A VSCode extension and CLI tools that uses AI to not only help you write code but to instantly review it for security vulnerabilities as you write it, directly in your IDE. It shifts security "left" all the way to the moment of creation.
| Feature | Role in "Sentinel AI" | Value Add |
|---|---|---|
| LLM Dev Assistant | The "Assistant" Core. Provides the code completion, refactoring, and doc generation. This is the user-friendly, productive face of the extension. | Makes the tool desirable and useful for everyday coding, ensuring developers want to use it. |
| API Security Scanner | The "Security" Core. Provides the rules, checks, and scanning logic for APIs (REST/GraphQL). This is the rigorous, rule-based engine. | Provides the deep, trusted security value that makes the tool essential for engineering teams. |
| Code Helper Chat | The "Bridge". The chat interface becomes the way users interrogate and understand the security findings. It explains the "what" and "why" behind vulnerabilities. | Solves the biggest problem with traditional linters: cryptic error messages. It educates the developer. |
1. The VSCode Extension (The Client)
- Language: TypeScript
- Framework: VSCode Extension API
- Responsibilities:
- Provide the UI (chat panel, hover tips, inline warnings).
- Analyze the active text document for patterns.
- Communicate with the backend service via API calls.
2. The Backend API (The Brain)
- Language: Go (great for CLI tools; a strong choice if you want to focus on the security scanner part).
- Framework: Gin (Go).
- Responsibilities:
- Security Scanner Engine: Run static analysis rules (e.g., using regex patterns, AST parsing) to find.
- AI Integration Layer:
- Receive code snippets from the extension.
- Orchestrate AI Calls: Decide whether to call the AI for a fix, an explanation, or a completion.
- Prompt Engineering: Craft sophisticated prompts for the LLM like: "The following code has a [VULNERABILITY_NAME] vulnerability. Explain it to a developer in simple terms and provide a secure code fix in [LANGUAGE]."
- Manage API Keys: Securely handle keys for OpenRouter.
3. The AI Services
- OpenRouter API: For all natural language understanding, explanation, and code generation tasks.
Models to consider for programming tasks:
- deepseek/deepseek-chat-v3.1
- x-ai/grok-code-fast-1
- qwen/qwen3-coder
- z-ai/glm-4.5-air
4. DevOps & Packaging
- CI/CD: GitHub Actions to automatically test and release new versions of the VSCode extension.
- Packaging: The backend can be distributed as a Docker container.
- Configuration: Allow users to point the extension to their own self-hosted backend..