🤖 AI Code Mind - Secure Code Review Extension
AI Code Mind एक VS Code extension है जो Google Gemini AI का उपयोग करके आपके code को automatically review करता है। यह secure और safe है क्योंकि यह केवल आपके workspace के अंदर के files को access कर सकता है।
✨ Features
1. Current File Review 📄
- आप जिस file पर काम कर रहे हैं, उसे instantly review करें
- Bugs, security issues, और code quality problems identify करें
- Real-time suggestions पाएं
2. Folder/Directory Review 📁
- पूरे folder या subfolder को एक साथ review करें
- Multiple files के लिए comprehensive analysis
- Syntax, logic, और performance issues detect करें
3. Custom Instructions ✍️
- अपनी specific requirements दें
- जैसे: "केवल security bugs पर focus करो"
- AI को customize करके अपनी जरूरत के हिसाब से use करें
4. Supported Languages 🗣️
- JavaScript (.js)
- TypeScript (.ts, .tsx)
- JSX/React (.jsx)
- HTML (.html)
- CSS (.css)
- Python (.py)
5. Security Features 🔒
- Workspace Sandboxing: केवल workspace folder के अंदर के files access कर सकता है
- No File Deletion: कोई भी file delete नहीं कर सकता, न rename न move कर सकता
- Allowed Extensions Only: केवल code files (.js, .ts, .html, .css, .py) को modify कर सकता
- Read-Only Safety: Sensitive operations पर strict checks
6. Smart Analysis 🧠
- Bug Detection: Logic errors और potential crashes
- Security Issues:
- Unsafe
eval() या exec() usage
- Hardcoded secrets (API keys, passwords)
- SQL injection vulnerabilities
- Code Quality:
- Unused variables
- Poor naming conventions
- Inefficient algorithms
- Python Specific:
- Syntax और indentation issues
- Bad exception handling
- Subprocess misuse
🚀 Installation & Setup
Step 1: Install Extension
- VS Code में जाएं → Extensions (Ctrl+Shift+X)
- "AI Code Mind" search करें
- Install पर क्लिक करें
Step 2: Get Google Gemini API Key
- Google AI Studio पर जाएं
- Create API Key पर क्लिक करें
- Generate होने वाली key को copy करें
- VS Code में Settings खोलें (Ctrl+,)
- "AI Code Mind" search करें
- Google API Key field में अपनी key paste करें
- Save करें
📖 How to Use
Method 1: VS Code Command Palette
1. Ctrl+Shift+P दबाएं
2. "AI Code Mind: Open Panel" type करें
3. Enter दबाएं
1. Left sidebar में "AI Code Mind" panel देखेंगे
2. Panel को click करके खोलें
3. Ready to use!
Step-by-Step Usage
Current File Review करने के लिए:
1. कोई भी file खोलें (जिसे review करना है)
2. AI Code Mind panel में जाएं
3. Mode को "Current file" रखें (default)
4. (Optional) Extra instructions दें (textarea में)
5. "Run review" button दबाएं
6. AI का analysis देखें
Example:
File: app.js खोला है
Mode: Current file (selected)
Instructions: "Focus on security vulnerabilities"
Click: Run review
Result: AI आपको सभी security issues बताएगा
Folder Review करने के लिए:
1. AI Code Mind panel में जाएं
2. Mode को "Folder (relative to workspace)" में बदलें
3. Folder path दें (जैसे: "src", "components", ".")
4. (Optional) Custom instructions दें
5. "Run review" button दबाएं
6. पूरे folder का analysis देखें
Example:
Workspace: /home/user/myapp/
Mode: Folder
Folder path: src/utils
Instructions: "Check for unused functions"
Click: Run review
Result: src/utils के सभी files review होंगे
🔍 What AI Analyzes
JavaScript/TypeScript
❌ Bad Code:
const userData = eval(userInput); // SECURITY RISK!
