RakshakAI Docs
Everything you need to know about RakshakAI — the open-source, AI-powered security scanner for VS Code.
Quick Start
Installation
ext install rakshakext install rakshak --from-sourcenpm install -g rakshak-cliYour First Scan
- 1. Install the extension from VS Code Marketplace
- 2. Open any Python, JS, or TS file
- 3. Run
/scan-projectin the command palette - 4. View results inline — squiggly underlines with fix suggestions
- 5. Hover over a vulnerability and click Fix
Quick Links
Commands
Slash commands are RakshakAI's primary interface. Type / in the command palette to see all available commands.
/scanScan a single file for vulnerabilities
/scan-projectFull project vulnerability scan with AI priority ranking
/batchScan entire directory with progress bar
/watchReal-time file watching with auto-scan on change
/diffGit diff scanning — only check changed lines
/precommitManage git pre-commit hook
/modelSwitch AI model at runtime (65+ models)
/modelsList all available models
/parallelRun multiple models on the same prompt
/agentRun autonomous ReAct agent on a task
/swarmMulti-agent swarm — parallel subagents
/explainGet AI explanation of source code
/fixGenerate security fix from description
/batchBatch scan entire project directory
/helpList all available commands
/exitExit RakshakAI CLI
Configuration
RakshakAI is configured via VS Code settings (Cmd+, → search "rakshak").
| Setting | Type | Default | Description |
|---|---|---|---|
| rakshak.scanOnSave | boolean | true | Automatically scan files on save |
| rakshak.aiProvider | string | ollama | AI provider: ollama, openai, anthropic, openrouter, gemini, deepseek, mistral, groq, together, fireworks, nebius, deepinfra, aiml |
| rakshak.model | string | llama3 | Model name for the AI provider |
| rakshak.debounceMs | number | 1000 | Debounce delay in milliseconds |
| rakshak.severityThreshold | enum | medium | Minimum severity: low, medium, high, critical |
| rakshak.maxWorkers | number | 4 | Parallel scan worker count |
| rakshak.excludePatterns | string[] | [] | Glob patterns to exclude from scanning |
Architecture
RakshakAI uses a hybrid approach combining pattern matching with AI-powered analysis for maximum accuracy.
Pattern Engine
Fast regex-based scanning for known vulnerability patterns. Covers 20+ languages with 500+ files/second throughput. 439 CWE definitions cached locally.
AI Analyzer
Optional LLM-powered analysis with 65+ models across 9+ providers. Includes tiered model routing: free regex → cheap LLM → expensive LLM.
Multi-Agent Orchestrator
OrchestratorAgent decomposes tasks into parallel subagents via ThreadPoolExecutor. Up to 5 agents running concurrently with result synthesis.
Token Optimizer
CWE relevance pre-filter sends 5-8 IDs instead of 439. Regex pre-filter bypass skips LLM for 70% of scans (0 tokens). Batched scanning: 10 files per LLM call.
Real-time Watcher
File system watcher with intelligent debouncing. Triggers scans on save with configurable delay (default 1s).
Diagnostic Provider
VS Code API integration that surfaces findings as inline squiggles, hover tooltips, and lightbulb quick-fixes.
API Reference
RakshakAI runs a local API server on port 3000 that the VS Code extension communicates with.
/api/scanScan a file or directory for vulnerabilities
/api/statusGet scanner status and stats
/api/fixApply an AI-suggested fix
/api/loginAuthenticate with the cloud backend
/api/registerCreate a new account
FAQ
Is RakshakAI free?
Yes. RakshakAI is fully open source under MIT License. You can use it for free, including the Ollama integration for local AI.
Does it work with any AI model?
Yes. RakshakAI supports 65+ models across 9+ providers including OpenRouter, Google Gemini, DeepSeek, Mistral, xAI Grok, Perplexity, DeepInfra, AI/ML API, Ollama, OpenAI, Anthropic, Groq, Together, Fireworks, and NVIDIA NIM.
How is RakshakAI different from Semgrep or Snyk?
RakshakAI combines traditional pattern matching with AI-powered analysis. This gives you ~20% false positive rate vs 60-80% for traditional SAST tools, while remaining free and open source.
Can I use it without sending code to the cloud?
Yes. With the Ollama provider, everything runs locally on your machine. No code ever leaves your environment.
What languages are supported?
RakshakAI supports 20+ languages: Python, JavaScript, TypeScript, Java, Go, Rust, C, C++, PHP, Ruby, C#, Swift, Kotlin, Solidity, Scala, Perl, Elixir, Erlang, Haskell, R — each with CWE-mapped vulnerability patterns.
How do I get an auth token?
Register at /login or use the CLI: rakshak register. Tokens are free and only needed for cloud AI providers.