment
- Security Diagnostics: VS Code diagnostics integration for security issues
- AI-Powered Security Analysis: Get detailed explanations and fixes for security issues
⚙️ Configuration
Highly configurable via VS Code settings:
- Base URL: Default base URL for API requests
- Timeout: Request timeout in milliseconds (default: 30000)
- Caching: Enable/disable response caching with configurable TTL
- Retry Settings: Configure retry attempts and delays
- AI Provider: Choose between OpenAI, Anthropic, or Custom
- AI Model: Select AI model (e.g., gpt-4, gpt-3.5-turbo, claude-3)
- Size Limits: Configure request body and response size limits
- Framework Detection: Enable/disable automatic framework detection
- CodeLens: Enable/disable CodeLens for route detection
- Security Scanning: Enable/disable security scanning in workspace analysis
- Workspace Scanning: Enable/disable workspace-level code health scanning
- Max Workspace Files: Maximum files to analyze per workspace scan (default: 10000)
- Complexity Thresholds: Configure high (default: 10) and critical (default: 20) complexity thresholds
Architecture Rules Configuration
Create a bunnyai.json file in your project root to configure architecture rules:
{
"rules": {
"naming": {
"components": "PascalCase",
"services": "camelCase",
"controllers": "PascalCase",
"repositories": "camelCase",
"modules": "PascalCase",
"files": "kebab-case"
},
"structure": {
"componentsDir": "src/components",
"servicesDir": "src/services",
"controllersDir": "src/controllers",
"repositoriesDir": "src/repositories",
"modulesDir": "src/modules",
"requiredLayers": ["controllers", "services", "repositories"]
},
"imports": {
"disallowCircularImports": true,
"enforceAbsoluteImports": false,
"maxImportDepth": 5,
"disallowParentImports": false
}
}
}
See bunnyai.example.json in the repository for a complete example.
📦 Installation
From VS Code Marketplace (Recommended)
- Open VS Code.
- Go to the Extensions view (
Ctrl+Shift+X or Cmd+Shift+X).
- Search for BunnyAI Pro.
- Click Install.
Or install directly:
📖 Usage
Running API Requests
- Open a supported file (e.g.,
server.ts, app.py).
- Click the Run API CodeLens appearing above your route definitions.
- The BunnyAI Request Panel will open with method and URL pre-filled.
- Add headers or modify request body if needed.
- Click Send Request to execute.
- View the response in the panel with status, duration, and size metrics.
Generating Tests
- Select the code you want to generate tests for.
- Press
Ctrl+Shift+P (or Cmd+Shift+P on Mac).
- Run "BunnyAI: Generate Tests".
- The AI will generate comprehensive tests in a new document.
Note: Requires AI API key configuration (see below).
Analyzing Errors
- Select an error message in your editor.
- Press
Ctrl+Shift+P (or Cmd+Shift+P on Mac).
- Run "BunnyAI: Analyze Error".
- Receive an AI-generated analysis with explanations and solutions.
Note: Requires AI API key configuration (see below).
Generating Documentation
- Select the code you want to document.
- Press
Ctrl+Shift+P (or Cmd+Shift+P on Mac).
- Run "BunnyAI: Generate Documentation".
- Documentation will be inserted above the selected code.
Note: Requires AI API key configuration (see below).
Configuring AI API Key
- Press
Ctrl+Shift+P (or Cmd+Shift+P on Mac).
- Run "BunnyAI: Configure AI API Key".
- Enter your OpenAI, Anthropic, or custom API key.
- The key will be stored securely in VS Code's SecretStorage.
Get API Keys:
Analyzing Code Quality
- Open a TypeScript or JavaScript file.
- Press
Ctrl+Shift+P (or Cmd+Shift+P on Mac).
- Run "BunnyAI: Analyze Code Quality".
- View complexity metrics and maintainability grades in the Code Quality panel.
- See diagnostics highlighting complex functions directly in your editor.
Reviewing & Refactoring Code
- Select the code you want to review.