let x = getValue(); // Bad naming
let unused = 5;
✅ Fixed Code:
const userData = JSON.parse(userInput); // Safe parsing
let userData = getValue(); // Clear naming
// unused variable removed
Python
❌ Bad Code:
import subprocess
subprocess.call(user_input, shell=True) // DANGEROUS!
try:
do_something()
except: // Bare except
pass
✅ Fixed Code:
import subprocess
subprocess.call(['program', arg], shell=False) // Safe
try:
do_something()
except Exception as e: // Specific exception
logger.error(f"Error: {e}")
HTML/CSS
❌ Bad Code:
<input type="password" value="hardcoded123">
<script src="data:text/javascript,...">
✅ Fixed Code:
<input type="password" placeholder="Enter password">
<script src="secure-script.js"></script>
⚙️ Architecture
Components
extension.js (VS Code Extension)
- VS Code के साथ integrate करता है
- Webview panel provide करता है
- User input collect करता है
- Security checks करता है (workspace boundary)
- Gemini API को call करता है
safeagent.js (AI Agent)
- Google Gemini model use करता है (
gemini-1.5-flash)
- Code analysis करता है
- Security-focused instructions देता है
- Results return करता है
package.json (Dependencies)
{
"@google/generative-ai": "^0.20.0" // Gemini AI SDK
}
🔐 Security Model
कौन से operations block हैं?
- ❌ File create करना
- ❌ File delete करना
- ❌ Files rename करना
- ❌ Workspace के बाहर access करना
- ❌ Non-code files modify करना (system files, configs, etc.)
कौन से operations allowed हैं?
- ✅ Code files read करना (.js, .ts, .html, .css, .py)
- ✅ Existing code files में suggestions दिखाना
- ✅ Code analysis provide करना
🛠️ Technical Details
How It Works
1. User opens AI Code Mind panel
↓
2. User selects file/folder और instructions देता है
↓
3. extension.js validates करता है:
- API key exist करती है?
- Workspace open है?
- Target workspace में है?
↓
4. safeagent.js को call होता है
↓
5. Gemini API को request जाती है:
- Workspace root path
- Target file/folder path
- User's custom instructions
↓
6. Gemini analyzes code और suggestions देता है
↓
7. Results panel में show होते हैं
↓
8. Notifications भी दिखते हैं
API Integration
// Google Gemini API Call
const client = new GoogleGenerativeAI(apiKey);
const model = client.getGenerativeModel({
model: 'gemini-1.5-flash' // Fast, cost-effective
});
const result = await model.generateContent({
contents: [
{
role: 'user',
parts: [{ text: customPrompt }]
}
]
});
📊 Examples
Example 1: Security Bug Detection
Input File (app.js):
const apiKey = "sk-1234567890abcdef"; // Hardcoded!
const dbPassword = "admin123";
app.get('/search', (req, res) => {
const query = eval(req.query.q); // Dangerous!
