Catches security, secret, and authorization risks in AI-generated code before you run, commit, or deploy. It watches the files you or your coding agent (Claude Code, Cursor, Copilot, Antigravity) modify and warns you in real-time right inside the editor.
Unlike heavy enterprise scanners, this is a sharp, change-focused firewall: fast, runs entirely local, and operates completely offline.
- ⚡ Real-Time Change Watcher — Scans the active file as you type (debounced) and instantly on open or save.
- 🔒 Privacy-First & Offline — Runs 100% locally using regex/AST patterns. No code ever leaves your machine, and no API keys are required.
- 📊 Live Risk Score — Calculates a dynamic 0–100 risk score per file and displays it in the status bar (uses diminishing returns so multiple minor alerts don't outweigh a single critical severity issue).
- 📋 Interactive Risk Report — A rich side-panel webview grouping findings by severity with click-to-reveal jump-to-line navigation.
- 🤖 Agent Rules Generator — Automatically generates agent instructions (
.cursorrules,.antigravityrules,CLAUDE.md,AGENTS.md, or.github/copilot-instructions.md) derived from the active firewall rules to stop agents from writing vulnerable code in the first place. - 📦 Dependency Diff Watcher — Inspects manifests and lock files (
package.json,package-lock.json,yarn.lock,pnpm-lock.yaml) for typosquats of popular packages, known compromised versions, and suspicious lifecycle install scripts. - 💡 One-Click Quick Fixes — Every finding gets lightbulb actions: silence a false positive on a single line, mute a noisy rule for the whole file, or jump straight to the full report — no manual comment typing.
- 🙈 Inline Suppressions — Mark intentional code with ordinary comments the firewall reads back in:
risk-firewall-ignore-line,risk-firewall-ignore-next-line, orrisk-firewall-ignore-file(optionally scoped to specific rule ids). Works in any language. - 🔀 Scan Git Changes — One command scans exactly what you're about to commit — your staged changes (or working-tree changes when nothing's staged) — so AI-written diffs get a security gate before they land.
The firewall categorizes and reports vulnerabilities across several dimensions:
- AWS access key IDs (
AKIA.../ASIA...) — [Critical] - OpenAI API keys (
sk-...) — [Critical] - Anthropic API keys (
sk-ant-...) — [Critical] - Stripe secret/restricted keys (
sk_live.../rk_test...) — [Critical] - Google API keys (
AIza...) — [High] - GitHub tokens (
ghp_.../gho_...) — [Critical] - Slack tokens (
xoxb-.../xoxp-...) — [High] - Private Key blocks (
BEGIN PGP/RSA/EC PRIVATE KEY) — [Critical] - JSON Web Tokens (
eyJ...) — [Medium] - Generic assignments (
api_key = "...",password = "...") — [High] - Frontend exposure — Service role keys (
SERVICE_ROLE) in frontend directories or secrets prefixed withNEXT_PUBLIC_— [Critical/High]
- Typosquatting — Checks if added packages are single-edit-distance typos of the top 50 most-used packages (e.g.
lodaashinstead oflodash). — [Critical] - Compromised Packages — Identifies packages tied to publicized supply-chain incidents (e.g.
event-streammalicious versions,node-ipcprotestware,sabotaged colors/faker). — [High] - Lifecycle Install Scripts — Flags
preinstall,install, orpostinstallcommands inpackage.jsonthat invoke shell, network, base64 decoding, or execution scripts. — [High/Medium]
- Code Injection (
injection) — Use ofeval(),new Function(), shell commands with string interpolation (exec("...${var}")), and Pythonos.system()orshell=Truesubprocesses. — [High] - SQL Injection (
injection) — Assembled queries via interpolation or concatenation instead of parameterized queries. — [High] - Cross-Site Scripting (
xss) — Use ofdangerouslySetInnerHTML,.innerHTMLassignments, anddocument.write(). — [High/Medium]
- Weak Cryptography (
crypto) — Use of MD5 or SHA-1 for hashing, hardcoded JWT signing secrets, orMath.random()to generate security tokens. — [High/Medium] - Disabled TLS (
network) — Bypassing server certificate verification (rejectUnauthorized: false, pythonverify=False, or settingNODE_TLS_REJECT_UNAUTHORIZED=0). — [High] - Insecure Endpoints (
network) — Outbound remote requests utilizing plaintexthttp://instead ofhttps://. — [Low]
- Debug Mode — Static debug switches (
DEBUG = true) left active in production. — [Medium] - Sensitive Logs — Logging or printing secret variables (
console.log(password)). — [Medium/Low] - Session Storage (
auth) — Storing tokens/sessions inlocalStorageinstead of Secure, httpOnly cookies. — [Medium]
Open the Extensions side panel in your editor and search for:
martian7777.ai-code-risk-firewall(the unique extension ID)- Or simply search:
AI Code Risk Firewall
You can also view and install the extension directly from the public registries:
- VS Code Marketplace: https://marketplace.visualstudio.com/items?itemName=martian7777.ai-code-risk-firewall
- Open VSX Registry: https://open-vsx.org/extension/martian7777/ai-code-risk-firewall
- Clone the repository and install the development dependencies:
npm install
- Build the extension:
npm run build
- Open the repository in VS Code or Antigravity and press F5 (or go to Run and Debug -> Run Extension).
