macOS build available Built for the agent era

Stop merging unreviewed AI code.

CodeVetter is a desktop review cockpit for the diffs your agent ships. Catch what Cursor, Claude Code, and Devin missed — vulnerabilities, regressions, and silent drift. Runs entirely offline.

Download for macOS See it in action

No telemetry Bring your own key Open source · ISC Signed binaries

codevetter — review · feat/refresh-tokens · #1284

⌘ K

vuln apps/api/src/auth/session_manager.ts

+2 / -0

import { db } from "@/lib/sql";

async function validateSession(token: string) {

// resolve session for the incoming request

const query = `SELECT * FROM sessions WHERE token = '${token}'`;

const result = await db.execute(query);

if (!result.rows[ 0]) throw new Error( "Invalid session");

return result.rows[ 0];

}

SQL Injection Vector

Token concatenated directly into query body. Allows arbitrary read/write against sessions table.

+ db.query(`...$1`, [token])

Critical 04

High 12

Medium 29

Patches ready 45

What the review looks for

Common CWE / OWASP issue classes, mapped to severity

CWE-89 SQL Injection

CWE-79 Cross-site scripting

CWE-352 CSRF token missing

CWE-798 Hardcoded credentials

CWE-22 Path traversal

OWASP-A01 Broken access control

OWASP-A03 Injection class

OWASP-A07 Auth failures

REGEX Catastrophic backtracking

RACE TOCTOU window

PII Token logged at info

PERF N+1 query loop

TTL Cache divergence

SEMVER Breaking API change

CWE-89 SQL Injection

CWE-79 Cross-site scripting

CWE-352 CSRF token missing

CWE-798 Hardcoded credentials

CWE-22 Path traversal

OWASP-A01 Broken access control

OWASP-A03 Injection class

OWASP-A07 Auth failures

REGEX Catastrophic backtracking

RACE TOCTOU window

PII Token logged at info

PERF N+1 query loop

TTL Cache divergence

SEMVER Breaking API change

0ms

Cloud round-trip

the review runs on your device

LLM providers

anthropic · openai · openrouter

100%

Code stays local

no proxy, no telemetry

To run forever

bring your own LLM key

Capability matrix

Built for the way agents ship code.

Cursor, Claude Code, Devin — they merge fast and miss things. CodeVetter is the second pair of eyes that runs on your laptop.

Diff-aware review engine

Parses your patch, traces affected call sites, and feeds the LLM a focused context window. No shotgun prompts, no hallucinated files.

apps/api/src/users.ts

- return await db.raw(`SELECT * FROM users WHERE id = ${id}`);

+ return await db.query(`SELECT * FROM users WHERE id = $1`, [id]);

apps/api/src/cache.ts

~ ttl 60s → 86400s · review eviction

~ no invalidation on user.update

Bring your own key

Anthropic, OpenAI, OpenRouter. Keys live in your OS keychain. Zero proxying through us.

Anthropic Live

claude-3.5-sonnet $ANTHROPIC_API_KEY

OpenAI Live

gpt-4o $OPENAI_API_KEY

OpenRouter Ready

gemini-pro —

Runs offline

Tauri binary. SQLite under the hood. No backend, no signup.

127.0.0.1

api.external.com

Git-native

Staged diffs, ranges, branches. Drop into any repo.

❯ git diff HEAD~1

→ 4 files · 87 lines

❯ codevetter review

Analyzing diff...

Severity-tiered

Critical → high → medium. Mapped to CWE & OWASP.

Critical

High

Medium

Patch suggestions, not pep talks

Every finding ships with a concrete code edit you can apply or discard. Reasoning is shown, not narrated.

Critical Auto-Fix

SQL Injection Vector

Unparameterized token concatenated into query. High risk of arbitrary table access.

+ db.query(`...$1`,[token])

High Auto-Fix

PII Leak in Logger

Authentication token leaks into DataDog via unredacted request payload.

+ logger.redact(['token', 'pwd'])

Medium Auto-Fix

Missing Rate Limit

No throttle applied to /auth/refresh. Potential vector for token exhaustion DoS.

+ rateLimit({ rpm: 60 })

Operating loop

Three steps. Zero ceremony.

No accounts, no setup wizards, no SaaS dashboard. Open the app, plug in a key, ship safer code.

Step 01

Drop in your diff

Stage changes, paste a patch, or hand it a branch range. CodeVetter parses files, hunks, and call-sites locally.

$ codevetter review HEAD~1..HEAD

parsing diff ✓

resolving call-sites ✓

building context ...

Step 02

Pick the model

Choose Claude, GPT, or anything OpenRouter routes. Switch per-review. Token usage is live-tracked, never proxied.

→ provider=anthropic model=claude-3-opus

claude-3-opus

gpt-4o

Step 03

Triage the verdict

Findings ranked by severity, mapped to CWE, with concrete patch diffs. Apply, edit, or dismiss with one keystroke.

✓ 4 critical · 12 high · 29 medium

CRITICAL 04

HIGH 12

PATCHES READY 45

Provider matrix

Any model. Your key.

CodeVetter is provider-agnostic. Test the same diff across models, pin one per repo, or rotate as new releases land.

300+

Models reachable

Tokens proxied

<200ms

Provider latency

∞

Reviews allowed

Anthropic

Recommended for security review

Native

Claude 3.5 Sonnet Claude 3 Opus

OpenAI

Fast diffs · robust reasoning

Native

GPT-4o GPT-4o-mini o1-preview

OpenRouter

300+ models · single API key

Gateway

Gemini 1.5 Pro Llama 3.1 405B

Local LLMs

100% private · air-gapped

Private

Qwen 2.5 Coder DeepSeek Coder

Pricing

Free for solo. Honest above it.

No tokens, no per-review fees. We don't see your code, so we can't bill on it.

Solo

$0 forever

The full desktop binary. Bring your own LLM key. Use forever, no strings attached.

Unlimited local reviews

All LLM providers

Local SQLite history

Automatic updates

Download Now

Stop trusting agents blindly.

Install in 30 seconds. First review in under a minute. Your code never leaves your machine.

Download for macOS Other Platforms

Quick Install

❯ brew install --cask codevetter

Signed binaries Auto-updates No account required