v0.1 — open source, MIT — defensive security

Your linter is blind.
This one actually reads the code.

CodeSight is a CLI for code review. Connects to GPT-5.4, Claude 4.6, or Gemini 3.1 — finds security holes, logic bugs, and gives actionable reviews straight from your terminal.

View on GitHub See how it works
bash — codesight
$ codesight review src/auth.py --provider openai

Analyzing with gpt-5.4 ...

REVIEW — src/auth.py
Found 2 critical, 1 warning

[crit] ln 42 — JWT secret is hardcoded in source
[crit] ln 87 — f-string in SQL query, injection risk
[warn] ln 15 — hashlib imported but never used

3 issues · 814 tokens · 1.2s

Three steps. No magic.

Install it, point it at a file, read the output. That's it.

01

Install & configure

pip install codesight then run codesight config to set your API key. Takes about 20 seconds.

02

Pick a task

review for a full audit, bugs to hunt issues, docs to generate docstrings, explain to decode someone else's code, refactor to clean it up.

03

Read & fix

The model returns structured findings with line numbers. Fix the real stuff, skip the noise. Done.

Linters check syntax.
We check logic.

Standard tools won't tell you that your auth flow leaks tokens or that a race condition hides in your queue handler. CodeSight actually understands what the code is supposed to do — and where it fails.

SQL injection Hardcoded secrets Race conditions Off-by-one Resource leaks Dead code paths Type mismatches Logic inversions
crit
ln 42 — JWT_SECRET is assigned a string literal. Move it to env vars or a secrets manager.
crit
ln 87 — User input interpolated into SQL via f-string. Use parameterized queries.
warn
ln 15import hashlib is unused. Safe to remove.
info
ln 63verify_token() catches all exceptions silently. Consider logging failures.

Pick your model. Or switch mid-project.

One flag: --provider anthropic. That's it.

OpenAI
GPT-5.4, GPT-5.3-Codex
Anthropic
Claude Opus 4.6, Sonnet 4.6
Google Gemini
Gemini 3.1 Pro, 3.1 Flash

Defensive security.
Built for maintainers.

Open-source maintainers face an avalanche of AI-generated code but lack tools for automated security triage. CodeSight bridges that gap — finding vulnerabilities before they ship, at near-zero API cost.

Zero-day patterns Supply chain risks Auth bypass Cryptographic misuse TOCTOU races Memory safety
crit
Defensive only — CodeSight is strictly a defensive cybersecurity tool. No offensive capabilities.
info
OSS-first — MIT licensed, free forever. Designed for the maintainer community.
info
Multi-provider — Switch between GPT-5.4, Claude 4.6, and Gemini 3.1 with a single flag.

Stop reading about it. Try it.

One pip install. One config command. Then point it at your worst file.

Get CodeSight on GitHub