SOVR — AI Responsibility Layer

SOVR Eyes in AI

10 installs

Complete sovereign verification layer for AI agents. Gate Check → Permit → Receipt full flow, Trust Score, Kill-Switch, Billing/Quota, Alerts, Silent Mode, Degradation monitoring. Compatible with VS Code, Cursor, Windsurf, Void, Antigravity, and all VS Code forks. Integrates with Claude Code, Codex

Installation

Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.

Copied to clipboard

More Info

SOVR — AI Responsibility Layer

Sovereign verification layer for AI agents. Intercept dangerous operations, enforce gate_check → permit → receipt, audit trail, trust bundles, and kill-switch — across every VS Code-compatible editor and AI programming tool.

The Problem

AI coding agents are powerful but unreliable. A single hallucinated rm -rf / or DROP TABLE can cause irreversible damage. Teams spend more time verifying AI output than they save by delegating.

The Solution

SOVR places a Responsibility Layer between AI intent and execution. Every dangerous action is intercepted, checked against your security policies, and recorded in a tamper-evident audit chain. Irreversible actions require explicit human approval.

Screenshots

Gate Check — Real-Time Interception

Gate Check

Dashboard — Full Visibility

Dashboard

MCP Config — One-Click AI Tool Integration

MCP Config

Compatible Editors

Editor	Status
VS Code	✅ Native
Cursor	✅ Compatible
Windsurf (Codeium)	✅ Compatible
Void	✅ Compatible
Antigravity	✅ Compatible
VSCodium	✅ Compatible
Positron	✅ Compatible
Theia / Gitpod / Codespaces / Coder	✅ Compatible

Compatible AI Tools (via MCP)

Tool	Integration
Claude Code / Claude Desktop	MCP Server
OpenAI Codex CLI	MCP Server
Google Gemini CLI	MCP Server
Cursor	MCP Server
OpenClaw	MCP Server
Any MCP Client	MCP Server

Compatible Shells (via CLI Hook)

Shell	Status
Bash / Zsh	✅
Fish	✅
PowerShell	✅

Features

🛡️ Terminal Interception

Monitors all terminal commands in real time. Destructive operations (rm -rf, DROP TABLE, kubectl delete, etc.) are intercepted and gate-checked before execution.

🔀 Git Push Protection

Push to protected branches (main, master, prod) triggers automatic gate check with Approve/Block dialog.

📝 Editor Diagnostics

Inline diagnostics for dangerous patterns in .sh, .sql, .ts, .py files:

Red underline: CRITICAL risk (DROP TABLE, rm -rf /)
Yellow underline: HIGH risk (DELETE FROM, deploy)

✋ Manual Gate Check

Select any text → Ctrl+Shift+G (or right-click → "SOVR Gate Check") → instant decision with risk score.

📊 Dashboard Webview

Full dashboard with gate check stats, trust score, kill-switch status, recent decisions, quota usage, and quick actions.

🔐 Trust Bundle Export

Ctrl+Shift+P → "SOVR: Export Trust Bundle" → portable governance proof as signed JSON.

🚨 Kill-Switch

Five severity levels (Normal → Degraded → Restricted → Emergency → Full Stop). Activate from the command palette when something goes wrong.

🤖 MCP Config Generator

One-click config generation for Claude Code, Codex CLI, and Gemini CLI. Ctrl+Shift+P → "SOVR: Generate MCP Config".

🐚 CLI Hook

Shell integration for Bash/Zsh/Fish/PowerShell. Intercepts dangerous commands at the shell level.

📈 Trust Score

Real-time trust score based on accuracy rate, approval rate, anomaly rate, response time, and consecutive successes.

💰 Billing & Quota

Track gate check counts, irreversible action allows, and trust bundle usage against your plan limits.

Detected Patterns

Category	Examples	Risk
Database Drop	`DROP TABLE`, `DROP DATABASE`	CRITICAL
Database Delete	`DELETE FROM`, `TRUNCATE`	HIGH-CRITICAL
Database Migrate	`db:push`, `prisma migrate`	HIGH
System Destructive	`rm -rf /`, `sudo rm`	CRITICAL
Git Force Push	`git push --force`	CRITICAL
Git Protected Push	`git push origin main`	HIGH
Deploy	`vercel deploy`, `npm publish`	HIGH
Kubernetes	`kubectl delete`, `drain`	CRITICAL
AWS/GCP	`ec2 terminate`, `s3 rm`	CRITICAL
Payment	`stripe.refund`, `transfer`	CRITICAL
Terraform	`terraform destroy`	CRITICAL
Credentials	API keys in output	CRITICAL
Permissions	`chmod 777`, `GRANT ALL`	HIGH

Pricing

Plan	Price	Gate Checks/mo	Irreversible Allows/mo	Trust Bundles/mo
Free	$0	1,000	100	0
Personal	$10/mo	5,000	500	3
Starter	$300/mo	50,000	1,000	5
Pro	$2,000/mo	500,000	20,000	50
Enterprise	$15,000+/mo	5,000,000	200,000	200

Visit sovr.inc/explore for full pricing details.

