Windor AI — Code Reviewer
AI-powered code review inside VS Code. Catch bugs, security issues, and bad practices before you commit — no context switching, no waiting for PR reviewers.
What it does
Windor AI reviews your git diff using large language models and places inline suggestions directly on the changed lines in your editor. Sign in once with GitHub or GitLab, then review staged changes, unstaged changes, or full pull requests with a single click.
Features
Inline suggestions on changed lines
Comments appear directly on the line that has the issue — not in a separate panel. Each comment shows the severity, a short title, a full explanation, and an optional fix.
Three review modes
- Review Staged — review everything in
git add before committing
- Review Unstaged — review your working tree changes
- Review Pull Request — review the full diff between your branch and base
Multi-model AI routing
- Small diffs use
gpt-4o-mini for fast, cheap reviews
- Sensitive files (auth, payments, SQL) automatically route to
gpt-4o
- Optional security pass using
o4-mini for OWASP/CWE-focused analysis
Risk triage
Windor identifies high-risk file paths (auth, tokens, payments, migrations) and escalates them to deeper analysis automatically — no configuration needed.
Security-focused analysis
Detects SQL injection, XSS, command injection, hardcoded secrets, auth bypass patterns, exposed API keys, and insecure cryptography.
Pre-commit hook integration
Optionally installs a .git/hooks/pre-commit hook that runs a review before every commit and blocks the commit if critical issues are found.
Review cache
Results are cached by diff hash. Re-running a review on unchanged code returns instantly from cache.
Getting started
1. Install the extension
Search Windor AI in the VS Code Extensions marketplace and click Install.
2. Sign in
Click the Windor AI icon in the Activity Bar. The sidebar will show a Sign in with GitHub or Sign in with GitLab button. Click one — your browser will open for the OAuth flow and return you to VS Code automatically.
3. Run your first review
Open a git repository, make some changes, and click Review Staged or Review Unstaged in the sidebar. Inline comments will appear on the changed lines within seconds.
Free tier
Every account gets 3 free reviews per day. Credits reset automatically at midnight. No credit card required.
Requirements
- VS Code 1.85.0 or higher
- A GitHub or GitLab account (for login)
- Internet connection (reviews run through the Windor AI backend)
No API keys required. No OpenAI account needed. Windor manages the AI infrastructure.
Extension settings
| Setting |
Default |
Description |
aiReviewer.alwaysUseDeepModel |
false |
Force gpt-4o for every review regardless of diff size |
aiReviewer.enableSecurityPass |
false |
Run an additional security-focused pass on sensitive files |
aiReviewer.reviewFocus |
["bugs","security","performance"] |
Areas to emphasize in the review |
aiReviewer.enableLineMapping |
true |
Correct AI-reported line numbers using diff hunk analysis |
Commands
All commands are available via the Command Palette (Ctrl+Shift+P / Cmd+Shift+P):
| Command |
Description |
AI Review: Review Staged Changes |
Review everything currently staged |
AI Review: Review Unstaged Changes |
Review your working tree |
AI Review: Review Pull Request |
Review the full PR diff |
AI Review: Clear Inline Suggestions |
Remove all decorations from the editor |
Windor: Sign in with GitHub |
Start GitHub OAuth login |
Windor: Sign in with GitLab |
Start GitLab OAuth login |
Windor: Sign Out |
Log out and clear the stored session |
How it works
- When you trigger a review, the extension reads the git diff and optimizes it to reduce token usage.
- The diff is sent securely to the Windor AI backend along with your session token.
- The backend validates your session, deducts one daily credit, and routes the request to the appropriate model.
- The AI response is mapped back to exact line numbers in your editor using hunk-based correction.
- Inline decorations appear on the changed lines. Click any decoration to see the full comment in the Problems panel or ReviewPanel.
Your code never leaves your machine unencrypted. All communication is over HTTPS. The Windor backend does not store your source code.
Privacy
- Source code diffs are sent to the Windor AI backend for processing and are not stored after the review completes.
- Authentication is handled by Supabase with GitHub or GitLab OAuth. Windor does not store your GitHub or GitLab password.
- Your Supabase session token is stored in VS Code's encrypted Secret Storage (OS keychain) and never written to disk in plain text.
Known issues
- Very large pull requests (40+ changed files) may take 30–45 seconds to review.
- GitLab PR review requires the branch to be fetched locally (
git fetch origin).
- Pre-commit hooks are not supported in VS Code's built-in Git panel — run commits from the terminal to trigger hook reviews.
Release notes
0.1.2
- Migrated all AI calls to the Windor backend — no API key required
- Added GitHub and GitLab OAuth login
- Introduced daily free credit system (3 reviews/day)
- Full VS Code native theme support in sidebar
- Improved line number accuracy via hunk-based mapping
0.1.0
- Multi-model routing (gpt-4o-mini for fast reviews, gpt-4o for deep reviews)
- Security pass with OWASP/CWE detection
- Pull request review support
- Pre-commit hook installation
- Review result caching
0.0.1
- Initial release
- Staged and unstaged diff review
- Inline editor decorations
Support
Built for developers who want a faster, smarter code review loop.