- An Extension Development Host window will open. Open the
demo/vulnerable-sample.tsfile in that window to see the real-time firewall diagnostics in action!
Access these via the Command Palette (Ctrl+Shift+P or Cmd+Shift+P):
Risk Firewall: Scan Current File— Run an immediate scan on the active editor and show report.Risk Firewall: Scan Whole Workspace— Scan all project files (ignoring excluded paths) and compile a project-wide report.Risk Firewall: Scan Git Changes (staged / uncommitted)— Scan only the files you're about to commit and report on them.Risk Firewall: Show Risk Report— View the live report panel side-by-side with your code.Risk Firewall: Generate Agent Security Rules— Create customized rules for AI coding assistants.
The firewall is built for recall, so it occasionally flags intentional code. Silence a finding with a comment — use your language's comment syntax (//, #, --, …):
const apiKey = process.env.OPENAI_KEY ?? "sk-localtestkeyonly"; // risk-firewall-ignore-line secret/openai-key
// risk-firewall-ignore-next-line
eval(trustedExpression);- Append no rule id to silence every finding at that location, or list one or more ids/categories (comma- or space-separated) to scope it:
risk-firewall-ignore-line secret, cors. - Place
risk-firewall-ignore-fileanywhere in a file to mute matching rules for the whole file. - The easiest way to add these is the lightbulb / Quick Fix menu (
Ctrl+.) on any flagged line — it writes the comment for you.
You can customize the firewall behavior via your workspace settings.json:
| Setting | Type | Default | Description |
|---|---|---|---|
aiRiskFirewall.enable |
boolean |
true |
Enables/disables the real-time scanning engine. |
aiRiskFirewall.scanOnType |
boolean |
true |
Re-scans files as you type (debounced). Set to false to scan only on save or open. |
aiRiskFirewall.minimumSeverity |
string |
"low" |
Only report findings at or above this severity. Options: low, medium, high, critical. |
aiRiskFirewall.excludeGlobs |
string[] |
["**/node_modules/**", "**/dist/**", "**/build/**", "**/.git/**", "**/out/**"] |
Glob patterns to ignore during workspace scans. |
Makes findings actionable — the firewall now helps you fix and dismiss risks, not just spot them.
- One-Click Quick Fixes — Lightbulb code actions (
Ctrl+.) on any flagged line: silence a single false positive, mute a noisy rule for the whole file, or jump to the full report. The suppression comment is written for you with the correct comment syntax and indentation. - Inline Suppressions — Honor
risk-firewall-ignore-line,risk-firewall-ignore-next-line, andrisk-firewall-ignore-filecomments (optionally scoped to specific rule ids/categories) in any language. Suppressed findings drop out of diagnostics, the status-bar score, and the report. - Scan Git Changes — New
Risk Firewall: Scan Git Changescommand scans exactly what you're about to commit (staged changes, or working-tree changes when nothing is staged) via the built-in Git API — no extra dependencies.
This is the first release of the AI Code Risk Firewall VS Code extension.
- Security & Secrets Linting Engine — 30+ regex-based static analysis rules running locally in Node.js to capture high-severity leaks and common vulnerabilities.
- Local Dependency Diff Watcher — Offline manifest analysis in
package.jsonand lock files checking for typosquats, flagged protestware/malware packages, and automatic install hooks. - Interactive Webview Risk Report — A customized panel summarizing workspace/file health with a custom 0-100 risk score and direct code navigation links.
- Agent Rules Generator — A generator targeting
.cursorrules,.antigravityrules,CLAUDE.md,AGENTS.md, and.github/copilot-instructions.mdto instruct AI models on security patterns automatically. - Debounced Live Watcher — Seamless editor integrations utilizing diagnostics markers without slowing down typing or compiler performance.
This project is licensed under the MIT License.