- Press
Ctrl+Shift+P (or Cmd+Shift+P on Mac).
- Run "BunnyAI: Review & Refactor Selection".
- Review the AI-generated feedback and refactored code suggestion.
- Apply the refactored code if desired.
Note: Requires AI API key configuration (see above).
- Select code with comments (or leave unselected to process entire file).
- Press
Ctrl+Shift+P (or Cmd+Shift+P on Mac).
- Run "BunnyAI: Remove Comments from Selection".
- Comments are removed while preserving strings and template literals.
- Use undo (
Ctrl+Z) if needed.
Scanning for Security Issues
- Open a file you want to scan.
- Press
Ctrl+Shift+P (or Cmd+Shift+P on Mac).
- Run "BunnyAI: Security Scan File".
- View security issues as VS Code diagnostics.
- Check the output channel for detailed issue information.
- (Optional) Run "BunnyAI: Explain Security Issues (with AI)" for detailed explanations.
Note: AI explanations require AI API key configuration.
Analyzing Workspace Code Health
- Open a workspace folder.
- Press
Ctrl+Shift+P (or Cmd+Shift+P on Mac).
- Run "BunnyAI: Analyze Workspace Code Health".
- Choose whether to include security scanning.
- Monitor progress (scan can be cancelled).
- View results in the interactive dashboard:
- Summary metrics (files scanned, average complexity, security issues)
- Worst offender files (highest complexity)
- Top 10 most complex functions
- Security issues grouped by severity
- Click any file or function to navigate directly to it.
- View last scan summary in the Code Health sidebar view.
Workspace Refactoring
- Open a workspace folder.
- Press
Ctrl+Shift+P (or Cmd+Shift+P on Mac).
- Run "BunnyAI: Analyze Workspace for Refactor".
- Wait for analysis to complete (shows progress).
- Review the refactor explorer panel:
- Complex modules identified
- Circular dependencies detected
- Architecture smells highlighted
- AI-generated refactoring proposal
- Review the generated refactor plan with file diffs.
- Select which changes to apply.
- Run "BunnyAI: Apply Workspace Refactor" to apply selected changes.
Note: Always review the refactor plan before applying. Changes can be undone using VS Code's undo feature.
Running Migrations
- Open a workspace folder.
- Press
Ctrl+Shift+P (or Cmd+Shift+P on Mac).
- Run "BunnyAI: Run Migration".
- Select a migration from the dropdown (e.g., "JavaScript to TypeScript").
- Review the migration analysis:
- Files to migrate
- Warnings and recommendations
- Estimated complexity
- Review the generated migration plan with before/after examples.
- Click "Apply Migration" to execute (requires confirmation).
Note: Migrations modify multiple files. Always review the plan and ensure you have version control in place.
Enforcing Architecture Rules
- Create a
bunnyai.json file in your project root (see example below).
- Define your architecture rules (naming, structure, imports).
- Press
Ctrl+Shift+P (or Cmd+Shift+P on Mac).
- Run "BunnyAI: Enforce Architecture Rules".
- Review violations in the panel:
- Naming violations
- Structure violations
- Import rule violations
- Click "Generate Fix Plan" to create fixes.
- Review the fix plan and diffs.
- Click "Apply Fixes" to apply (requires confirmation).
Example bunnyai.json:
{
"rules": {
"naming": {
"components": "PascalCase",
"services": "camelCase",
"files": "kebab-case"
},
"structure": {
"componentsDir": "src/components",
"servicesDir": "src/services",
"requiredLayers": ["controllers", "services"]
},
"imports": {
"disallowCircularImports": true,
"maxImportDepth": 5
}
}
}
Reviewing GitHub Pull Requests
- Press
Ctrl+Shift+P (or Cmd+Shift+P on Mac).
- Run "BunnyAI: Review Pull Request".
- Enter GitHub repository (owner/repo) and PR number.
- Configure GitHub token if not already set (use "BunnyAI: Configure GitHub Token").
