Documentation

RakshakAI Docs

Everything you need to know about RakshakAI — the open-source, AI-powered security scanner for VS Code.

16+
Slash Commands
20+
Languages
65+
AI Models
1

Quick Start

Installation

VS Code Extension
VS Code Marketplaceext install rakshak
VSX (Open VSX)ext install rakshak --from-source
CLI (npm)npm install -g rakshak-cli

Your First Scan

  1. 1. Install the extension from VS Code Marketplace
  2. 2. Open any Python, JS, or TS file
  3. 3. Run /scan-project in the command palette
  4. 4. View results inline — squiggly underlines with fix suggestions
  5. 5. Hover over a vulnerability and click Fix
2

Commands

Slash commands are RakshakAI's primary interface. Type / in the command palette to see all available commands.

/scan

Scan a single file for vulnerabilities

/scan <file>
/scan-project

Full project vulnerability scan with AI priority ranking

/scan-project [directory]
/batch

Scan entire directory with progress bar

/batch <dir>
/watch

Real-time file watching with auto-scan on change

/watch [dir]
/diff

Git diff scanning — only check changed lines

/diff [commit-hash]
/precommit

Manage git pre-commit hook

/precommit [install|uninstall|status]
/model

Switch AI model at runtime (65+ models)

/model <name>
/models

List all available models

/models
/parallel

Run multiple models on the same prompt

/parallel [model names]
/agent

Run autonomous ReAct agent on a task

/agent <task>
/swarm

Multi-agent swarm — parallel subagents

/swarm <task>
/explain

Get AI explanation of source code

/explain <file>
/fix

Generate security fix from description

/fix <description>
/batch

Batch scan entire project directory

/batch <dir>
/help

List all available commands

/help [command]
/exit

Exit RakshakAI CLI

/exit
3

Configuration

RakshakAI is configured via VS Code settings (Cmd+, → search "rakshak").

SettingTypeDefaultDescription
rakshak.scanOnSavebooleantrueAutomatically scan files on save
rakshak.aiProviderstringollamaAI provider: ollama, openai, anthropic, openrouter, gemini, deepseek, mistral, groq, together, fireworks, nebius, deepinfra, aiml
rakshak.modelstringllama3Model name for the AI provider
rakshak.debounceMsnumber1000Debounce delay in milliseconds
rakshak.severityThresholdenummediumMinimum severity: low, medium, high, critical
rakshak.maxWorkersnumber4Parallel scan worker count
rakshak.excludePatternsstring[][]Glob patterns to exclude from scanning
4

Architecture

RakshakAI uses a hybrid approach combining pattern matching with AI-powered analysis for maximum accuracy.

Pattern Engine

Fast regex-based scanning for known vulnerability patterns. Covers 20+ languages with 500+ files/second throughput. 439 CWE definitions cached locally.

AI Analyzer

Optional LLM-powered analysis with 65+ models across 9+ providers. Includes tiered model routing: free regex → cheap LLM → expensive LLM.

Multi-Agent Orchestrator

OrchestratorAgent decomposes tasks into parallel subagents via ThreadPoolExecutor. Up to 5 agents running concurrently with result synthesis.

Token Optimizer

CWE relevance pre-filter sends 5-8 IDs instead of 439. Regex pre-filter bypass skips LLM for 70% of scans (0 tokens). Batched scanning: 10 files per LLM call.

Real-time Watcher

File system watcher with intelligent debouncing. Triggers scans on save with configurable delay (default 1s).

Diagnostic Provider

VS Code API integration that surfaces findings as inline squiggles, hover tooltips, and lightbulb quick-fixes.

5

API Reference

RakshakAI runs a local API server on port 3000 that the VS Code extension communicates with.

POST
/api/scan

Scan a file or directory for vulnerabilities

GET
/api/status

Get scanner status and stats

POST
/api/fix

Apply an AI-suggested fix

POST
/api/login

Authenticate with the cloud backend

POST
/api/register

Create a new account

6

FAQ

Is RakshakAI free?

Yes. RakshakAI is fully open source under MIT License. You can use it for free, including the Ollama integration for local AI.

Does it work with any AI model?

Yes. RakshakAI supports 65+ models across 9+ providers including OpenRouter, Google Gemini, DeepSeek, Mistral, xAI Grok, Perplexity, DeepInfra, AI/ML API, Ollama, OpenAI, Anthropic, Groq, Together, Fireworks, and NVIDIA NIM.

How is RakshakAI different from Semgrep or Snyk?

RakshakAI combines traditional pattern matching with AI-powered analysis. This gives you ~20% false positive rate vs 60-80% for traditional SAST tools, while remaining free and open source.

Can I use it without sending code to the cloud?

Yes. With the Ollama provider, everything runs locally on your machine. No code ever leaves your environment.

What languages are supported?

RakshakAI supports 20+ languages: Python, JavaScript, TypeScript, Java, Go, Rust, C, C++, PHP, Ruby, C#, Swift, Kotlin, Solidity, Scala, Perl, Elixir, Erlang, Haskell, R — each with CWE-mapped vulnerability patterns.

How do I get an auth token?

Register at /login or use the CLI: rakshak register. Tokens are free and only needed for cloud AI providers.

RakshakAI Documentation · MIT License · Open Source