AI-native code security review powered by Gemma 4 Thinking Mode
Project description
NeuroGuard
AI-native code security review powered by Gemma 4 Thinking Mode.
neuroguard-psi.vercel.app · github.com/tyy130/neuroguard
NeuroGuard reviews Python and JavaScript/TypeScript code for security vulnerabilities in real-time — streaming Gemma 4's full cognitive trace on the left while it produces a verified, secure rewrite on the right.
Built for the Dev.to Google Gemma 4 Challenge · Python · JavaScript · TypeScript
The Problem
65% of AI-generated applications ship to production with critical security vulnerabilities, mirroring classic OWASP Top 10 flaws. The most dangerous failure mode is the hallucinated bypass: an AI agent deletes authentication checks to resolve a compilation error — silently stripping the application of its security infrastructure.
The root cause is opacity. When a black-box model generates insecure code, you can't see why it made that decision — and neither can the model.
The Solution
Gemma 4's <|think|> token turns the model into a glass box. Every reasoning step is visible, auditable, and inspectable before the final output is accepted. NeuroGuard wires this directly into a security workflow:
- Feed it a Python file or directory
- Gemma 4 streams its full cognitive trace — you watch it find each vulnerability in real-time
- It produces a complete, secure rewrite grounded in that explicit reasoning
- Bandit independently verifies the rewrite is clean
Demo
The built-in demo file contains 5 intentional vulnerabilities:
- Hardcoded
SECRET_KEYin source - Unauthenticated admin routes (broken access control)
- SQL injection via f-string interpolation (×2)
eval()on user input (remote code execution)- Debug mode enabled in production
Before: 4 HIGH/MEDIUM Bandit findings
After: ✓ CLEAN — Gemma 4's reasoning explains every fix
Quickstart
pip install neuroguard
export GEMINI_API_KEY=your_key # free at aistudio.google.com
neuroguard review app.py
Installation
Requirements: Python 3.12+ · Free Google AI Studio API key · Node.js (optional, for JS/TS projects)
pip install neuroguard
Configure your API key (one-time):
export GEMINI_API_KEY=your_api_key_here
Or add to a .env file in your project root:
GEMINI_API_KEY=your_api_key_here
Usage
# Review a single Python file
neuroguard review app.py
# Review a JavaScript or TypeScript file
neuroguard review server.js
neuroguard review api.ts
# Review an entire directory (Python + JS/TS)
neuroguard review src/
# Save the secure rewrite
neuroguard review app.py --save app_secure.py
# JSON output (for CI/CD pipelines)
neuroguard review app.py --format json
# Use the MoE model (faster, slightly lower quality)
neuroguard review app.py --model gemma-4-26b-a4b-it
# Skip Bandit SAST verification
neuroguard review app.py --no-sast
# Add as a pre-commit hook
neuroguard install-hooks
# Version
neuroguard --version
Exit codes:
0— file is clean (no HIGH/MEDIUM findings in original)1— vulnerabilities found in original code
This makes it CI/CD friendly: your pipeline fails if a file with known vulnerabilities is committed without review.
CI/CD Integration
GitHub Actions
Copy .github/workflows/neuroguard.yml into your repository. Add GEMINI_API_KEY to your repo secrets and NeuroGuard will run on every pull request that touches Python files.
Pre-commit Hook
neuroguard install-hooks
pre-commit install
Or manually add to .pre-commit-config.yaml:
repos:
- repo: local
hooks:
- id: neuroguard
name: NeuroGuard Security Review
entry: neuroguard review
language: python
types: [python]
pass_filenames: true
require_serial: true
JSON Output
neuroguard review app.py --format json | jq '.original_findings'
Schema:
{
"file": "app.py",
"model": "gemma-4-31b-it",
"original_findings": 4,
"rewrite_findings": [],
"rewrite_valid_python": true,
"thinking": "...",
"response": "...",
"secure_code": "..."
