Skip to main content
The PromptGuard VS Code extension highlights unprotected LLM SDK calls in your code and provides quick fixes to add protection.

Installation

From VS Code Marketplace

  1. Open VS Code
  2. Go to Extensions (Cmd/Ctrl + Shift + X)
  3. Search for “PromptGuard”
  4. Click Install

From Command Line

code --install-extension promptguard.promptguard-vscode

From VSIX

Download from GitHub Releases: 
code --install-extension promptguard-vscode-0.2.1.vsix

Features

Inline Diagnostics

Unprotected LLM calls are highlighted with squiggly underlines:
  • Red (Error): Unprotected calls in production code
  • Yellow (Warning): Calls in potentially sensitive files
  • Blue (Info): Protected calls (informational)

Hover Information

Hover over a highlighted call to see:
  • Provider name (OpenAI, Anthropic, etc.)
  • Whether it’s protected
  • Link to fix or learn more

Quick Fixes

Click the lightbulb or press Cmd/Ctrl + . to see fixes:
FixDescription
Add promptguard.init()Initialize SDK at file top
Wrap with GuardClientUse direct scanning
Add to ignore listSuppress this finding
Open documentationLearn more

Problems Panel

All findings appear in the Problems panel (Cmd/Ctrl + Shift + M): 
src/api/chat.py
  ⚠ Line 45: Unprotected OpenAI call (promptguard)
  ⚠ Line 89: Unprotected OpenAI call (promptguard)

src/agents/helper.ts
  ⚠ Line 23: Unprotected Anthropic call (promptguard)

Status Bar

The status bar shows protection status:
  • Protected - All LLM calls are secured
  • ⚠️ 3 unprotected - Click to see findings
  • 🔍 Scanning… - Analysis in progress

Configuration

Settings

Open Settings (Cmd/Ctrl + ,) and search for “PromptGuard”:
SettingDefaultDescription
promptguard.enabletrueEnable/disable extension
promptguard.scanOnSavetrueScan when file is saved
promptguard.scanOnOpentrueScan when file is opened
promptguard.severitywarningDiagnostic severity level
promptguard.exclude["**/test/**"]Glob patterns to exclude

settings.json

{
  "promptguard.enable": true,
  "promptguard.scanOnSave": true,
  "promptguard.severity": "error",
  "promptguard.exclude": [
    "**/test/**",
    "**/tests/**",
    "**/*.test.ts",
    "**/*_test.py"
  ]
}

Workspace Settings

Create .vscode/settings.json in your project: 
{
  "promptguard.exclude": [
    "**/fixtures/**",
    "**/mocks/**"
  ]
}

Commands

Access via Command Palette (Cmd/Ctrl + Shift + P):
CommandDescription
PromptGuard: Scan Current FileScan the active file
PromptGuard: Scan WorkspaceScan all files in workspace
PromptGuard: Initialize ProjectRun promptguard init
PromptGuard: Show All FindingsOpen findings panel
PromptGuard: Clear DiagnosticsRemove all highlights

Supported Languages

LanguageFile Extensions
Python.py
JavaScript.js, .mjs, .cjs
TypeScript.ts, .mts, .cts
JSX.jsx
TSX.tsx

Supported Providers

The extension detects calls to:
  • OpenAI
  • Anthropic
  • Google AI (Gemini)
  • Cohere
  • AWS Bedrock
  • Azure OpenAI
  • Mistral
  • Groq

Ignoring Findings

Inline Comment

# promptguard-ignore: intentionally unprotected
response = client.chat.completions.create(...)

// promptguard-ignore: test fixture
const response = await openai.chat.completions.create(...);

File-level Ignore

# promptguard-ignore-file
# This entire file is ignored by PromptGuard

Via Settings

Add to promptguard.exclude: 
{
  "promptguard.exclude": [
    "**/legacy/**",
    "src/deprecated.py"
  ]
}

Integration with CLI

The extension uses the same detection engine as the CLI. If you have the CLI installed, the extension will use it for scanning: 
# Install CLI for better performance
brew install promptguard/tap/promptguard
Without the CLI, the extension uses a built-in scanner.

Troubleshooting

Check:
  • Is the file a supported language (.py, .ts, .js)?
  • Is promptguard.enable set to true?
Try:
  • Reload window: Cmd/Ctrl + Shift + P → “Reload Window”
  • Check Output panel for errors: View → Output → PromptGuard
Check:
  • Is the file excluded in settings?
  • Does the file have LLM SDK imports?
Try:
  • Run “PromptGuard: Scan Current File” manually
  • Check the Problems panel (Cmd/Ctrl + Shift + M)
Solutions:
  • Add test directories to promptguard.exclude
  • Use # promptguard-ignore comments
  • Lower severity to information
Solutions:
  • Disable scanOnSave for large projects
  • Add node_modules, .venv to exclude list
  • Install CLI for faster native scanning

Telemetry

The extension collects anonymous usage data to improve the product:
  • Extension activation events
  • Command usage counts
  • Error reports (no code content)
Disable in settings: 
{
  "promptguard.telemetry": false
}
Or use VS Code’s global telemetry setting: 
{
  "telemetry.telemetryLevel": "off"
}

Changelog

v0.2.1 (February 2026)

  • Added AWS Bedrock provider detection
  • Improved TypeScript parsing
  • Fixed false positives in JSX

v0.2.0 (January 2026)

  • Quick fix actions
  • Status bar indicator
  • Workspace scanning

v0.1.0 (December 2025)

  • Initial release
  • Python and JavaScript support
  • Inline diagnostics

Contributing

The extension is open source:

Next Steps

CLI Tool

Scan from command line

GitHub Scanner

Automated CI scanning

Python SDK

Runtime protection

Node.js SDK

JavaScript protection