https://github.com/jawherkl/sentinel-ai
A VSCode extension and CLI tools that uses AI to not only help you write code but to instantly review it for security vulnerabilities as you write it, directly in your IDE. It shifts security "left" all the way to the moment of creation.
https://github.com/jawherkl/sentinel-ai
golang llm openrouter programming
Last synced: 9 months ago
JSON representation
A VSCode extension and CLI tools that uses AI to not only help you write code but to instantly review it for security vulnerabilities as you write it, directly in your IDE. It shifts security "left" all the way to the moment of creation.
- Host: GitHub
- URL: https://github.com/jawherkl/sentinel-ai
- Owner: JawherKl
- Created: 2025-09-01T11:16:15.000Z (10 months ago)
- Default Branch: main
- Last Pushed: 2025-09-01T16:08:18.000Z (10 months ago)
- Last Synced: 2025-09-01T18:13:38.814Z (10 months ago)
- Topics: golang, llm, openrouter, programming
- Language: Go
- Homepage:
- Size: 29.3 KB
- Stars: 2
- Watchers: 0
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Sentinel AI
### The AI-Powered Security Assistant for Developers.
## **Core Concept:**
A VSCode extension and CLI tools that uses AI to not only help you write code but to **instantly review it for security vulnerabilities** as you write it, directly in your IDE. It shifts security "left" all the way to the moment of creation.
---
## Architecture & How The Ideas Merge
| Feature | Role in "Sentinel AI" | Value Add |
| :--- | :--- | :--- |
| **LLM Dev Assistant** | **The "Assistant" Core.** Provides the code completion, refactoring, and doc generation. This is the user-friendly, productive face of the extension. | Makes the tool desirable and useful for everyday coding, ensuring developers *want* to use it. |
| **API Security Scanner** | **The "Security" Core.** Provides the rules, checks, and scanning logic for APIs (REST/GraphQL). This is the rigorous, rule-based engine. | Provides the deep, trusted security value that makes the tool essential for engineering teams. |
| **Code Helper Chat** | **The "Bridge".** The chat interface becomes the way users **interrogate and understand** the security findings. It explains the "what" and "why" behind vulnerabilities. | Solves the biggest problem with traditional linters: cryptic error messages. It educates the developer. |
---
## Technical Stack & Implementation Plan
**1. The VSCode Extension (The Client)**
* **Language:** TypeScript
* **Framework:** VSCode Extension API
* **Responsibilities:**
* Provide the UI (chat panel, hover tips, inline warnings).
* Analyze the active text document for patterns.
* Communicate with the backend service via API calls.
**2. The Backend API (The Brain)**
* **Language:** Go (great for CLI tools; a strong choice if you want to focus on the security scanner part).
* **Framework:** Gin (Go).
* **Responsibilities:**
* **Security Scanner Engine:** Run static analysis rules (e.g., using regex patterns, AST parsing) to find.
* **AI Integration Layer:**
* Receive code snippets from the extension.
* **Orchestrate AI Calls:** Decide whether to call the AI for a fix, an explanation, or a completion.
* **Prompt Engineering:** Craft sophisticated prompts for the LLM like: *"The following code has a [VULNERABILITY_NAME] vulnerability. Explain it to a developer in simple terms and provide a secure code fix in [LANGUAGE]."*
* **Manage API Keys:** Securely handle keys for OpenRouter.
**3. The AI Services**
* **OpenRouter API**: For all natural language understanding, explanation, and code generation tasks.
**Models to consider for programming tasks:**
* deepseek/deepseek-chat-v3.1
* x-ai/grok-code-fast-1
* qwen/qwen3-coder
* z-ai/glm-4.5-air
**4. DevOps & Packaging**
* **CI/CD:** GitHub Actions to automatically test and release new versions of the VSCode extension.
* **Packaging:** The backend can be distributed as a Docker container.
* **Configuration:** Allow users to point the extension to their own self-hosted backend..