AI Code Intelligence

Your codebase
has stories
to tell.

One command. Minutes later, a full AI report lands in your inbox — every security flaw, performance bottleneck, and architectural risk in your codebase, ranked and explained.

JK ML AR SP
Trusted by 2,400+ engineering teams
insights — scan — ~/projects/my-app
$ insights scan ./
Engineering teams at
Stripe Vercel Linear Notion Figma Loom Retool
Insights engine

Four lenses on your codebase.

Every scan surfaces what matters — across security, architecture, performance, and the debt that quietly compounds.

AuthController.ts 
84async verifyToken(token: string) {
85  try {
86    const decoded = jwt.verify(
87      token,
88      process.env.JWT_SECRET
89    );
90    return { valid: true, user: decoded };
91  } catch (err) {
92    return { valid: false };
93  }
94}
95
96// Called in middleware ↓
97if (tokenResult.valid) {
98  req.user = tokenResult.user; // ← no expiry check
99  next();
100}
HIGH AuthController.ts:90
JWT expiration not validated
Tokens are verified for signature only. Expired tokens remain valid indefinitely, creating a persistent session vulnerability.
Suggested fix: Check decoded.exp > Date.now() / 1000 after verification
MEDIUM AuthController.ts:92
Silent catch swallows verification errors
Verification errors are not logged. This makes it impossible to detect brute-force or token stuffing attacks in production.
Suggested fix: Log error type and timestamp for security audit trail
INFO middleware/auth.ts
2 other files depend on this path
PaymentController and AdminRouter both call this auth middleware. A fix here cascades to both.
UserService.ts 
40async getOrdersWithUsers(ids: number[]) {
41  const results = [];
42  for (const id of ids) {
43    const user = await this.db.users.findOne(id);
44    const orders = await this.db.orders
45      .findByUser(id);   // ← N+1 detected
46    results.push({ user, orders });
47  }
48  return results;
49}
N+1 QUERY UserService.ts:42
Sequential queries inside loop
For 50 users, this executes 101 database queries. Under load, this pattern causes cascading timeouts.
Suggested fix: Batch with findMany({ where: { id: { in: ids } } })
PATTERN 4 similar locations
N+1 pattern found across 4 services
OrderService, ProductService, and ReviewService contain the same pattern. Batch-fix available.
ProductController.ts 
22async searchProducts(query: string) {
23  const all = await this.db.products
24    .findAll(); // fetches entire table
25
26  return all.filter(p =>
27    p.name.toLowerCase().includes(query)
28  );
29}
CRITICAL ProductController.ts:23
Full table scan on every search request
All records are loaded into memory for every search. With 50k+ products, this will OOM the service under concurrent load.
Suggested fix: Use database full-text search with a tsvector index
OrderService.ts 
88async processOrder(order) {
89  // TODO: validate order before processing
90  // FIXME: this breaks with international shipping
91  const tax = order.total * 0.08; // hardcoded
92  if (order.type == "express") {  // == not ===
93    await legacyExpressQueue(order);
94  } else {
95    await standardQueue(order);
96  }
97}
DEBT OrderService.ts:89
23 unresolved TODOs in critical path
TODOs in payment and order flows are the highest-risk debt. 7 are over 6 months old.
Debt score: 67/100 — high impact, low effort to address
TREND Last 30 days
Debt score improving (+12 points)
Your team resolved 31 TODOs and refactored 4 legacy modules this month. Keep the momentum.
How it works

Install. Scan. Read your report.

No dashboard to configure, no integrations to wire up. One CLI command and your report is on its way.

01

Install the CLI

One command installs the insights CLI on Mac, Linux, or Windows. No account needed to install — authenticate on first scan.

# macOS / Linux
$brew install codeinsights
# or via npm
$npm i -g @codeinsights/cli
02

Run insights scan

Navigate to your project and run the scan. The CLI snapshots your codebase, uploads it over an encrypted channel, and queues the analysis job.

$cd ~/projects/my-app
$insights scan ./
✓ Scan queued · report arriving in ~14 min
03

Report in your inbox

Your report arrives by email — interactive web view and downloadable PDF. Small codebases in minutes, large ones within a few hours.

Interactive findings, filterable by severity
Specific fix suggestion for every issue
PDF export included
1.2M+
Files analyzed
across all connected repos
94%
Issue catch rate
vs. manual code review
2,400+
Engineering teams
from startups to enterprise
~14m
Avg. report delivery
for a medium codebase
Capabilities

Intelligence at every layer.

Six specialized analysis engines working in concert across your entire codebase.

🗺️

Architecture mapping

Auto-generate living documentation of your system — modules, dependencies, data flows, and ownership. Always current, never stale.

Visualization
🔐

Security scanning

OWASP Top 10, injection flaws, broken auth, and logic vulnerabilities — detected with context, not just pattern matching.

OWASP / CVE

Performance profiling

N+1 queries, unbounded loops, blocking I/O, memory leaks — found statically, before they hit production metrics.

Static analysis
📊

Tech debt radar

Quantify and trend your debt score over time. TODOs, dead code, complex hotspots — ranked by what to tackle first.

Prioritization
🔍

Change impact analysis

Before you merge, know exactly what breaks. Trace the blast radius of any change across your entire dependency graph.

Pre-merge
💬

Ask your codebase

Natural language queries against your entire repo. "Where does this data flow?" "What calls this function?" Get answers in seconds.

Chat interface
What teams say

Shipped with confidence.

Engineering teams use CodeInsights to move faster without breaking things.

CodeInsights caught a JWT auth flaw that had been in our codebase for two years. Our security team had missed it in three audits. Worth every penny just for that.

AS
Alex S.
CTO, Payroll startup (Series B)

We onboard engineers 3× faster now. Instead of spending a week reading code, they use CodeInsights to understand the architecture in an afternoon. Game changer.

MR
Maya R.
Engineering Manager, E-commerce platform

The change impact analysis alone justified the cost. We were about to ship a refactor that would have silently broken 6 downstream services. CodeInsights stopped us.

JW
James W.
Staff Engineer, Infrastructure team
Pricing

Pay once. Own the insight.

No subscriptions, no seats, no lock-in. Get your first 10 findings free — then pay a flat fee for the full report.

Free Preview
Free
no credit card required

Connect your repository and instantly see your top 10 highest-severity findings — ranked, explained, with fix suggestions.

  • Top 10 findings across all categories
  • Severity ranking & explanations
  • Suggested fix for each finding
  • Codebase size & structure overview
  • Full security & vulnerability report
  • Complete tech debt analysis
  • Architecture dependency map
  • Downloadable PDF report
Standard Report
99
one-time · up to 250k lines

The complete report for small and medium codebases. Every finding, every fix, every risk — delivered as an interactive report and PDF.

  • All findings, unlimited results
  • Full security & vulnerability scan
  • Performance & N+1 analysis
  • Tech debt score & breakdown
  • Architecture overview map
  • Actionable fix for every finding
  • Interactive report + PDF export
  • Valid for one repository snapshot
Professional Report
499
one-time · 250k+ lines

For large, mature codebases where the full picture matters. Deep analysis across millions of lines, plus a 30-day follow-up scan.

  • Everything in Standard
  • Unlimited lines of code
  • Full dependency graph & impact map
  • Change impact analysis
  • Executive summary (non-technical)
  • 30-day follow-up scan included
  • Priority email support
  • Custom integrations available
Start today

The code has been trying
to tell you something.

Connect your first repository in minutes. No credit card required.

First 10 findings free · No subscription · One-time payment · Works on Mac, Linux, Windows