KoraSafe Governance for VS Code

AI governance checks that run in your editor, on every save. Flags the stuff that blocks a regulated launch: leaked secrets, PII in prompts, LLM calls without error handling, destructive actions without a human-in-the-loop gate.

Part of KoraSafe, the AI governance intelligence platform.

KoraSafe Governance sidebar with findings, code squiggles, and finding tooltip

Diagnostic squiggle with finding tooltip showing severity and regulation mapping

Command palette showing the evidence bundle export command alongside the bundle JSON preview

Marketplace mocks pending design capture. See media/screenshots/SCREENSHOT_SPEC.md for the shot list design replaces these with.

What it catches

Seven rule classes run locally with zero network round-trip:

Secrets. Anthropic, OpenAI, AWS, GitHub, Slack, JWT tokens, and hardcoded password / api_key style credentials.
PII. Social security numbers, credit card numbers, emails, phone numbers in code literals.
LLM calls. Direct SDK calls to Anthropic, OpenAI, Bedrock, Vertex, and generic client.invoke / model.generate patterns.
Destructive actions. execute(), database .delete(), deploys, file writes, network .send() patterns.
Missing human-in-the-loop gates. Flags destructive actions that ship without an approval or consent path nearby.
Missing error handling. LLM calls outside a try/catch or a withErrorHandling wrapper.
Missing rate limits. API endpoints that hit an LLM without any rate-limit primitive in scope.

Optional cloud checks can layer on regulatory mapping (EU AI Act, GDPR, NIST AI RMF) when you add an API key. Threat-intelligence patterns can also be pulled from KoraSafe on startup and cached locally so known prompt-injection or exfiltration signatures keep working offline.

Policy-as-code

Place .korasafe/policy.yaml at the workspace root to tune local rules. See docs/sample-policy.yaml for the full shape. The extension reloads the file on change; malformed YAML is non-fatal and appears in the sidebar footer plus the KoraSafe output channel.

Install

Search "KoraSafe" in the VS Code Extensions panel, or:

code --install-extension korasafe.korasafe

Works in VS Code 1.85+. Activates on JavaScript, TypeScript, Python, Go, JSX, and TSX files.

Cursor

Cursor uses the VS Code extension host, so the same VSIX works as a drop-in install:

npm run package
cursor --install-extension korasafe-0.2.0.vsix

Then open a workspace, confirm the KoraSafe shield appears in the activity bar, and save a JavaScript, TypeScript, Python, Go, JSX, or TSX file to trigger scan-on-save diagnostics.

Continue

Continue runs inside a VS Code-compatible host. Install KoraSafe into the host editor first, then keep Continue enabled as a companion extension:

npm run package
code --install-extension korasafe-0.2.0.vsix

For Cursor-hosted Continue setups, use the Cursor command above instead of code. KoraSafe runs local diagnostics independently of Continue and can call KoraSafe cloud checks when korasafe.enableCloudChecks is enabled and an API key is stored with KoraSafe: Set API key.

Use it

Diagnostics on save. Squiggles appear on findings. Hover for regulation mapping and severity.
Sidebar. Click the shield icon in the activity bar. Findings group by severity. Click to jump to the line.
Commands (Cmd+Shift+P → type "KoraSafe"):
KoraSafe: Scan current file
KoraSafe: Scan workspace
KoraSafe: Scan all workspace roots
KoraSafe: Generate PR report
- KoraSafe: Show output
- KoraSafe: Refresh rules manifest
- KoraSafe: Export evidence bundle
- KoraSafe: Show governance panel
KoraSafe: Clear all diagnostics
KoraSafe: Export dismissed findings
KoraSafe: Set API key (stores in VS Code SecretStorage, backed by OS keychain)
KoraSafe: Copy MCP auth token

In a multi-root workspace, each root resolves its own .korasafe/policy.yaml and .korasafe/ignore. File scans use the active editor's root; use KoraSafe: Scan all workspace roots from the command palette or sidebar to aggregate every root.

Using KoraSafe as an MCP server

KoraSafe starts a local MCP endpoint when the extension activates. It listens on http://127.0.0.1:7741/mcp by default, falls back to an open port if 7741 is busy, and writes the bound port to the KoraSafe output channel. Use KoraSafe: Copy MCP auth token and pass it as a bearer token from your MCP client.

Claude Code ~/.mcp.json:

{
  "mcpServers": {
    "korasafe": {
      "url": "http://127.0.0.1:7741/mcp",
      "headers": {
        "Authorization": "Bearer <copied-token>"
      }
    }
  }
}

The server exposes scan_file, scan_workspace, get_finding_detail, get_policy, get_rules_manifest, and dismiss_finding. Cursor and Continue can use the same endpoint, URL, and bearer token from their MCP server settings.

