We've all been there - you paste code from ChatGPT, Claude, or Copilot, it looks perfect, you ship it... and then it breaks because the AI invented a package that doesn't exist, or snuck in an eval(), or used an f-string for SQL queries.
84% of developers use AI coding tools now, but only 29% actually trust the output. That trust gap is real.
So I built AI Code Trust Validator - a tool that catches AI code problems before they reach production.
---
## What It Detects
**Security Vulnerabilities**
- SQL injection, command injection
- eval(), exec(), innerHTML XSS
- Hardcoded secrets, API keys
- Prototype pollution (JS)
**Hallucinations**
- Fake npm packages, invented Python modules
- Made-up functions and methods
- Placeholder API URLs
**Logic Errors**
- Infinite loops, unreachable code
- Missing await/async issues
- Bare except clauses, mutable defaults
---
## Supported Languages
- Python
- JavaScript
- TypeScript
---
## Example Output
text
Analyzing: generated_code.py
TRUST SCORE: 67/100
Category Score Issues
Security 72 2 medium, 1 low
Hallucinations 45 3 critical
Logic 85 1 minor
Best Practices 70 2 warnings
Critical Issues:
[HALLUCINATION] Line 12: Import 'fancy_lib' does not exist
[SECURITY] Line 24: Potential SQL injection via f-string
Suggestions:
Replace 'fancy_lib' with 'numpy' or 'pandas'
Use parameterized queries
---
## Quick Start
bash
pip install ai-trust-validator
aitrust validate your_code.py --min-score 75
---
## What's New in v0.4.0
### AI-Powered Auto-Fix
Let GPT-4, Claude, or local Llama fix issues automatically:
bash
export OPENAI_API_KEY="sk-..."
aitrust ai-fix buggy_code.py --apply
Supports:
- OpenAI (GPT-4, GPT-3.5)
- Anthropic (Claude)
- Ollama (local models like Llama 3)
### JetBrains Plugin
Now works in IntelliJ, PyCharm, WebStorm with:
- Real-time code analysis
- Trust score in status bar
- One-click AI fixes
### JavaScript/TypeScript Support
Now validates .js, .jsx, .ts, .tsx files with:
- Security analysis (eval, innerHTML, prototype pollution)
- Hallucination detection (fake packages, invented functions)
- Best practices (var vs let/const, == vs ===)
---
## More Features
- VS Code extension
- Docker support
- GitHub Action for CI/CD
- Pre-commit hooks
- REST API server
- HTML/SARIF/JSON reports
- Team analytics dashboard
---
## Links
- GitHub: https://github.com/rudra496/ai-code-trust-validator
- PyPI: https://pypi.org/project/ai-trust-validator/
- Release Notes: https://github.com/rudra496/ai-code-trust-validator/releases/tag/v0.4.0
MIT licensed, open source. Contributions welcome!
---
What's the worst AI code hallucination you've encountered? Drop it in the comments and I'll add detection for it!
Top comments (0)