}
Architecture
neuroguard/
├── cli.py # Typer CLI — review, install-hooks, --version
├── agent.py # Gemma 4 streaming client (google-genai SDK)
├── thinking_parser.py # Real-time <think>…</think> stream splitter
├── prompts.py # Language-aware system prompt (activates Thinking Mode via <|think|>)
├── integrations.py # Slack Block Kit, generic webhook, GitHub PR comments
├── tools/
│ ├── sast.py # Bandit subprocess wrapper → Python findings
│ └── js_sast.py # semgrep/regex SAST → JS/TS findings
└── ui.py # Rich split-pane terminal layout
How Thinking Mode Works
The system prompt begins with <|think|>, which activates Gemma 4's Thinking Mode. The Google AI Studio API delivers reasoning content as thought=True parts in the stream — separate from the final response.
ThinkingStreamParser wraps all thinking chunks in a single <think>…</think> span and routes content to the appropriate pane in real-time, handling tags that split across chunk boundaries.
Models
| Model | Type | Active Params | Notes |
|---|---|---|---|
gemma-4-31b-it |
Dense | 31B | Default — highest quality |
gemma-4-26b-a4b-it |
MoE | ~4B active / 26B total | Fallback — faster, lower cost |
Retries on 429/503 with exponential backoff and automatically falls back to the MoE model on persistent rate limits.
What NeuroGuard Catches
| Vulnerability | OWASP | Python | JS/TS |
|---|---|---|---|
| SQL Injection | A03 | ✓ | ✓ |
| Hardcoded secrets | A02 | ✓ | ✓ |
| Missing authentication | A01 | ✓ | ✓ |
eval() / code injection |
A03 | ✓ | ✓ |
| Debug mode in production | A05 | ✓ | ✓ |
| Insecure deserialization | A08 | ✓ | — |
| Weak cryptography / Math.random() | A02 | ✓ | ✓ |
| Path traversal | A01 | ✓ | ✓ |
| XSS (innerHTML / dangerouslySet) | A03 | — | ✓ |
| Command injection (exec) | A03 | — | ✓ |
| Prototype pollution | A08 | — | ✓ |
NeuroGuard is a first-pass tool. It does not replace a full penetration test or human security review. Runtime behavior, business logic flaws, and infrastructure misconfigurations are out of scope.
Why Gemma 4
Standard LLMs are black boxes for security review — you see the output but not the reasoning. Gemma 4's Thinking Mode changes this:
- Auditable: inspect the exact reasoning path before accepting any rewrite
- Trustworthy: the model can't silently delete auth checks if its reasoning is visible
- Compliance-ready: regulated industries can log and audit AI decision-making
- Open weight: Apache 2.0 license — run it air-gapped, no data leaves your infrastructure
This is the shift from vibe coding to AI-native development — treating AI output as an untrusted first draft, verified by both visible reasoning and automated SAST.
License
Apache 2.0 — same as Gemma 4 itself.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file neuroguard_ai-0.1.0.tar.gz.
File metadata
- Download URL: neuroguard_ai-0.1.0.tar.gz
- Upload date:
- Size: 400.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2852a871f4d97efd576e1f12064c4a8cee15b81fb1706392bf5ea41b9dc6047b
|
|
| MD5 |
73634081dc85a5c63d9ce51e6135b552
|
|
| BLAKE2b-256 |
b7cf87dfb2ce54b8c1e9e5968948e0ef9254dc81522f1a2d9c02d2f8e75f4051
|
File details
Details for the file neuroguard_ai-0.1.0-py3-none-any.whl.
File metadata
- Download URL: neuroguard_ai-0.1.0-py3-none-any.whl
- Upload date:
- Size: 21.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cd963c584fc359d25823382b033a037127eff5f2bc16a8b3485422751353e3b2
|
|
| MD5 |
b4ce7f2b941404456ddf78f0e8ec6328
|
|
| BLAKE2b-256 |
2e4c822a7e59d628bbb178e37be810322173c47c6e1d482f5786f04440ec13c5
|
