Verdict surfaces security findings directly in Cursor, VS Code, and other VS Code-compatible editors, explains them in plain English, and can apply AI-assisted remediations without forcing you to leave the editor.
What Verdict Does
Scans your workspace for high-signal security issues while you work
Adds inline diagnostics and hover explanations for flagged code
Keeps short human-readable explanations separate from the actual fix pipeline
Lets you apply Implement Fix with Verdict from the hover or Quick Fix menu
Fix Flow
JavaScript and TypeScript use the strongest fix path because Verdict can anchor edits to enclosing symbols such as functions, methods, and object members.
Other languages use a validated fallback flow. Verdict offers the model a small set of candidate repair scopes and only applies a fix if the chosen scope still matches the file exactly.
Generated fixes should still be reviewed before commit.
Installation
Install Verdict from a VS Code-compatible marketplace, then open a project.
On first activation, Verdict prepares its local analysis runtime automatically in the background.
How To Use It
Open a project in Cursor, VS Code, or another VS Code API-compatible editor.
Edit or save files to trigger Verdict scans.
Hover a finding to read the explanation.
Click Implement Fix with Verdict to apply a generated remediation.
Notes
Verdict focuses on high-signal findings first.
First-run runtime preparation may take a short moment depending on the machine.
Privacy & Trust
Verdict scans locally, and AI-backed explanations and fixes can send code context to the Verdict service.
What Runs Locally
launches the Verdict extension runtime
scans the workspace and creates diagnostics
renders hover content, quick fixes, and startup state notifications
prepares the local analysis runtime used for scanning
What Data Can Leave The Machine
Verdict may send code context to the Verdict service for:
explanation requests, including finding metadata, the flagged snippet, surrounding code, related findings, and file contents used for context
fix generation requests, including candidate repair scopes, surrounding code, related findings, and file contents used to generate scoped remediations
Authentication And Access Control
For production use, the backend should require a Verdict API key on every AI request.
For limited beta testing, the backend may run without auth, but that is a deliberate tradeoff and should be rate-limited and monitored.
Verdict does not embed reusable OpenAI provider credentials in the extension package.
Feedback
Questions, bug reports, or beta feedback: spacious.app@gmail.com
