Jokalala Code Analysis - VS Code Extension
A powerful VS Code extension that provides real-time code analysis, security vulnerability detection, and intelligent recommendations powered by AI.
🚀 Quick Start
New to Jokalala? Check out our Getting Started Guide for step-by-step setup instructions!
- Install the extension from VS Code Marketplace
- Get your API key from jokalala.com/api-keys
- Configure via Command Palette:
Jokalala: Show Settings
- Analyze your code with
Ctrl+Alt+A / Cmd+Alt+A
Features
🔍 Real-time Code Analysis
- File Analysis: Analyze individual files for security vulnerabilities, code quality issues, and best practice violations
- Selection Analysis: Analyze specific code selections for targeted feedback
- Project Analysis: Comprehensive analysis of entire projects with prioritized issue reporting
🛡️ Security & Quality
- Vulnerability Detection: Identify security vulnerabilities including SQL injection, XSS, path traversal, and more
- Code Quality Metrics: Track code quality, maintainability, and security risk scores
- Best Practice Recommendations: Get actionable recommendations to improve your code
📊 Interactive Views
- Issues Tree View: Browse and navigate issues organized by severity (Critical, High, Medium, Low)
- Recommendations Tree View: View AI-powered recommendations with detailed descriptions
- Metrics Tree View: Monitor code quality metrics and security risk scores
- Intelligent Caching: Reduce API calls with configurable caching (TTL and size limits)
- Request Queue: Priority-based request management for optimal performance
- Circuit Breaker: Automatic failure detection and recovery
- Retry Logic: Exponential backoff for transient failures
🔐 Security Features
- Secure API Key Storage: Uses VS Code's SecretStorage API for secure credential management
- Input Sanitization: XSS prevention with HTML escaping
- PII Anonymization: File paths, emails, and tokens redacted from telemetry
- HTTPS Validation: Warns when using insecure HTTP endpoints
Installation
From VSIX (Recommended)
- Download the latest
.vsix file from releases
- Open VS Code
- Go to Extensions view (
Ctrl+Shift+X / Cmd+Shift+X)
- Click the
... menu → "Install from VSIX..."
- Select the downloaded
.vsix file
From Source
# Clone the repository
git clone <repository-url>
cd packages/vscode-code-analysis
# Install dependencies
npm install
# Compile the extension
npm run compile
# Package the extension
npm run package
# Install the generated .vsix file
code --install-extension jokalala-code-analysis-*.vsix
Configuration
🔑 Getting Your API Key
For Individual Developers:
- Sign up at jokalala.com/signup
- Navigate to Dashboard → API Keys
- Click Generate New API Key
- Copy your key
For Teams:
Contact sales@jokalala.com for team licenses and custom deployments.
For Self-Hosted:
Deploy your own backend and generate keys from your admin dashboard.
⚙️ Configuration Methods
Method 1: Quick Setup (Recommended)
- Open Command Palette (
Ctrl+Shift+P / Cmd+Shift+P)
- Run: Jokalala: Show Settings
- Enter your API endpoint:
https://api.jokalala.com/analyze
- Enter your API key (will be stored securely)
Method 2: VS Code Settings UI
- Open Settings (
Ctrl+, / Cmd+,)
- Search for "jokalala"
- Configure:
- API Endpoint:
https://api.jokalala.com/analyze
- API Key: Your personal API key
- Analysis Mode:
full or quick
- Auto Analyze: Enable/disable auto-analysis on save
Method 3: settings.json (Advanced)
- Open Command Palette → Preferences: Open User Settings (JSON)
- Add configuration:
{
"jokalala.apiEndpoint": "https://api.jokalala.com/analyze",
"jokalala.apiKey": "jkl_your_api_key_here",
"jokalala.analysisMode": "full",
"jokalala.autoAnalyze": true
}
🔒 Security Note: API keys in settings.json are automatically migrated to VS Code's encrypted SecretStorage on first use.
