Trepan: Local VS Code Security Auditor for AI-Generated Code

Trepan is a VS Code extension that addresses 'Silent AI Security Debt'—vulnerabilities in AI-suggested code that pass compilation but lack architectural security context. It acts as a local security gatekeeper between AI coding assistants and your codebase.
How Trepan Works
The tool uses a Zero-Baseline approach to audit AI suggestions against local security rules. It doesn't just guess; it enforces policies based on a .trepan/system_rules.md file in your project.
- 100% Local-Only: Uses Ollama to run security audits on your machine with no code leakage to external APIs
- Deterministic Validation: Forces the local LLM to validate suggested code against your specific security constraints before acceptance
- Context-Aware: Reads project-specific rules to catch logic-specific flaws that generic linters miss
What Trepan Catches
The tool is specifically tuned to find hallucinations that bypass standard static analysis:
- Insecure API endpoints suggested by AI
- Silent DOM XSS vulnerabilities in frontend logic
- Hardcoded secrets or "convenient" backdoors the AI might hallucinate
Technical Details
Trepan is open-source under AGPLv3 license and available in the VS Code Marketplace. The developer is experimenting with different system prompts for the auditing phase and seeking feedback on auditing logic and prompt engineering.
The developer is asking the community for input on which local models (Llama 3, Mistral, etc.) perform best for security-focused auditing without excessive latency.
📖 Read the full source: r/LocalLLaMA
👀 See Also

agentcache: Python Library for Multi-Agent LLM Prefix Caching
agentcache is a Python library that enables multi-agent LLM frameworks to share cached prompt prefixes, achieving up to 76% cache hit rates and cutting inference time by more than half in tests with GPT-4o-mini.

Tripsy Launches MCP Server for Claude: Manage Trips via Structured API
Tripsy's official MCP server lets Claude directly read, create, and update trips, activities, stays, transportation, and expenses. Setup takes ~1 minute via Claude's custom connector.

Librarian MCP: Local AI Server for Persistent Context with Documents
Librarian MCP is an open-source Model Context Protocol server that runs locally and connects to Jan, LM Studio, or Claude Desktop, enabling AI models to search and analyze document collections while maintaining full conversation context and data privacy.

Gemma Gem: On-Device AI Agent for Browser Automation via WebGPU
Gemma Gem is a Chrome extension that runs Google's Gemma 4 model (2B or 4B) entirely on-device using WebGPU, with no API keys or cloud dependencies. It provides tools to read page content, take screenshots, click elements, type text, scroll, and run JavaScript through a chat interface.