Skip to content

Quick Start Guide

Installation

  1. Clone the repository: 

    git clone https://github.com/yourusername/codeslick2.git
cd codeslick2

  2. Install dependencies: 

    npm install

  3. Set up environment variables: 

    cp .env.example .env.local
# Edit .env.local with your API keys

  4. Run development server: 

    npm run dev

  5. Open http://localhost:3000

First Analysis

For Teams (GitHub App)

  1. Sign in with GitHub - Authenticate to connect your repositories
  2. Install GitHub App - Enable automated PR analysis for your team
  3. Create a pull request - CodeSlick automatically scans on every PR
  4. Review security findings - Get inline comments with severity scores
  5. Apply fixes with one click - Individual "Apply Fix" buttons per issue (GitHub-native, no authentication required)
  6. View team activity - Check dashboard at /teams/[id] for unified view of all analyses and applied fixes

For Individuals (Web Tool)

  1. Visit codeslick.dev/analyze - No sign-in required
  2. Paste your code or upload a file
  3. Click "Analyze Code" - Get results in 2-3 seconds
  4. Review findings - Severity-based prioritization
  5. Click "Generate Fix" - AI-powered context-aware fixes for individual issues

What We Detect

CodeSlick performs 84+ security checks across 3 layers + Professional TypeScript Analysis:

Static Analysis (84 checks)

  • SQL Injection - Parameterized query enforcement (CRITICAL)
  • Command Injection - subprocess.run, subprocess.Popen, os.system detection (CRITICAL)
  • Cross-Site Scripting (XSS) - Unsafe HTML rendering patterns (HIGH)
  • Hardcoded Credentials - Detects:
  • Database passwords, API keys, JWT secrets
  • AWS credentials (AKIA* access keys, 40-char secret keys) 🆕
  • Stripe API keys (sk_test_, sk_live_, pk_*) 🆕
  • Encryption byte arrays (hardcoded crypto keys) 🆕
  • Path Traversal - Unrestricted file access vulnerabilities (HIGH)
  • Insecure Deserialization - pickle, YAML, Java object injection (CRITICAL)
  • Weak Cryptography - Random() vs SecureRandom, MD5/SHA1 usage (MEDIUM)

Dependency Scanning (3 ecosystems)

  • npm packages (JavaScript/TypeScript)
  • pip packages (Python)
  • Maven packages (Java)

API Security (5 checks)

  • Insecure HTTP endpoints
  • Missing authentication
  • API key exposure
  • CORS misconfigurations
  • Rate limiting issues

Professional TypeScript Analysis (NEW)

  • TypeScript Compiler API Integration - Real TypeScript compilation analysis
  • 95%+ Error Detection - Dramatic improvement over pattern-based checking (was 5%)
  • 20+ Error Types - Null safety, function signatures, type mismatches, property access
  • CVSS Scoring - Security scoring for TypeScript errors (CVSS 9.8 for null references)
  • Graceful Degradation - Works alongside existing pattern-based checks
  • Production Ready - Fully tested with 26 comprehensive test cases

Supported Languages

  • JavaScript
  • TypeScript - Professional TypeScript Compiler API integration (95%+ error detection vs 5% with pattern-based checking)
  • Python
  • Java

AI-Powered Code Fixes

CodeSlick offers AI-powered intelligent fixing:

Generate Fix (AI-Powered)

  • Model: Claude Sonnet 3.5 via OpenRouter
  • Speed: 10-90 seconds (depends on file size)
  • Intelligence: Context-aware, handles complex refactoring, enhanced TypeScript support
  • File Size Limit: 300 lines maximum
  • Best For: Security vulnerabilities, logical errors, TypeScript type errors, performance optimizations

File Size Performance (Data-Driven)

Based on production testing with Claude Sonnet 3.5:

File Size Performance Time
100 lines Fast ⚡ <15s
192 lines Good ✅ ~30s
312 lines Acceptable ⚠️ ~50s
>300 lines Blocked 🚫 -

What To Do With Large Files (>300 lines)

If your file exceeds 300 lines, you have several options:

  1. Split your file - Refactor into smaller modules (better architecture)
  2. Fix sections individually - Extract problematic sections, fix them, merge back
  3. Manual review - Traditional code review for very large files

Configuring Your AI API Key

CodeSlick supports 6 AI providers. Configure your own API key for unlimited fixes:

Supported Providers: - OpenRouter ⭐ (recommended) - Claude Sonnet 3.5, automatic failover, $1 free credits - Anthropic - Claude 3.5 Sonnet direct access - OpenAI - GPT-4, GPT-4 Turbo - Groq - Ultra-fast inference, free tier - Google - Gemini 1.5 Pro, Flash - Together.ai - Qwen Coder, DeepSeek (legacy)

Benefits: - ✅ Unlimited AI fixes (no rate limits) - ✅ Full control over model selection - ✅ Pay-as-you-go pricing - ✅ Most providers offer free credits - ✅ API keys stored only in your browser (secure)

How to Configure: 1. Click "API Key" button in the main interface 2. Select your preferred provider 3. Enter your API key 4. Test the connection 5. Start using AI-powered fixes

Note: Static security analysis (including professional TypeScript analysis) always works without an API key. AI fixes are an optional enhancement.

Pricing & Plans

CodeSlick uses a "Pay for Platform, Choose Your AI Model" philosophy for fair, transparent pricing.

Pricing Structure

Plan Platform AI Options Total Price
Individual Free Own key only €0
Team €39/month +€0 / +€10 / +€60 €39 - €99/month
Enterprise €129/month +€0 / +€25 / +€120 €129 - €249/month

Three AI Options

You choose how you want to use AI-powered fixes:

1. Own API Key (€0/month)

  • Cost: Free on our side, you pay your provider directly
  • AI Fixes: Unlimited (no restrictions)
  • You Control: Model selection, API costs
  • Best For: Teams who want full control and already have AI API access

2. Credit Pack (+€10 or +€25/month)

  • Team Plan: +€10/month = 500 AI fixes
  • Enterprise Plan: +€25/month = 1000 AI fixes
  • Predictable Costs: No surprises, clear monthly budget
  • Best For: Teams who want predictable pricing without managing API keys

3. Unlimited AI (+€60 or +€120/month)

  • Team Plan: +€60/month = Unlimited AI fixes
  • Enterprise Plan: +€120/month = Unlimited AI fixes
  • Zero Worries: No limits, no tracking, no restrictions
  • Best For: Teams who want premium convenience and high usage

Managing Your Credits

Team admins can view and manage AI credits from the team settings page (/teams/[id]/settings/credits):

  • Real-time tracking - See remaining credits and usage this month
  • Progressive warnings - Alerts at 50%, 75%, and 90% usage
  • Usage analytics - Top files, language breakdown, success rate
  • Configure AI option - Switch between own-key, pack, or unlimited anytime
  • Test connections - Validate your API key before saving

See Configuration for detailed setup.