I built this because I noticed a scary pattern: AI agents (like ChatGPT or Gemini) often hallucinate package names that don't exist.
For example, an agent might try to import cv2. If it runs pip install cv2, it fails because the real package is opencv-python. But if an attacker registers cv2 on PyPI (a technique called Slopsquatting), they can instantly compromise any agent that tries to install it.
CodeGate is a CLI tool that acts as a guardrail.
Scan: It checks requirements.txt for packages that don't exist (potential hallucinations) or are dangerously new.
Probe: It actively red-teams your LLM prompts to see if they suggest malicious packages.
Block: It uses a local SQLite knowledge graph (seeded with known hallucinations) to flag risky installs.
It's open source and available via pip install codegate-cli.
I'd love to hear your feedback on the trade-off I made. I went with a static blocklist (like a filter) because it's instant and works offline. The alternative is running every package in a secure sandbox, which catches more unknown threats but is much slower. Is the speed of a simple blocklist worth it, or should we always be sandboxing AI-generated code?
mondra•2h ago
I built this because I noticed a scary pattern: AI agents (like ChatGPT or Gemini) often hallucinate package names that don't exist.
For example, an agent might try to import cv2. If it runs pip install cv2, it fails because the real package is opencv-python. But if an attacker registers cv2 on PyPI (a technique called Slopsquatting), they can instantly compromise any agent that tries to install it.
CodeGate is a CLI tool that acts as a guardrail.
Scan: It checks requirements.txt for packages that don't exist (potential hallucinations) or are dangerously new.
Probe: It actively red-teams your LLM prompts to see if they suggest malicious packages.
Block: It uses a local SQLite knowledge graph (seeded with known hallucinations) to flag risky installs.
It's open source and available via pip install codegate-cli.
I'd love to hear your feedback on the trade-off I made. I went with a static blocklist (like a filter) because it's instant and works offline. The alternative is running every package in a secure sandbox, which catches more unknown threats but is much slower. Is the speed of a simple blocklist worth it, or should we always be sandboxing AI-generated code?