Iris Code - Stop weak code before you ship
Iris Code is a local-first VS Code extension that scores your code's health on every save and blocks weak pushes before they ever reach your repo. No AI, no upload, no analysis backend, everything runs in-process on your machine.
What it does
Every file gets a single 0-100 health score built from complexity, type safety, code smells, and hardcoded secrets. Open a file, see what's wrong before review even starts. Catch a leaked GitHub token, an oversized function, or a console.log left behind, all pinned to the exact line.
Key features
Health scoring: one number per file, recomputed on every save
Hardcoded secrets detection: catches API keys, tokens, and weak passwords the moment you save, before they hit version control
Code smells & TypeScript checks: console logs, magic numbers, TODOs,
anyusage, missing return typesGate Preview: scan read-only against five presets (Legacy, Balanced, TypeScript, Strict, Security) and see your fail count shift in real time
Git pre-push & build hooks (Pro): block pushes and builds that fall below your threshold, for JS, Go, and Python
Twelve CLI commands:
iris check,iris secrets,iris security,iris gate,iris deps,iris cve,iris sbom,iris report, and more, built for terminals and CIOne shared config: a single
.irisconfig.jsondrives editor diagnostics, hooks, and CI identically for the whole teamDependents graph with CVE lookups (Pro): audit
package.json,go.mod, andrequirements.txtfor known vulnerabilities, lockfile-aware and monorepo-aware
Why it's different
Nothing leaves your machine for analysis. The only network call Iris Code makes is a license check for Pro, no source code, no metrics, no telemetry. It supports TypeScript, JavaScript, Go, and Python, with full type-safety metrics for TS/JS and secrets detection across every file type.
Pricing
Free forever: file analysis, secrets detection, Gate Preview, and core CLI commands
Pro, $6/month (14-day free trial, no credit card): whole-workspace analysis, pre-push and build hook enforcement, custom scoring weights, Config Studio, and the CVE/dependency scan
Links