Optional Settings
{
// Analysis mode: 'quick' or 'full'
"jokalala.analysisMode": "full",
// Auto-analyze on file save
"jokalala.autoAnalyze": true,
// Show inline warnings in editor
"jokalala.showInlineWarnings": true,
// Enable VS Code diagnostics integration
"jokalala.enableDiagnostics": true,
// Maximum file size for analysis (bytes)
"jokalala.maxFileSize": 1048576,
// Request timeout (milliseconds)
"jokalala.requestTimeout": 30000,
// Enable telemetry
"jokalala.enableTelemetry": true,
// Cache settings
"jokalala.cacheEnabled": true,
"jokalala.cacheTTL": 3600000,
"jokalala.maxCacheSize": 100,
// Retry settings
"jokalala.retryEnabled": true,
"jokalala.maxRetries": 3,
"jokalala.retryDelay": 1000,
// Circuit breaker settings
"jokalala.circuitBreakerEnabled": true,
"jokalala.circuitBreakerThreshold": 5,
// Logging level
"jokalala.logLevel": "info"
}
Usage
Commands
Access commands via Command Palette (Ctrl+Shift+P / Cmd+Shift+P):
- Jokalala: Analyze Current File - Analyze the currently open file
- Jokalala: Analyze Selection - Analyze the selected code
- Jokalala: Analyze Project - Analyze the entire workspace
- Jokalala: Clear Cache - Clear the analysis cache
- Jokalala: Show Settings - Open extension settings
Keyboard Shortcuts
Ctrl+Alt+A / Cmd+Alt+A - Analyze current fileCtrl+Alt+S / Cmd+Alt+S - Analyze selection
Tree Views
The extension adds three tree views to the Explorer sidebar:
- Jokalala Issues - View all detected issues organized by severity
- Jokalala Recommendations - Browse AI-powered recommendations
- Jokalala Metrics - Monitor code quality and security metrics
Code Actions
When issues are detected, the extension provides quick fixes:
- Apply Suggestion - Apply the recommended fix
- Mark as False Positive - Report incorrect detections
- Mark as Helpful - Provide positive feedback
- Mark as Not Helpful - Report unhelpful suggestions
Development
Prerequisites
- Node.js 16.x or higher
- npm 7.x or higher
- VS Code 1.85.0 or higher
Setup
# Install dependencies
npm install
# Compile TypeScript
npm run compile
# Watch mode for development
npm run watch
# Run tests
npm test
# Run tests with coverage
npm run test:coverage
# Lint code
npm run lint
# Format code
npm run format
# Package extension
npm run package
Testing
The extension includes comprehensive test coverage:
- Unit tests for all services
- Integration tests for VS Code API
- Mock implementations for testing without backend
# Run all tests
npm test
# Run specific test suite
npm test -- --grep "ConfigurationService"
# Run with coverage
npm run test:coverage
Architecture
Core Services
- CodeAnalysisService - API communication and request management
- ConfigurationService - Settings management with validation
- Logger - Centralized logging with PII anonymization
- SecurityService - Secure credential storage and input sanitization
- TelemetryService - Privacy-aware usage analytics
Design Patterns
- Circuit Breaker - Prevents cascading failures
- Priority Queue - FIFO ordering within same priority
- Retry Logic - Exponential backoff with configurable attempts
- Debouncing - 300ms debounce for diagnostic updates
Project Structure
src/
├── commands/ # Command implementations
├── interfaces/ # TypeScript interfaces
├── providers/ # Tree view and code action providers
├── services/ # Core business logic
├── test/ # Test suites
├── utils/ # Utility functions
└── extension.ts # Extension entry point
Troubleshooting
Common Issues
Extension Not Activating
Problem: Extension doesn't activate when opening code files
Solution:
- Check that you're working with supported languages (JavaScript, TypeScript, Python, Java, Go, Rust, C/C++, C#, PHP, Ruby)
- Reload VS Code window (
Developer: Reload Window)
- Check Output panel (
View → Output → Jokalala Code Analysis) for errors
API Connection Errors
Problem: "Failed to connect to API endpoint" error
Solution:
- Verify API endpoint is correct in settings
- Check that API endpoint uses HTTPS (HTTP will show a warning)
- Verify API key is set correctly (
Jokalala: Show Settings)
- Check network connectivity and firewall settings
- Review circuit breaker status in logs
No Issues Detected
Problem: Analysis completes but no issues are shown
Solution:
- Check that the file size is within limits (default: 1MB)
- Verify the analysis mode is set to 'full' for comprehensive analysis
- Check the Output panel for API response details
- Clear cache and re-analyze (
Jokalala: Clear Cache)
Problem: Extension is slow or unresponsive
Solution:
- Enable caching to reduce API calls
- Increase cache TTL for longer-lived results
- Use 'quick' analysis mode for faster results
- Reduce
maxProjectFiles for large projects
- Disable auto-analyze and analyze manually
Debug Mode
Enable debug logging to troubleshoot issues:
{
"jokalala.logLevel": "debug"
}
Then check the Output panel: View → Output → Jokalala Code Analysis
Privacy & Security
Data Collection
The extension collects minimal telemetry data (if enabled):
- Extension version and VS Code version
- Analysis request counts and response times
- Error rates and types
- PII is automatically anonymized (file paths, emails, tokens)
Secure Storage
- API keys are stored using VS Code's SecretStorage API
- Credentials are encrypted at rest
- No sensitive data is logged or transmitted in telemetry
Network Security
- All API communication should use HTTPS
- HTTP endpoints trigger security warnings
- Request/response validation prevents injection attacks
Contributing
We welcome contributions! Please see CONTRIBUTING.md for guidelines.
Development Workflow
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature)
- Make your changes
- Run tests (
npm test)
- Run linter (
npm run lint)
- Commit your changes (
git commit -m 'Add amazing feature')
- Push to the branch (
git push origin feature/amazing-feature)
- Open a Pull Request
Code Quality Standards
- TypeScript strict mode enabled
- 90%+ test coverage required
- ESLint and Prettier for code formatting
- Comprehensive JSDoc comments for public APIs
License
This project is licensed under the MIT License - see the LICENSE file for details.
Support
Changelog
See CHANGELOG.md for a list of changes in each version.
Acknowledgments
Made with ❤️ by the Jokalala Team
