Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
AI-powered tool for developers, simplifying coding tasks and improving workflow efficiency.
AICodeBot is a terminal-based coding assistant designed to make your coding life easier. Think of it as your AI version of a pair programmer. Perform code reviews, create helpful commit messages, debug problems, and help you think through building new features. A team member that accelerates the pace of development and helps you write better code.
We've planned to build out multiple different interfaces for interacting with AICodeBot. To start, it's a command-line tool that you can install and run in your terminal, and a GitHub Action for Code Reviews.
Status: This project was built before AI Coding Assistants were cool. 🤓 As such, much of the functionality has been replicated in various IDEs. Where AICodeBot shines is a) it's in the terminal, not GUI, and b) it can be used in processes like GitHub actions.
We're using AICodeBot to build AICodeBot, and it's upward spiraling all the time.️ We're looking for contributors to help us build it out. See CONTRIBUTING for more.
Task | Status |
---|---|
Generating quality commit messages | ✅ |
Thinking through tasks as a pair programmer | ✅ |
Coding with a small number of files | ✅ |
Debugging | ✅ |
Doing code reviews | ✅ |
Explaining code | ✅ |
Writing tests | ✅ |
Integration with GitHub | ✅ |
Modifying local files | Early stages |
Searching the internet for answers | In Progress |
Reading library documentation | Early stages |
Coding with a large number of files | As LMs get larger token limits |
Writing senior developer level code | Eventually |
Major refactors | Eventually |
Build entire apps | Eventually |
Replace Developers | Nope |
aicodebot sidekick
Your AI-powered coding assistant. It's designed to help you with your coding tasks by providing context-aware suggestions and solutions. Think ChatGPT with the ability to read the local repository for context.
By default it will pass along a directory of files from the current working directory, and you can also pass in a list of files to use as context for the task you are working on. For example:
aicodebot sidekick file1.py file2.py
In this example, the sidekick will read the contents of file1.py and file2.py and use them to provide context-aware answers.
Pro-tips:
This feature is in its early phases right now, but it's already useful. We'll be adding support for tools that the sidekick can use, including GitHub integration, ingesting repository specific domain knowledge, writing local files, and more. For now, it just reads files and provides suggestions.
aicodebot commit
improves the git commit process. It will run pre-commit for you to check syntax, and then generate a commit message for you based on the changes you've made. In about as much effort as typing "fix bug" for the commit message, you will get a high-quality commit message that thoroughly describes the change.
aicodebot review
will run a code review on your code and suggest improvements. By default, it will look at [un]staged changes, and you can also supply a specific commit hash to review.
Its goal is to suggest how to make the code better, and we've found that it often teaches us new things about our code and makes us better programmers. It is a great way to get a second set of robot eyes on your code.
aicodebot debug $command
will run the $command and capture the log output. It will pass the error message, stack trace, command output, etc. over to the AI and respond with some suggestions on how to fix it.
To install AICodeBot, run:
pip install aicodebot
And then, run aicodebot configure
to get started.
Usage: aicodebot [OPTIONS] COMMAND [ARGS]...
Options:
-V, --version Show the version and exit.
-h, --help Show this message and exit.
-d, --debug Enable langchain debug output
Commands:
alignment A message from AICodeBot about AI Alignment ❤ + 🤖.
commit Generate a commit message based on your changes.
configure Create or update the configuration file
debug Run a command and debug the output.
review Do a code review, with [un]staged changes, or a...
sidekick Coding help from your AI sidekick
AICodeBot supports multiple Large Language Models, including Anthropic's Claude 3.x, and OpenAI's GPT-3/4x. Pull requests for Gemini or Ollama are welcomed, but we feel these two do the trick.
The first time you run AICodeBot, you'll be prompted to enter your API keys
How about automated code reviews on every commit? You can have AICodeBot run as a GitHub action on your repository. See The AICodeBot GitHub Action for Code Reviews. It will look at every commit and pull request, and then either:
aicodebot debug $command
pip install aicodebot
aicodebot alignment
.Technology itself is amoral; it just imbues the values of the people who create it. We believe that AI should be built-in a way that aligns with humanity, and we're building AICodeBot to help us do just that. We're building from a heart-centered space, and contributing to the healthy intersection of AI and humanity.
aicodebot
is a tool for developers, not a replacement for them. It's not going to replace your job, but it will make your job easier and more fun. It won't take over the world, but it will help us build a better one. See the Alignment section below for more.
⚠️ AICodeBot currently uses OpenAI's ChatGPT large language models, which can hallucinate and be confidently wrong. Sometimes AICodeBot does dumb things, so it's mostly reading and advising and not yet writing. Much like Tesla's "Full Self Driving", you must keep your hands on the wheel.
It's also not a "build a site for me in 5 minutes" tool that takes a well-constructed prompt and builds a scaffold for you. There are other tools for that. It's not a no-code platform. Instead, AICodeBot is built to work with existing codebases and the git-commit level. It's designed to multiply the effectiveness of capable engineers.
To specify a different model, you can set the language_model
in your $HOME/.aicodebot.yaml
file. For example:
openai_api_key: sk-*****
language_model: gpt-3.5-turbo
personality: Stewie
version: 1.3
In AI models like OpenAI's GPT-4, a "token" is a piece of text, as short as a character or as long as a word. The total tokens in an API call, including input and output, affect the cost, time, and whether the call works based on the maximum limit.
Each model has a maximum token limit. For example, GPT-3.5 has a limit of 4096 tokens, and GPT-4 has a token limit of 8192 tokens. If a conversation exceeds this limit, you must reduce your text until it fits.
When using commands like the Sidekick command in AICodeBot, which allows you to pass in files for context, it's important to manage your tokens effectively. Due to token limits, it's not feasible to load your entire codebase. Instead, you should only load the specific files that are relevant to the task you're working on. This ensures that the AI model can process your request efficiently and provide the most relevant suggestions for your current task.
Do you need a larger context window for your task? Are you running into token limits and getting a message like this?
The context is too large (21414) for any of the models supported by your API key. 😞
There are a couple of things you can do:
We'd love your help! If you're interested in contributing, here's how to get started. See CONTRIBUTING for more details.
Assumes you have changes in current working dir that are already added.
docker build -t aicodebot .
docker run -v ~/.aicodebot.yaml:/home/user/.aicodebot.yaml -v .:/app aicodebot commit -y
FAQs
AI-powered tool for developers, simplifying coding tasks and improving workflow efficiency.
We found that aicodebot demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.