Configuration

Setting	Default	What it does
`korasafe.apiUrl`	`https://korasafe.ai`	KoraSafe API base URL
`korasafe.enableCloudChecks`	`false`	Layer regulation mapping on top of local rules. Needs an API key.
`korasafe.manifestUrl`	`https://korasafe.ai/rules.json`	Optional rules manifest URL. Supports `https://` and `file://` URLs.
`korasafe.mcpEnabled`	`true`	Start the local MCP server when the extension activates.
`korasafe.mcpPort`	`7741`	Preferred localhost MCP port. If busy, KoraSafe falls back to an open ephemeral port.
`korasafe.manifestRefreshHours`	`24`	Rules manifest cache TTL in hours.
`korasafe.threatIntelEnabled`	`true`	Pull and cache KoraSafe threat-intelligence patterns. Set `false` for air-gapped tenants.
`korasafe.tenantId`	`""`	Tenant identifier attached to OTLP spans when configured.
`korasafe.teamId`	`""`	Optional team identifier included in evidence exports.
`korasafe.otlpEnabled`	`false`	Enable OTLP trace export for scans and cloud calls.
`korasafe.otlpEndpoint`	`""`	OTLP HTTP traces endpoint, for example `http://localhost:4318/v1/traces`.
`korasafe.otlpHeaders`	`{}`	Additional string headers for OTLP exports.
`korasafe.scanOnSave`	`true`	Re-scan every time you save
`korasafe.scanWorkspaceLimit`	`0`	Maximum files to scan with `KoraSafe: Scan workspace`. `0` means no cap.
`korasafe.scanWorkspaceConcurrency`	`4`	Number of files analyzed concurrently during a workspace scan.
`korasafe.logLevel`	`info`	Minimum verbosity written to the KoraSafe output channel (`error`, `warn`, `info`, `debug`).
`korasafe.severityThreshold`	`low`	Minimum severity to surface in diagnostics

Viewing logs

Run KoraSafe: Show output from the command palette to open the dedicated KoraSafe output channel. Scan failures, workspace slow-file notices, and cloud request diagnostics are written there with timestamps and request metadata. Set korasafe.logLevel to debug when you need per-request cloud diagnostics.

Compatibility

Host	Install path	Local scan-on-save	MCP/cloud tool path	Status
VS Code 1.85+	Marketplace or VSIX	Yes	Yes, through KoraSafe API key/cloud checks	Supported
Cursor	Drop-in VSIX with `cursor --install-extension`	Yes	Compatible with Cursor tool UI when MCP/cloud checks are configured	Works with Cursor
Continue	Install into the VS Code-compatible host used by Continue	Yes	Compatible with Continue tool UI when MCP/cloud checks are configured	Works with Continue

Detailed install, MCP configuration, and evidence-capture steps live in docs/compatibility.md.

Evidence Bundles

Run KoraSafe: Export evidence bundle to save a zip containing manifest.json, policy.yaml, findings.json, signatures.json, and report.pdf. When an API key is configured, the extension asks /v1/evidence/sign for a tenant signature. If the cloud signer is unavailable, it generates a local Ed25519 development key in VS Code SecretStorage and marks the signature as self-issued.

Verify a bundle with the SDK:

korasafe verify ./korasafe-evidence-bundle.zip

Local vs. cloud

Everything ships working out of the box. Local checks run instantly, never send code anywhere, and catch the high-signal patterns above. The cloud mode is opt-in: set an API key and it adds regulation mapping, dependency CVE checks, and workspace-level audit runs via the KoraSafe platform.

Threat Intelligence

When korasafe.threatIntelEnabled is on, the extension checks /v1/threat-intel/latest?since=<cachedSha> at startup and at most once per hour after relevant configuration changes. Pulled patterns are cached in VS Code global storage, tagged as threat-intel, and treated as critical local findings until the next signed extension manifest release. The sidebar shows the active threat-intel version and pattern count.

OTLP Tracing

OTLP export is disabled by default. To send traces to Datadog Agent, Grafana Alloy, New Relic, Honeycomb, or another OTLP HTTP receiver, set korasafe.otlpEnabled to true and point korasafe.otlpEndpoint at the receiver's /v1/traces URL. Use korasafe.otlpHeaders for vendor API keys or tenant headers. The extension emits scan.file, scan.workspace, and cloud.audit spans with korasafe.rule, korasafe.severity, korasafe.finding_count, korasafe.file_path, and korasafe.tenant_id attributes. Export failures are written to the KoraSafe output channel and never fail a scan.

Privacy

Local rules run entirely in the extension host. No telemetry. No code leaves your machine.
Cloud mode (when explicitly enabled) sends only the file contents you ask to audit, over TLS, authenticated with your API key. API key is stored in VS Code SecretStorage, which routes to the OS keychain.
Threat-intelligence pulls send only the cached pattern version hash and never send source code.

Support

Platform docs: https://korasafe.ai
Report a bug: Contact-us@korasafe.ai
Service-level agreement: docs/sla.md (local scan p95 under 400 ms, cloud round-trip p95 under 8 s, manifest CDN 99.9% monthly)