Redlyne is a VS Code extension that scans Python code — especially code generated by AI assistants like Copilot, ChatGPT, or Claude — for known vulnerability patterns, and proposes one-click in-editor patches you can apply with a single confirmation.
It runs entirely on your machine. No code is sent to any server.
Why Redlyne
AI coding assistants are fast, but they reliably introduce a long tail of well-known vulnerability patterns: SQL injection from string concatenation, command injection from os.system, weak crypto defaults, hard-coded secrets, unsafe deserialization, path traversal, SSRF, and more. Spotting them after the fact during code review is slow and inconsistent.
Redlyne sits in your editor and flags the same patterns the moment you select the snippet, then offers a remediated version. Think of it as a focused linter for the specific failure modes of LLM-generated code.
Features
- Static vulnerability detection on Python code selected in the editor
- Automated remediation suggestions, applied as in-place edits to the source file with your explicit confirmation
- Right-click integration in the editor context menu for any Python selection
- Notifications summarizing the vulnerabilities found and the runtime of the analysis
- Local execution — your code never leaves your machine
- Designed for the failure modes of AI-generated code, not generic linting
Installation
From the VS Code Marketplace (recommended):
- Open VS Code
- Extensions panel (
Ctrl+Shift+X)
- Search for
Redlyne
- Click Install
From the command line:
code --install-extension redlyne.redlyne-ai
From a .vsix (manual install):
- Download the latest
redlyne-x.y.z.vsix from Releases
- In VS Code, run
Extensions: Install from VSIX... from the Command Palette
- Select the downloaded file
Usage
- Open a Python file (
.py) in VS Code
- Select the block of code you want to analyze
- Right-click the selection → Redlyne: Run Analysis
- Review the notifications
- Confirm to apply the suggested patch
The same command is also available from the Command Palette (Ctrl+Shift+P → "Redlyne: Run Analysis").
Requirements
🪟 Redlyne currently runs only on Windows with WSL2 installed.
Cross-platform support for Linux and macOS is on the roadmap.
Before using the extension, make sure you have:
- Windows 10/11 with WSL2 installed
- Inside your WSL distribution:
- Python 3.8+
- jq (
sudo apt-get install jq)
- bash (default in most WSL distributions)
- VS Code 1.89 or newer
Status
Redlyne is in early access. The detection engine works and the extension is usable for daily code review, but expect some rough edges:
- Platform: Windows + WSL2 only today. Linux and macOS will be supported once we replace the WSL-coupled runtime.
- Performance: a single analysis takes ~15-20 seconds for a typical selection. We have a clear path to bring this down significantly and it's our top engineering priority.
- Rule coverage: the current rule set targets the most frequent classes of AI-generated vulnerabilities. We are continuously expanding it.
- Languages: Python only. Other languages may follow based on demand.
If something doesn't work the way you expect, please open an issue — we read everything.
Known Limitations
- Workspace or extension paths containing spaces or special characters may cause shell scripts to fail. Prefer paths without spaces.
- Detection and remediation depend on the bundled rule set; novel or obfuscated patterns may not be flagged.
- Selections that are too short (a single statement out of context) may not provide enough signal for accurate analysis.
Contributing
Contributions of all sizes are welcome — bug reports, feature ideas, rule submissions, documentation fixes, and code.
License
Redlyne uses a dual-license model:
This separation keeps the engineering side fully open source — fork it, extend it, ship it commercially with attribution — while preserving the value of the curated rule set.
For commercial licensing of the rules and datasets, partnership, or enterprise inquiries: redlyne.io
The names "Redlyne" and the Redlyne logo are trademarks. See NOTICE for details.
