Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ $ISNAD applies this ancient wisdom to code provenance.
## Documentation

- [Whitepaper](WHITEPAPER.md) — Full protocol specification
- [VS Code Extension](docs/VS_CODE_EXTENSION.md) — Inline scanner diagnostics for opened files

## Status

Expand Down
34 changes: 34 additions & 0 deletions docs/VS_CODE_EXTENSION.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# VS Code Extension

The VS Code extension lives in `vscode-extension/` and satisfies the inline-warning integration track:

- Runs `isnad-scan` on opened or saved documents.
- Maps scanner findings into the VS Code diagnostics API.
- Adds inline decorations for flagged dependencies and suspicious code paths.
- Shows hover tooltips with risk details, confidence, resource hash, and ISNAD attestation status.
- Supports scan sensitivity configuration.
- Includes TypeScript unit tests for range mapping, severity filtering, hover text, and scanner JSON parsing.

## Quick Start

```bash
cd scanner
npm install
npm run build

cd ../vscode-extension
npm install
npm run build
npm test
```

Then open `vscode-extension/` in VS Code and press `F5` to launch an Extension Development Host.

## Packaging

```bash
cd vscode-extension
npm run package
```

Publishing to the VS Code Marketplace requires maintainer access to the `isnad` publisher account. The code is prepared for packaging; the marketplace publish action should be run by maintainers or CI with publisher credentials.
20 changes: 13 additions & 7 deletions scanner/package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions scanner/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@
"version": "0.1.0",
"description": "ISNAD Scanner - Detection oracle for malicious AI resources",
"main": "dist/index.js",
"bin": {
"isnad-scan": "dist/cli.js",
"isnad-scanner": "dist/cli.js"
},
"type": "module",
"scripts": {
"build": "tsc",
Expand Down
21 changes: 21 additions & 0 deletions vscode-extension/LICENSE
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
MIT License

Copyright (c) 2026 Rapi

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
52 changes: 52 additions & 0 deletions vscode-extension/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
# ISNAD Inline Warnings for VS Code

This extension runs `isnad-scan` against open files and turns scanner findings into VS Code diagnostics, inline decorations, hover details, and a status-bar count.

## Features

- Scans files on open and save, with optional scan-on-change.
- Uses the VS Code diagnostics API for squiggles, Problems panel entries, and severity.
- Adds inline warning decorations beside detected supply-chain risk patterns.
- Shows hover details with pattern ID, category, risk score, confidence, resource hash, and ISNAD attestation status.
- Supports configurable scan sensitivity: `low`, `medium`, `high`, or `critical`.
- Provides commands for current-file scan, workspace scan, and clearing diagnostics.

## Scanner Command

The extension looks for a built local scanner at `scanner/dist/cli.js` when this repository is open in VS Code. Otherwise it tries `isnad-scan` and then `isnad-scanner` on `PATH`.

To build the local scanner:

```bash
cd ../scanner
npm install
npm run build
```

For a packaged install, expose the scanner CLI:

```bash
npm install -g @isnad/scanner
```

The scanner package exports both `isnad-scan` and `isnad-scanner` command aliases.

Workspace-local scanner binaries and custom `isnad.scannerCommand` values are only used in trusted VS Code workspaces. Untrusted workspaces are scanned only with a user-installed `isnad-scan` or `isnad-scanner` command on `PATH`.

## Development

```bash
npm install
npm run build
npm test
```

Open this folder in VS Code and press `F5` to launch an extension development host.

## Marketplace Packaging

```bash
npm run package
```

Publishing to the VS Code Marketplace requires the maintainer-owned publisher token for the `isnad` publisher. The extension is package-ready, but the final publish step should be run by a maintainer or by a release workflow with that token.
Loading