Skip to content
CODE
MORE
VERIFY · SCAN · TRUST
v0.2.1 · 58 rules · 8 adapters · MIT

The static analyzer
your AI agent reads.

CodeMore catches the bugs that ship in vibe-coded apps — SQL injection, leaked secrets, broken Supabase RLS, LLM-output-to-eval — and emits a JSON report your coding agent can act on. Same brain across CLI · MCP · VS Code · GitHub Action.

scroll to enter
findings feed · 58 rules · scroll to advance

Every finding is agent-actionable. Five sample classes from the 2026-06-12 audit.

Across 10 real codebases we caught 7 production secrets behind .gitignore, 10 Supabase RLS holes in a single Lovable export, and real shell + SQL injection in deployed apps. ~85% TP rate.

Critical / Security
SQL Injection
String-concat user input into db.query. core-security-sql-injection-concat
View Rule →
BLOCKERcvss 9.8 / 10
Use parameterised queries — every driver supports ? / $1 / %s placeholders.
// ❌ flagged at line 42 const q = `SELECT * FROM users WHERE id = '${id}'`; db.query(q);
Critical / Secrets
Hardcoded Provider Key
Real provider token shape (OpenAI / AWS / Stripe / Google). core-security-hardcoded-secret-pattern
View Rule →
BLOCKERcvss 9.5 / 10
Move to env vars or a Key Vault. Audit caught 7 real keys across 5 codebases.
// ❌ caught even when .gitignored const KEY = "sk-proj-abcdefghij…";
Critical / Supabase
RLS Permissive Policy
CREATE POLICY ... USING (true). vibe-supabase-rls-permissive
View Rule →
BLOCKERcvss 9.3 / 10
Anyone-can-read-anything is the #1 Lovable bug. Add WHERE owner = auth.uid().
-- ❌ in EchoVault — 10 of these found CREATE POLICY "Users viewable" ON users FOR SELECT USING (true);
Critical / LLM
LLM Output → Sink
Agent response flows into eval / exec / SQL template. vibe-llm-output-to-sink
View Rule →
BLOCKERcvss 9.6 / 10
Schema-validate every model response before consuming it. OWASP LLM02.
// ❌ taint propagates one level const code = completion.choices[0].message.content; eval(code);
High / Crypto
Weak Hash
MD5 / SHA-1 in auth context. core-security-weak-hash
View Rule →
MAJORcvss 7.8 / 10
bcrypt / argon2id / scrypt — per-row salt, configurable work factor.
// ❌ password near MD5 → BLOCKER const hash = crypto .createHash('md5') .update(password) .digest('hex');
01 · 05
threat taxonomy · 58 rules · 7 classes · scroll

Every rule maps to a known threat class.

Class 01 · 8 rules
Injection

SQL-concat, shell-injection, eval, command-injection. Two-pass detectors confirm user-input reach.

core-security-sql-injection-concatcore-security-shell-injectioncore-security-eval
OWASP A03:2021 · caught SQL-concat in 4 / 10 audited apps
interactive linter

Drop a vulnerable snippet — watch the agentic fix loop close.

Interactive AST Code Parser

Client-Side Scanner

Paste your own code files below or pick one of our reference security patterns. Observe how the abstract structures are dissected instantly.

Vulnerabilities:
interactive_terminal_sandbox.ts
JS / TS ENGINE
123456789101112
Total compiled payload lines: 12

Diagnostic report: 0 issues detected

Source state is completely secure!

Our dynamic parser scanned your variables, expressions, and parameters. No loose innerHTML interfaces or plain secrets discovered.

AST Semantic AST

Node Inspector
STANDBY
Awaiting Scan trigger
Click any dynamic AST Node above to inspect properties
parity proof · 3 surfaces · 1 schema

Same scan. Same report. Same byte.

CLI, MCP server, VS Code extension — all three call the same registry, emit the same codemore-report.json v1.0.0, and produce the same fingerprint. Agents never have to learn a second shape.

CLI$ codemore scan .
MCP serverscan_project()
VS CodeOpen Code Quality Dashboard
fingerprintsha256:7f95f2c62e0d3ecea6f23a4d8c1b2e7f0a9d6c3b5e8f1a4d7c0b3e6f9a2d5c8b1 matches all 3
agentic fixer · planner → generator → validator

Each finding closes a loop. Up to 3 retries, byte-validated.

api/users/[id]/route.ts
const q = `SELECT * FROM users WHERE id = '${id}'`;
db.query(q);
core-security-sql-injection-concat · BLOCKER

Two-pass detector: AST candidate (db.query + concat) → confirm pass (user input reachable). Confidence 0.92.

CODEMORE / MANIFESTO
v0.2.1 · 2026-06-12
MIT-LICENSED · OPT-IN TELEMETRY
Act I — the bugs the agent wrote

91.5% of vibe-coded apps ship with at least one vulnerability.

The agent that wrote your last feature also wrote a SQL-concat, a permissive Supabase RLS policy, and an OpenAI key in .env.local that .gitignore made invisible to your SAST. The bugs aren't subtle. They are the same ones Veracode flagged on 45% of AI-generated code, and the same ones Symbiotic counted on 98% of 1,072 scanned vibe-coded sites.

Act II — the inversion

Existing scanners report to dashboards.
CodeMore reports to your agent.

The agent that wrote the code can also fix the code — if it can read the report. CodeMore is the structured-feedback bus between the scanner and the coding agent: one schema, one fingerprint, the same bytes from the CLI, the MCP server, the VS Code extension, and the GitHub Action.

Act III — the 2026-06-12 audit

Across 10 real codebases — ~85% of BLOCKER findings were true positives.

We surfaced real OpenAI keys hidden behind .gitignore, ten Supabase RLS holes in a single Lovable export, real shell + SQL injection in production-deployed apps. Read what we deliberately don't catch — context-dependent classes (weak password policy, audit-log completeness, business logic) live elsewhere.

Read the docs

Safety figures — the production audit.

Catalog
58
native rules across 7 packs, 100% TP / 100% FP on the corpus.
Adapters
8
Ruff · Biome · golangci-lint · clippy · bandit · gitleaks · npm-audit · pip-audit.
TP rate
~85%
on BLOCKER findings across 10 real codebases. DeepSource bar passed.
Surfaces
4
CLI · MCP · VS Code · GitHub Action — byte-identical reports.
install · 30 seconds
$ npx codemore@latest scan .
CLI MCP VS Code