AgentSec for VS Code
Real-time security diagnostics in your editor, powered by the
AgentSec scanner.
What it does
- Runs the scanner's fast LSP path on every edit (debounced)
- Publishes findings as squigglies: secrets, vulnerability patterns, prompt-injection surfaces
- No AI calls, no dependency audits — those stay in the CLI
Install
- Install the AgentSec CLI (required):
npm install -g @agentsec/cli
Or add it to a project:
npm install --save-dev @agentsec/cli
- Install this extension from the VSIX or the marketplace.
- Open any supported language file — diagnostics appear automatically.
Supported languages
TypeScript, JavaScript (incl. JSX/TSX), Python, Go, Ruby, Java, PHP.
Settings
| Setting |
Default |
Description |
agentsec.path |
"" (auto) |
Path to the agent binary. Auto-detects node_modules/.bin/agent then PATH. |
agentsec.debounceMs |
300 |
Delay before re-scanning on keystroke. |
agentsec.disablePromptInjection |
false |
Skip the prompt-injection scanner for faster diagnostics. |
Commands
- AgentSec: Restart Server — reconnect the LSP after changing settings.
- AgentSec: Scan Workspace — run the full advanced scan in a terminal.
Build locally
cd vscode-extension
npm install
npm run build
# Package:
npx @vscode/vsce package
License
MIT
| |
