GuardScan is a privacy-first CLI tool that uses AI to automatically review your code for:
- Code quality issues
- Potential bugs
- Security vulnerabilities
- Performance problems
- Best practice violations
- Privacy-First: Never uploads source code, only anonymized metadata
- Multi-Provider: Supports OpenAI, Claude, Gemini, Ollama, and more
- Offline-Capable: Works without internet using local AI models
- Universal: Works with any git-based repository
- Free Security Scans: Built-in SAST-like security scanning
npm install -g guardscangit clone https://github.com/ntanwir10/GuardScan.git
cd GuardScan/cli
npm install
npm run build
npm linkcd your-project
guardscan initThis generates a unique client_id stored locally in ~/.guardscan/config.yml.
guardscan configChoose your AI provider and enter API key:
- OpenAI (GPT-4): Get key from platform.openai.com
- Claude: Get key from console.anthropic.com
- Gemini: Get key from makersuite.google.com
- Ollama (Local): Install from ollama.ai
guardscan runThis will:
- Count lines of code
- Validate credits (if online)
- Analyze your codebase with AI
- Generate a detailed report
guardscan statusView your configuration, repository info, and remaining credits.
- Install Ollama: https://ollama.ai
- Pull a model:
ollama pull codellama- Configure GuardScan:
guardscan config
# Select "ollama" as provider
# Default endpoint: http://localhost:11434- Run offline:
guardscan run --no-cloud- Install LM Studio: https://lmstudio.ai
- Start server (default port 1234)
- Configure:
guardscan config
# Select "lmstudio" as provider
# Default endpoint: http://localhost:1234Run a free security scan:
guardscan securityFor verbose debug output, use the --debug flag:
guardscan security --debugThis performs SAST-like scanning for:
- Hardcoded secrets
- SQL injection vulnerabilities
- XSS vulnerabilities
- Insecure cryptography
- Code injection risks
- And more...
Target specific files or patterns:
# Review specific files
guardscan run -f src/main.ts src/utils/*.ts
# Security scan on specific directory
guardscan security -f src/auth/**/*.jsReports are saved as Markdown files with:
- Repository information
- Branch name
- AI provider used
- Processing time
- Total lines analyzed
- Code vs. comment vs. blank lines
- File count
Categorized by severity:
- 🔴 Critical: Urgent security or functional issues
- 🟠 High: Important issues affecting security or reliability
- 🟡 Medium: Quality or maintainability concerns
- 🔵 Low: Minor improvements or style issues
Actionable suggestions for improving your codebase.
# Review changes in current branch
git checkout feature/my-feature
guardscan run
# Review and generate HTML report
guardscan run > review.md
# Open review.md in browser# Add to .git/hooks/pre-commit
#!/bin/bash
guardscan security --no-cloud
if [ $? -ne 0 ]; then
echo "Security issues found! Review before committing."
exit 1
fi# GitHub Actions example
- name: Run GuardScan
run: |
npm install -g guardscan
guardscan init
guardscan config --provider openai --key ${{ secrets.OPENAI_API_KEY }}
guardscan run --no-cloudGuardScan commands support various flags to customize behavior. Flags use kebab-case in the CLI (e.g., --with-ai, --no-body) and are automatically converted to camelCase in the code.
- File Selection:
-f, --files <patterns...>- Specify files or patterns to analyze - Debug Mode:
--debug- Enable verbose debug logging (available forsecuritycommand) - Output:
-o, --output <path>- Specify output file path - Negated Flags: Flags like
--no-bodyor--no-clouddisable features
# Security scan with debug output
guardscan security --debug
# Scan specific files
guardscan security -f src/**/*.ts
# Generate commit message without body
guardscan commit --no-body
# Run with AI enhancement disabled
guardscan run --no-with-ai- CLI flags use kebab-case:
--with-ai,--test-command,--embedding-provider - Code properties use camelCase:
withAi,testCommand,embeddingProvider - Negated flags (
--no-*) are converted to boolean properties:--no-body→body: false
If you encounter errors like "Cannot find module 'typescript'", this means a required runtime dependency is missing.
Solution:
# Install missing dependency
npm install typescript
# Or reinstall GuardScan globally
npm install -g guardscanCommon Issues:
- "TypeScript is required but not installed": Run
npm install typescriptor reinstall GuardScan - "Cannot find module 'typescript'": Ensure TypeScript is in your
package.jsondependencies - Docker/Alpine errors: See Docker Guide for Alpine-specific setup
Enable verbose logging to troubleshoot issues:
# Using environment variable
GUARDSCAN_DEBUG=true guardscan <command>
# Or using --debug flag (for security command)
guardscan security --debugEdit ~/.guardscan/config.yml:
clientId: your-uuid
provider: openai
apiKey: sk-...
telemetryEnabled: true
offlineMode: false
createdAt: '2024-01-15T10:00:00Z'
lastUsed: '2024-01-15T15:30:00Z'Only anonymized metadata:
- Hashed repository ID
- Lines of code count
- AI provider used
- Processing duration
- Action type (review/security)
- Source code
- File names
- Variable names
- Comments
- Any PII
guardscan config
# Select "No" for telemetryOr edit config:
telemetryEnabled: falseRun guardscan init first.
Run guardscan config and set up your provider.
Either:
- Purchase more credits online
- Use
--no-cloudflag - Switch to local AI provider (Ollama)
- Check your API key
- Verify internet connection
- Test provider endpoint
Most providers have rate limits. Wait a minute and try again, or upgrade your provider account.
export API_BASE_URL=https://your-custom-api.com
guardscan runYou can maintain different configs by using environment variables:
export AI_REVIEW_CONFIG_DIR=~/.guardscan-work
guardscan init#!/bin/bash
for repo in ~/projects/*; do
cd $repo
guardscan run -f "src/**/*.ts"
done- Documentation: https://guardscancli.com/docs
- Issues: https://github.com/ntanwir10/GuardScan/issues
- Read the API Documentation
- Check Contributing Guide