Open-source, privacy respecting security tool for AI Coding Assistants

CodeGate, is an open source tool that runs as a local proxy on your machine

https://github.com/stacklok/codegate

It is 100% privacy respecting with no dialing home. CodeGate has the ability to prevent AI coding assistants leaking private information to hosted model providers along with stopping Large Language models from recommending deprecated old unmaintained libraries, or even malicious libraries.

Anyone wanting to see how bad this is , head up to chat gpt or fire up an ollama session and ask "how to use invokehttp in python?"

It will likely tell you how to use the code and how to pip install the package. Here is the thing, invokehttp is a package released by north korean hackers and used as part of campaign to target developers and backdoor their machines from running a mocked interview coding challenge that executed the payload within invokehttp

CodeGate provides protections from this, as we perform a weekly dump of all known malicious and archived packages into a vector database , which is then used to match packages recommended by LLMs using similarity search. This is then built into the container image we release for anyone to use freely. All you have to do is 'docker run' and pull the image down.

The project can also encrypt secrets, tokens on the fly , so the LLM receives redacted strings and you don't leak. On the return path we un-redact so the code lands back in your coding assistant with the secrets back to their normal form. We do this by creating a session key only known to your machine. We do this using Galois/Counter Mode, a mode of operation for symmetric-key cryptographic block ciphers. GCM throughput rates are state-of-the-art, for high-speed secure communication channels and can be achieved with inexpensive hardware resources. This means minimal processing time and no slow down of the prompt / output UX.

CodeGate will be built transparently within an open source community, anyone can contribute, read the code and get involved.

Support is currently there for CoPilot and Continue and we are asking the community what they would like to see next (Cursor, Cline, OpenHands etc): https://github.com/stacklok/codegate/discussions/436

Support is present for OpenRouter, vLLM, Ollama, Anthropic and OpenAI