- Review the AI-generated PR review:
- PR summary
- File-by-file findings
- Architecture issues
- Security concerns
- Suggested improvements
- Optionally post comments directly to the PR.
Note: Requires GitHub personal access token with PR read/write permissions.
Analyzing Runtime Logs
- Press
Ctrl+Shift+P (or Cmd+Shift+P on Mac).
- Run "BunnyAI: Analyze Logs".
- Select a log file (.log, .txt, .out).
- Review parsed error details:
- Error type and message
- File path and line number
- Call stack
- Run "BunnyAI: Diagnose Runtime Error" for AI-powered diagnosis:
- Root cause analysis
- Likely fix
- Prevention strategy
- Test cases to catch the error
Note: AI diagnosis requires AI API key configuration.
Generating Architecture Overview
- Open a workspace folder.
- Press
Ctrl+Shift+P (or Cmd+Shift+P on Mac).
- Run "BunnyAI: Generate Architecture Overview".
- Wait for analysis to complete.
- Review the architecture explorer panel:
- Mermaid diagrams (flowcharts, class diagrams)
- Module dependency graphs
- Component relationships
- AI-generated architecture description
- Run "BunnyAI: Export Architecture Docs" to save documentation to Markdown files.
Note: Architecture documentation is saved to architecture/ folder in your workspace.
🔒 Security Considerations
API Key Storage
- Secure Storage: AI API keys are stored using VS Code's SecretStorage API, which provides encrypted storage
- Migration: Existing API keys in settings are automatically migrated to SecretStorage
- Configuration: Use the
BunnyAI: Configure AI API Key command to securely manage your API keys
URL Validation
- Only
http:// and https:// protocols are allowed for API requests
- Invalid protocols are rejected with clear error messages
- Prevents SSRF (Server-Side Request Forgery) attacks
Size Limits
- Request Body: Limited to 1MB by default (configurable)
- Response Size: Limited to 10MB by default (configurable)
- Prevents memory exhaustion and DoS attacks
Rate Limiting
- AI API calls are rate-limited (minimum 500ms between calls)
- Prevents accidental rapid-fire requests and API abuse
Best Practices
- Always use HTTPS for production APIs
- Store API keys securely using the provided command
- Review size limits based on your use case
- Monitor API usage to prevent abuse
⚙️ Configuration
Open VS Code Settings (Ctrl+,) and search for "BunnyAI" to configure:
- Base URL: Default base URL for API requests
- Timeout: Request timeout in milliseconds (default: 30000)
- Caching: Enable/disable response caching with configurable TTL
- Retry: Configure retry attempts and delays
- AI Provider: Choose between OpenAI, Anthropic, or Custom
- AI Model: Model name (e.g., gpt-4, gpt-3.5-turbo, claude-3)
- Size Limits: Configure request body and response size limits
- Framework Detection: Enable/disable automatic framework detection
- CodeLens: Enable/disable CodeLens for route detection
- Security Scanning: Enable/disable security scanning (default: enabled)
- Workspace Scanning: Enable/disable workspace code health scanning (default: enabled)
- Max Workspace Files: Maximum files to analyze per scan (default: 10000)
- Complexity Thresholds: High complexity (default: 10) and critical (default: 20) thresholds
See HOW_TO_RUN.md for detailed configuration instructions.
🧪 Testing
Automated Tests
npm test
Runs comprehensive test suite covering:
- HTTP Client (validation, size limits, timeouts)
- API Executor (request execution, error handling)
- Middleware (Auth, Retry, Cache)
- Config Manager
- Express Parser
- Extension activation
See TESTING_GUIDE.md for comprehensive testing instructions.
🤝 Contributing
Contributions are welcome! Please read our Contributing Guide for details on our code of conduct and the process for submitting pull requests.
📄 License
This project is licensed under the MIT License - see the LICENSE file for details.
Copyright (c) 2025 Vishal Nandy
Made by Vishal Nandy
| |
