🛡️ APIGuard

APIGuard is a hardcore, zero-trust, aggressive cybersecurity VS Code extension that absolutely roasts you if you try to commit hardcoded API keys, secrets, or .env files into version control.

What is APIGuard?

Many developers ("vibe coders") accidentally commit sensitive information like MongoDB URIs, AWS keys, or OpenAI tokens because they are focused on building fast. APIGuard acts as your aggressive, toxic co-pilot that stands between you and a $50,000 crypto-mining bill.

It scans your files in real-time and injects a Zero Trust Git Pre-Commit Hook directly into your workspace.

Why APIGuard?

While others just give you warnings, we physically block your commits and roast you for writing bad code. No bypasses in Toxic mode.

Features

• Zero Trust, Zero Bypass: There is no // ignore comment. If you have a secret exposed, APIGuard WILL block your commit.
• Smart Filtering: Bypasses the "Fake Extension" trick. It scans .lock and .svg files while safely ignoring true binary formats (images, videos, etc).
• Real-Time Editor Warnings: Squiggly lines and massive popup alerts if you write secrets in your code.
• .env Protection: Accidentally created .env.local without adding it to .gitignore? APIGuard will scream at you before you even try to commit.
• Auto-Extraction: One-click Quick Fixes to automatically extract your hardcoded secrets into a .env file.
• Adjustable Roast Levels: Choose between Chill, Aggressive, and Toxic modes.

How it works (The Roast)

When you inevitably mess up and type an API key, APIGuard doesn't just warn you—it roasts you.

------- APIGuard ALERT -------

Found exposed secrets in test.js:
• MongoDB URI
• OpenAI Key

Fix them immediately or move them to .env!

And if you try to force a commit via terminal:

Commit blocked by APIGuard!
[APIGuard] Bro, are you really trying to commit an env file? 
Put that in .gitignore before you fund a hacker's vacation.

Fix the issues immediately. Zero bypass allowed.

Supported Secrets Detected

• MongoDB URIs
• OpenAI Keys
• AWS Access Keys
• Stripe Secrets
• GitHub Tokens
• Firebase / Google API Keys
• Slack / Discord Bot Tokens
• Cloudinary URLs
• SendGrid Keys
• Generic High-Entropy Passwords & JWTs

How to use

1. Install the extension.
2. Open any workspace. APIGuard instantly injects its Git hook into .git/hooks/pre-commit.
3. Start coding. If you expose a secret, APIGuard will let you know.