AI Code Reviewer Extension (Secured Setup)

🚀 Overview

This is a complete VS Code extension that uses Google Gemini AI to automatically review and fix code. It analyzes JavaScript, TypeScript, HTML, and CSS files for security vulnerabilities, bugs, and code quality issues.

✅ Security Features Implemented

1. Secure API Key Storage

• API keys stored in VS Code's secure storage (encrypted)
• Never logged or exposed in output
• Password input field for key entry

2. Path Traversal Protection

• toolListFiles(): Validates path boundaries - prevents access outside base directory
• toolWriteFile(): Blocks absolute paths and .. sequences
• Normalized path validation before any file operations

3. File Type Validation

• toolReadFile(): Checks if target is a regular file (not symlink)
• Verifies file type before reading

4. Size Limits (DoS Prevention)

• Read limit: 500KB per file
• Write limit: 5MB per content
• Max files to scan: 500 files
• Prevents resource exhaustion attacks

5. Input Validation

• Content type verification (must be string)
• File path normalization
• Directory existence checks

📦 Installation

Prerequisites

• Node.js 14+
• npm or yarn

Setup Steps

1. Install dependencies

   npm install
   

2. Build the extension

   npm run esbuild
   

🔑 Configuration

Set Your Google Gemini API Key

1. Open Command Palette (Ctrl+Shift+P)
2. Search for "AI Code Reviewer: Set API Key"
3. Enter your Google Gemini API key
4. Key is automatically encrypted and stored securely

🎯 Usage

Review Current Project

1. Open Command Palette (Ctrl+Shift+P)
2. Select "AI Code Reviewer: Review Project"
3. Choose a folder or use workspace root
4. Check Output panel for results

Review Workspace

1. Open Command Palette (Ctrl+Shift+P)
2. Select "AI Code Reviewer: Review Workspace"

🛡️ Security Checklist

• ✅ API key stored securely (VS Code secrets)
• ✅ Path traversal attacks blocked
• ✅ Symlink attacks prevented
• ✅ DoS protection (file/size limits)
• ✅ No secrets in logs
• ✅ Input validation on all paths
• ✅ Type checking on content

🔍 What It Checks

Security (CRITICAL)

• Hardcoded secrets/API keys
• XSS vulnerabilities
• SQL/Command injection
• Missing authentication
• Insecure dependencies

Bug Fixes

• Null/undefined errors
• Missing error handling
• Async/await issues
• Type mismatches
• Memory leaks

Code Quality

• Dead code
• Complex logic
• Performance issues
• Accessibility issues


Tip: Many popular extensions utilize animations. This is an excellent way to show off your extension! We recommend short, focused animations that are easy to follow.

Requirements

If you have any requirements or dependencies, add a section describing those and how to install and configure them.

Extension Settings

Include if your extension adds any VS Code settings through the contributes.configuration extension point.

For example:

This extension contributes the following settings:

• myExtension.enable: Enable/disable this extension.
• myExtension.thing: Set to blah to do something.

Known Issues

Calling out known issues can help limit users opening duplicate issues against your extension.

Release Notes

Users appreciate release notes as you update your extension.

1.0.0

Initial release of ...

1.0.1

Fixed issue #.

1.1.0

Added features X, Y, and Z.

Working with Markdown

You can author your README using Visual Studio Code. Here are some useful editor keyboard shortcuts:

• Split the editor (Cmd+\ on macOS or Ctrl+\ on Windows and Linux)
• Toggle preview (Shift+Cmd+V on macOS or Shift+Ctrl+V on Windows and Linux)
• Press Ctrl+Space (Windows, Linux, macOS) to see a list of Markdown snippets

For more information

• Visual Studio Code's Markdown Support
• Markdown Syntax Reference

Enjoy!