AI Code Safety Visor
v1.0 — Now with VS Code.
One 30 MB binary. 269+ secret rules · 58 vulnerability patterns ·
20 quality detectors · 7 MCP tools. Zero dependencies.
AILINTER scans your code before AI touches it and validates AI-generated code before you commit it.
Now with a VS Code extension — real-time quality scoring, delta tracking, and refactoring guidance
right in your editor. Works with Claude, Cursor, OpenCode, Cline, Windsurf, and any MCP-compatible agent.
Install in 30 Seconds
brew install ailinter/ailinter/ailinter
# VS Code Extension
code --install-extension ailinter.ailinter
Or search "ailinter" in VS Code Extensions panel
# Go install (latest stable)
go install github.com/ailinter/ailinter/cmd/ailinter@latest
# Scan your repo
ailinter check .
# Connect AI assistant (MCP)
ailinter mcp
No signup. No account. No telemetry required. MIT licensed.
Four Ways to Use AILINTER
From pre-flight quality checks to CI/CD gates — one binary covers the full AI development lifecycle.
Before AI Edits Your Code
AI calls analyze_code → gets quality score + smell report. If score < 80, AI refactors first. Your AI never touches dead code.
After AI Generates Code
AI calls scan_for_secrets + vuln scan before commit. Catches hardcoded AWS keys, API tokens, SQLi, pickle deserialization.
In CI/CD
Quality gate on every PR. Block merges with scores below threshold or hardcoded secrets. GitHub Actions + SARIF output included.
Team Dashboards
VS Code Delta Dashboard tracks code health over time. See which files are improving, regressing, or need attention.
Code Quality, Right in Your Editor
The AILINTER VS Code extension brings code quality scoring, secret detection, and vulnerability scanning into your editor — with inline annotations, delta tracking, and one-click refactoring guidance. No context switching. No CI wait times. Instant feedback on every save.
View full VS Code page →
Code Quality, Right in Your Editor
Gutter icons, inline CodeLens, hover guidance, Quick Fix lightbulb, delta dashboard — everything you expect from a modern linter. 24 refactoring strategies with Go code examples at your fingertips.
View VS Code Extension →On-Save Scanning
Auto-scans every file on save. Results appear instantly in Problems panel and status bar.
Inline Code Smells
Decorations highlight problem lines directly in the editor. Hover for details on each finding.
Refactoring Guidance
One-click refactoring strategies via webview panel. CodeLens + hover show actionable advice.
Quick Fix Actions
Lightbulb suggestions: suppress warnings, replace secrets with env vars, open docs panel.
CodeLens Scores
Function-level quality scores inline. Shows git merge-base delta: ▲ +6 or ▼ -3.
Delta Dashboard
Track code health over time. See which files improved, regressed, or need attention — vs main branch.
Three Scanners. One Binary. Zero Dependencies.
Everything you need to keep AI-generated code safe and maintainable — in a single 30 MB Go binary.
Code Quality
20 detectors: deep nesting, brain methods, bumpy roads, complex conditionals, duplication, low cohesion, primitive obsession, global data, and more. Every file scored 0–100 with AI-friendly refactoring guidance.
Secrets Detection
269 betterleaks rules + 150 gitleaks fallback. AWS keys, Stripe tokens, GitHub PATs, private keys, JWT, Slack tokens, and more. All secrets redacted in MCP output — never leaked to AI context.
Vulnerability Scanning
58 patterns, 6 categories: injection, XSS, deserialization, weak crypto, XXE, and workflow attacks. Covers Python, Go, JS/TS, Java, C#, PHP. Line-level reporting with fix reminders.
VS Code Extension
Real-time quality scoring, inline decorations, CodeLens annotations, hover refactoring guidance, Quick Fix actions, and a Delta Dashboard for code health tracking. On-save and on-edit scanning.
MCP Integration
7 MCP tools for AI assistants: analyze_code, scan_for_secrets, assess_file, get_refactoring, and more. Works with Claude, Cursor, Cline, OpenCode, Windsurf, Continue.dev, Copilot.
CI/CD Integration
Quality gate on every PR. GitHub Actions workflow runs ailinter on every push. Block merges with low scores or secrets. SARIF output for GitHub Advanced Security integration.
Code Quality: Before & After
See how AILINTER guides AI assistants to refactor deeply nested code into clean, maintainable functions — raising the quality score from 42 → 94.
def process_order(data): if data: if "customer" in data: customer = data["customer"] if customer.get("active"): if "items" in data: total = 0 for item in data["items"]: if item.get("price"): discount = 0 if item["price"] > 100: discount = 0.1 if item["price"] > 500: discount = 0.2 total += item["price"] * (1 - discount) return {"status": "ok", "total": total} return {"status": "error"}
def process_order(data): if not data or "customer" not in data: return {"status": "error"} if not data["customer"].get("active"): return {"status": "error"} items = data.get("items", []) total = calc_total(items) return {"status": "ok", "total": total} def calc_total(items): return sum( item["price"] * (1 - get_discount(item["price"])) for item in items if item.get("price") ) def get_discount(price): if price > 500: return 0.2 if price > 100: return 0.1 return 0
Security Scanning in Action
AILINTER catches hardcoded secrets and vulnerabilities that AI assistants often introduce. 269 secret rules + 58 vulnerability patterns across 6 categories.
# AI generated this config for you: aws_config = { "region": "us-east-1", "access_key": "AKIAIOSFODNN7EXAMPLE" ← SECRET! } # ailinter catches it instantly: [secret] aws_access_key_id (critical): line 4 → Replaced with env var by Quick Fix action # AI automatically fixes: aws_config = { "region": "us-east-1", "access_key": os.getenv("AWS_ACCESS_KEY_ID") }
# AI wrote this data loader for you: def load_config(filepath): with open(filepath) as f: data = pickle.load(f) ← CRITICAL! return data # ailinter catches the vulnerability: [vuln] pickle_deserialization (critical): line 3 → Arbitrary code execution risk [vuln] path_traversal (warning): line 2 → Unsanitized file path # AI receives refactoring guidance: → Use JSON or YAML instead of pickle → Validate filepath against allowlist
Language: python | Lines: 45 | Score: 82/100 → Go Ahead
### Code Quality (1 issue)
deep_nesting (warning): Nesting depth 4 at line 32
### Vulnerability Scan (2 findings)
pickle_deserialization (critical): line 15 — can execute arbitrary code
eval_injection (critical): line 28 — use ast.literal_eval() instead
### Secret Scan
Clean — no secrets detected
Files: 12 | Go Ahead: 9 | Care: 2 | Needs Work: 1 | Stop: 0
Vulnerabilities: Clean (0 findings)
Why AILINTER?
Third-party benchmark — 11 controlled test fixtures, 3 clean repos (106 files), all tools at default settings.
Runs Where Your AI Agent Runs
AILINTER is a native MCP server with 7 tools — AI coding assistants invoke it directly via stdio. No daemon, no API key, no cloud dependency. Everything is local, fast, and private.
{
"mcpServers": {
"ailinter": {
"command": "ailinter",
"args": ["mcp"]
}
}
}
CI Integration
Block PRs with low quality scores or hardcoded secrets. Add to your GitHub Actions workflow — SARIF output integrates with GitHub Advanced Security.
name: AILINTER Quality Gate
on: [pull_request]
jobs:
check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: go install github.com/ailinter/ailinter/cmd/ailinter@latest
- run: ailinter check . --format sarif > results.sarif
- uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
The Refactoring Loop
The core workflow that prevents AI from making bad code worse.