-
Notifications
You must be signed in to change notification settings - Fork 0
AI Fixes
Caspian Security generates AI-powered security fixes that understand your code's full context -- not just the line with the issue.
When you click AI Fix on a detected issue, the extension performs three steps before calling the AI:
Using VS Code's built-in DocumentSymbolProvider, the extension finds the smallest enclosing function, method, or constructor that contains the vulnerable line. The entire function body is sent to the AI -- not just 20 surrounding lines.
This means the AI sees:
- The full function logic and control flow
- All local variables and parameters
- Return statements and error handling
- The complete context needed to produce a safe fix
The extension scans backwards within the function scope to find where each variable referenced on the vulnerable line was defined. This includes:
-
const,let,vardeclarations - Function parameters
- Destructured assignments
The AI receives these definitions so it understands the data types and sources involved.
When function scope is available, the AI receives a specialized instruction:
"You are a security expert. Fix the [ISSUE_CODE] issue on line [N] within the function scope shown above without breaking the surrounding logic."
This produces fixes that are:
- Context-aware -- respects the surrounding function logic
- Minimal -- only changes what's needed to resolve the vulnerability
- Safe -- avoids breaking existing behavior
If no DocumentSymbolProvider is available (e.g., for plain text files or unsupported languages), the extension falls back to sending the standard 20-line surrounding context (10 lines above + 10 lines below the issue).
| Provider | Model | Setup |
|---|---|---|
| Anthropic Claude |
claude-sonnet-4-20250514 (default) |
Get API key |
| OpenAI GPT-4 |
gpt-4o (default) |
Get API key |
| Google Gemini |
gemini-2.0-flash (default) |
Get API key |
You can override the default model for any provider using the caspianSecurity.aiModel setting.
- Open the Command Palette (
Ctrl+Shift+P) - Run "Caspian Security: Configure AI Fix Provider"
- Select your provider
- Enter your API key
API keys are stored in the OS keychain via VS Code's SecretStorage API. They never appear in settings files.
- Run a scan
- Open the Results Panel
- Click AI Fix on any issue
- The fix is generated and applied to your code
- Review the changes and verify
- Hover over a diagnostic squiggle
- Click Quick Fix (or
Ctrl+.) - Select "Fix with AI"
- Review every AI fix before committing. AI can produce incorrect fixes.
- Use Verify after applying a fix to confirm the issue is resolved.
- Fixes work best on code-detectable rules (pattern-matched issues) rather than informational rules.
- If a fix doesn't look right, undo with
Ctrl+Zand try again -- AI responses vary between calls.
- Confidence Scoring -- understand how issues are classified
- Configuration -- set up your preferred AI provider
Caspian Security
Run Anywhere
Features
Reference