codesight 0.3.0

Code analysis and security review CLI for LLMs

CodeSight

Code analysis CLI — reviews, bugs, docs, and refactoring from your terminal.

CodeSight sends your code to LLMs (OpenAI, Anthropic, Google Vertex AI, Ollama, or any OpenAI-compatible endpoint) with structured prompts for code review, bug detection, security analysis, documentation, and refactoring. Multi-provider, configurable, works with any language.

---

What it does

• codesight review — code review with severity-tagged issues (crit/warn/info)
• codesight bugs — find logic errors, race conditions, resource leaks
• codesight security — security audit with CWE IDs and OWASP mapping
• codesight scan . — scan an entire directory with progress bar
• codesight docs — auto-generate docstrings and module docs
• codesight explain — plain-language breakdown of complex code
• codesight refactor — refactoring suggestions with before/after diffs

Demo

Quick Start

# Install
pip install codesight

# Configure your provider
codesight config

# Run a review
codesight review src/main.py

# Detect bugs
codesight bugs lib/parser.py

# Scan a whole project
codesight scan . --task review
codesight scan src/ --ext .py .js

# Generate docs
codesight docs utils/helpers.py

Provider Support

Provider	Models	Setup
OpenAI	GPT-5.4, GPT-5.3-Codex	OPENAI_API_KEY
Anthropic	Claude Opus 4.6, Claude Sonnet 4.6	ANTHROPIC_API_KEY
Google Vertex AI	Gemini 3.1 Pro, Gemini 3.1 Flash	GOOGLE_CLOUD_PROJECT + ADC
Ollama (local)	Llama 3, CodeLlama, Mistral, etc.	Just run ollama serve
Custom (OpenAI-compatible)	OpenRouter, Groq, Together AI, Mistral, xAI (Grok), Fireworks, DeepSeek, Perplexity, Cerebras, Cohere, Azure AI Foundry, or any OpenAI-compatible URL	codesight config -> Custom, or base_url + API key in ~/.codesight/config.json

Configuration

CodeSight stores config in ~/.codesight/config.json. You can configure it interactively:

codesight config

Or set environment variables:

export OPENAI_API_KEY="sk-..."
export CODESIGHT_MODEL="gpt-5.4"
codesight review my_file.py

Switch providers on the fly:

codesight review my_file.py --provider anthropic
codesight bugs my_file.py --provider google
codesight explain my_file.py --provider openai
codesight review my_file.py --provider ollama      # fully offline, no data leaves your machine
codesight review my_file.py --provider openrouter  # any OpenAI-compatible endpoint you saved in config

Custom OpenAI-compatible providers (OpenRouter, Groq, Together, Mistral, xAI, Fireworks, DeepSeek, Perplexity, Cerebras, Cohere, Azure AI Foundry) are set up through the wizard:

codesight config
# Select: Custom (OpenRouter / Groq / Together / any OpenAI-compat)
# Pick a preset or enter a custom base URL, save under a label (e.g. "openrouter")
codesight review my_file.py --provider openrouter

Architecture

codesight/
├── cli.py              # CLI entry point (argparse)
├── analyzer.py         # Core analysis engine
├── config.py           # Config management (~/.codesight/)
├── compression.py      # Context compression / code maps
├── streaming.py        # Streaming output (OpenAI, Anthropic, Ollama)
├── templates.py        # Custom prompt templates
├── pipeline.py         # Multi-model triage → verify pipeline
├── sarif.py            # SARIF output for CI/CD
├── benchmark.py        # LLM benchmark runner
├── cost.py             # Token cost tracking
└── providers/
    ├── base.py
    ├── factory.py
    ├── openai_provider.py
    ├── anthropic_provider.py
    ├── google_provider.py
    ├── ollama_provider.py
    └── custom_provider.py    # OpenAI-compatible adapter (OpenRouter, Groq, Azure, etc.)

Development

git clone https://github.com/AvixoSec/codesight.git
cd codesight
pip install -e ".[dev]"
pytest tests/ -v
ruff check codesight/

Roadmap

• codesight scan . — analyze a whole directory
• Ollama support — fully offline analysis with local models
• codesight security — dedicated security audit with CWE IDs and OWASP mapping
• codesight diff — review only git-changed files
• SARIF output — standard format for GitHub Security tab
• Exit codes for CI/CD (0 = clean, 1 = warnings, 2 = critical)
• GitHub Action — auto-scan PRs with SARIF upload
• Multi-model pipeline — fast triage + deep verification
• Cost tracking per query
• codesight benchmark — test LLMs on vulnerable codebases
• Context compression — code maps to reduce token usage
• Streaming output for large files
• Custom prompt templates
• OpenAI-compatible providers (OpenRouter, Groq, Azure, 10+ presets)
• Publish to PyPI
• VS Code extension (scaffold)
• VS Code Marketplace publish
• Web dashboard
• Pre-commit hook integration
• .codesight.yml per-project config

License

MIT — see LICENSE.