VS Code Extension · v0.2.0-beta

AI code review that uses your existing subscriptions

Full codebase analysis, auto-fix suggestions, and security scanning — powered by Claude, GPT, and Gemini. Use the AI accounts you already pay for.

Install ExtensionSee a sample review →
src/api/users.ts
1import { Request, Response } from 'express';
2import { db } from '../lib/database';
3 
4export async function getUser(req: Request) {
5 const id = req.query.id;
6 const result = db.query(
7 `SELECT * FROM users WHERE id = ${id}`
8 );
9 return result.rows[0];
10}
11 
12export async function getOrders(userId: string) {
13 const orders = await db.query('SELECT * FROM orders');
14 for (const o of orders) {
15 o.customer = await getUser(o.customerId);
16 }
17 return orders;
18}
review-outputscanning...
$ halboncode review src/api/
 
Connected to Claude Sonnet via OAuth
Connected to GPT-4o via OAuth
 
Scanning 247 files (38.2k LOC)
├─ src/api/users.ts
├─ src/api/orders.ts
└─ src/lib/database.ts + 244 more
 
■ P0 CRITICAL SQL injection in getUser()
L7: Unsanitised input in template literal
fix: Use parameterised query ($1)
 
■ P1 WARNING N+1 query in getOrders()
L14-15: SELECT per iteration in loop
fix: Batch with JOIN or IN clause
 
Review complete. 1 critical 1 warning 0 info
Both agents agree. Consensus: 100%
⬡ HalbonCodescanning...
Trusted by developer teams at
Acme CorpNovaTechHeliosPolyformMeridian

Your team already pays for Claude Pro, ChatGPT Plus, or Gemini Advanced. Use those subscriptions.

HalbonCode routes reviews through your existing AI accounts. No API keys, no per-token billing, no surprise invoices.

Features

What HalbonCode catches

Real findings from a single review pass. Security, performance, and code quality — prioritised by severity.

Security Scanning

SQL injection, XSS, session fixation, insecure deserialization, exposed secrets — detected and explained with one-line fixes.

// Before: vulnerable
const result = db.query(`SELECT * FROM users WHERE id = ${req.query.id}`);

// After: parameterised
const result = db.query('SELECT * FROM users WHERE id = $1', [req.query.id]);

Performance

N+1 queries, unnecessary re-renders, blocking operations, memory leaks. Identified with latency impact estimates.

Auto-Fix Suggestions

One-click patches for common issues. Diffs are generated inline — review, accept, or modify before applying.

Code Quality

Duplicated types, dead code paths, inconsistent naming, missing error boundaries. Keeps your codebase clean as it scales.

Full Codebase Scope

Not just the diff — reviews the entire project for cross-file issues, dependency conflicts, and architectural drift.

Providers

Works with every major AI

Bring your own subscriptions. HalbonCode connects to them all — no extra API keys required.

Anthropic
oauth · api-key
Claude 4 · Sonnet · Haiku
OpenAI
oauth · api-key
GPT-4o · o1 · o3
Google
oauth · api-key
Gemini 2.5 · Flash
Copilot
github-sso
GPT-4o via Copilot
Ollama
local
Llama · Mistral · Phi
OpenRouter
api-key
100+ models
Architecture

Multi-agent consensus

Two AI models review independently, then a third reconciles — eliminating false positives and surfacing real issues.

🟣
Claude
Reviewer A
🟢
GPT-4o
Reviewer B
Reconciler
HalbonCode
Consensus
Final Report
● Consensus Mode

Multi-model agreement

Two providers review independently. Findings are merged, de-duplicated, and ranked. Only issues flagged by both make the final report — dramatically fewer false positives.

● Solo Mode

Single-model speed

Route the entire review through one provider for maximum speed. Ideal for quick iterations, PR checks, or a fast first pass before deeper consensus.

Workflow

From install to first review

Three steps. No configuration files, no CI/CD changes, no API key management.

01

Install the extension

Search HalbonCode in the VS Code marketplace. One click — works with VS Code, Cursor, Windsurf, and any fork.

02

Connect your AI accounts

Sign into your existing Claude, ChatGPT, or Gemini accounts via OAuth. Credentials never touch our servers.

03

Run your first review

Open command palette, type HalbonCode: Review, select scope and providers. Full results in minutes.

Security & Privacy
Zero data retention. Your code is never stored, logged, or used for training. Reviews are streamed and discarded.
Direct provider routing. Code goes straight from VS Code to your AI provider. HalbonCode orchestrates, never proxies.
Local-first option. Run reviews entirely on-device with Ollama. Your code never leaves your machine.
SOC 2 roadmap. Enterprise compliance certification in progress. Audit logs and team management included.
Pricing

Pay for compute. Bring your own tokens.

We charge for containers and orchestration. AI tokens come from your subscription or API key — we never bill for them.

Per-review pricing5 free reviews / month
£0.15
Single-agent
1 container, 1 worker
£0.35
Multi-agent
2 containers, parallel
£0.05
Auto-fix pass
per fix + re-verification
// Drag to estimate your monthly cost
Reviews / mo30
Agent modesingle-agent @ £0.15/review
Estimated monthlyAI tokens: £0.00 — billed to your provider
£3.75 / mo
£0.15 per review
No tiers. No feature gates. Every user gets the full dashboard, all review types, all prompts. Pay only for what you use. Team features: £4/seat/month.

5 free reviews a month. No card required.

Install the extension, connect a provider, and run your first review in under 2 minutes. If it finds nothing — your code is probably fine.

Install from MarketplaceRead the Docs →