Quick Start

Install from Marketplace

Search "SOVR" in the Extensions panel or install from VS Code Marketplace.

Install from VSIX

# VS Code
code --install-extension sovr-vscode-2.1.0.vsix

# Cursor
cursor --install-extension sovr-vscode-2.1.0.vsix

# Windsurf
windsurf --install-extension sovr-vscode-2.1.0.vsix

# Any VS Code fork
<editor> --install-extension sovr-vscode-2.1.0.vsix

Configure

Ctrl+Shift+P → "SOVR: Configure API Key"
Enter your API key from sovr.inc (or leave empty for Demo mode)

Settings (settings.json):

{
  "sovr.apiKey": "sovr_sk_...",
  "sovr.baseUrl": "https://sovr.inc",
  "sovr.autoIntercept": true,
  "sovr.failClosed": true,
  "sovr.protectedBranches": ["main", "master", "prod"]
}

Keyboard Shortcuts

Shortcut	Action
`Ctrl+Shift+G` (`Cmd+Shift+G`)	Gate check selected text
`Ctrl+Shift+S` (`Cmd+Shift+S`)	Open SOVR Dashboard

Commands

Command	Description
`SOVR: Gate Check`	Run gate check on selected text
`SOVR: Open Dashboard`	Open the SOVR dashboard webview
`SOVR: Configure API Key`	Set or update your SOVR API key
`SOVR: Export Trust Bundle`	Export trust bundle as JSON
`SOVR: Toggle Kill-Switch`	Activate/deactivate kill-switch
`SOVR: Generate MCP Config`	Generate MCP config for AI tools
`SOVR: Install CLI Hook`	Install shell integration
`SOVR: Export Audit Log`	Export audit log as CSV/JSON

Fail-Closed Behavior

When sovr.failClosed is true (default):

If SOVR API is unreachable → all dangerous actions are BLOCKED
Ensures security even during network outages

When sovr.failClosed is false:

If SOVR API is unreachable → actions are ALLOWED with warning
Use only in development environments

Development

git clone https://github.com/xie38388/sovr-vscode-extension.git
cd sovr-vscode-extension
npm install
npm run build
npm run package   # Creates .vsix file

Architecture

src/
├── extension.ts                Main entry — commands, activation, editor detection
├── gate/
│   ├── api.ts                  SOVR API client (timeout/retry/fail-closed)
│   └── patterns.ts             Dangerous action pattern detection
├── audit/
│   └── auditLog.ts             Persistent audit log storage
└── providers/
    ├── terminalInterceptor.ts  Terminal command monitoring
    ├── gitInterceptor.ts       Git push protection
    ├── editorScanner.ts        Inline diagnostics
    ├── auditLogProvider.ts     Sidebar tree views
    ├── trustBundleProvider.ts  Trust bundle & policy viewer
    ├── killSwitchProvider.ts   Kill-switch status monitor
    ├── dashboardPanel.ts       Full webview dashboard
    ├── statusBarProvider.ts    Status bar integration
    ├── mcpConfigGenerator.ts   MCP config for Claude/Codex/Gemini
    ├── auditExporter.ts        CSV/JSON export
    └── onboarding.ts           Guided walkthrough
media/
├── icon.png                    Extension icon (256×256)
└── screenshots/                Marketplace screenshots

SOVR — AI Responsibility Layer

SOVR Eyes in AI

SOVR — AI Responsibility Layer

The Problem

The Solution

Screenshots

Gate Check — Real-Time Interception

Dashboard — Full Visibility

MCP Config — One-Click AI Tool Integration

Compatible Editors

Compatible AI Tools (via MCP)

Compatible Shells (via CLI Hook)

Features

🛡️ Terminal Interception

🔀 Git Push Protection

📝 Editor Diagnostics

✋ Manual Gate Check

📊 Dashboard Webview

🔐 Trust Bundle Export

🚨 Kill-Switch

🤖 MCP Config Generator

🐚 CLI Hook

📈 Trust Score

💰 Billing & Quota

Detected Patterns

Pricing

Quick Start

Install from Marketplace

Install from VSIX

Configure

Keyboard Shortcuts

Commands

Fail-Closed Behavior

Development

Architecture

License