res.json(query);
});
AI Review Output:
CRITICAL SECURITY ISSUES:
1. Hardcoded API Key (line 1)
- Move to environment variables
- Use: process.env.GOOGLE_API_KEY
2. Unsafe eval() (line 6)
- Use JSON.parse() instead
- eval() allows arbitrary code execution
3. Hardcoded Password (line 2)
- Use environment variables
- Use .env file with dotenv package
FIXED CODE:
const apiKey = process.env.GOOGLE_API_KEY;
const dbPassword = process.env.DB_PASSWORD;
app.get('/search', (req, res) => {
try {
const query = JSON.parse(req.query.q);
res.json(query);
} catch (err) {
res.status(400).json({ error: 'Invalid query' });
}
});
Example 2: Code Quality Issue
Input File (utils.js):
function calc(x, y) {
return x + y;
}
const unused = "hello";
let a = 5;
let b = 10;
console.log(a + b);
AI Review Output:
CODE QUALITY ISSUES:
1. Poor function naming (line 1)
- "calc" is vague
- Use: function add(x, y)
2. Unused variable (line 5)
- 'unused' is never used
- Remove it
3. Poor variable naming (lines 6-7)
- 'a' और 'b' descriptive नहीं हैं
- Use: first, second या relevant names
IMPROVED CODE:
function add(x, y) {
return x + y;
}
const firstNumber = 5;
const secondNumber = 10;
console.log(firstNumber + secondNumber);
Example 3: Folder Review
Input: src/ folder review करना है
Instructions: "Find all async/await issues"
Output:
FOLDER REVIEW RESULTS:
📄 src/api.js
- Missing error handling in async function (line 12)
- Fix: Add try-catch block
📄 src/database.js
- Race condition detected (line 24)
- Fix: Use Promise.all() or proper sequencing
📄 src/utils.js
- No issues found ✓
SUMMARY:
- Total files analyzed: 3
- Issues found: 2
- Critical: 1
- Warnings: 1
⚡ Best Practices
Tips for Better Reviews
Clear Instructions दें:
❌ "review my code"
✅ "focus on security vulnerabilities and performance"
Small chunks review करें:
❌ पूरी project एक साथ
✅ folder by folder या file by file
Context दें:
✅ "This is login module, check security"
✅ "Performance critical code, optimize loops"
Regular reviews करें:
- हर new feature के बाद
- Production deploy से पहले
- Code refactor करते समय
🐛 Troubleshooting
Problem: "Please set your Google Gemini API key"
Solution:
- Settings → AI Code Mind खोलें
- API Key field में अपनी key paste करें
- VS Code restart करें
Problem: "No active file is open"
Solution:
- कोई file खोलें
- फिर से "Run review" दबाएं
Problem: "Target is outside workspace root"
Solution:
- पहले folder को workspace में add करें
- फिर review करें
- केवल workspace के अंदर के paths use करें
Problem: API limit exceeded
Solution:
- कुछ देर wait करें (rate limiting)
- छोटे files review करें
- या यादा reviews later करें
- File Size: बड़ी files के लिए 30-60 seconds लग सकते हैं
- Folder Size: बड़े folders के लिए 2-3 minutes लग सकते हैं
- Network: Stable internet connection required
- Optimization:
- एक बार में एक file/small folder review करें
- बहुत सारे reviews एक साथ न करें
🎯 Common Use Cases
1. Security Audit
Mode: Folder
Path: src/
Instructions: "Find all security vulnerabilities, hardcoded secrets, and injection risks"
2. Code Refactoring
Mode: Folder
Path: components/
Instructions: "Suggest refactoring for readability and performance"
3. New Developer Onboarding
Mode: Folder
Path: .
Instructions: "Explain code structure and best practices used"
4. Before Production Deploy
Mode: Folder
Path: src/
Instructions: "Critical check for bugs, memory leaks, and security issues"
📝 Keyboard Shortcuts
| Shortcut |
Action |
| Ctrl+Shift+P |
Command Palette खोलें |
| Type: AI Code Mind |
Extension commands देखें |
🎓 Learning Resources
📧 Support
- Issues? File को carefully check करें
- API Key problems? Google AI Studio से नई key generate करें
- Feature requests? Settings में add कर सकते हैं
📄 License
MIT License - Free to use and modify
🚀 Future Enhancements
Coming Soon:
- [ ] Code auto-fix functionality
- [ ] Multiple file comparison
- [ ] Review history/cache
- [ ] Custom rule definitions
- [ ] Team collaboration features
- [ ] Performance metrics
✅ Checklist: पहले बार setup करने के लिए
☐ Extension install किया है?
☐ API key generate किया है?
☐ Settings में API key add किया है?
☐ VS Code restart किया है?
☐ कोई file खोला है?
☐ AI Code Mind panel को open किया है?
☐ "Run review" दबाया है?
☐ Results देख रहे हैं? ✨
Happy Coding! 🎉 Let AI help you write better, safer code!
