Sentrik VS Code Extension Tutorial

This tutorial walks you through installing, configuring, and using the Sentrik VS Code extension to get real-time governance feedback directly in your editor.

Prerequisites

• VS Code v1.85.0 or later
• Sentrik CLI installed via:
• pip install sentrik (Python 3.11+)

Verify the CLI is available:

sentrik --version

Installation

From the VS Code Marketplace

1. Open VS Code
2. Go to the Extensions view (Ctrl+Shift+X / Cmd+Shift+X)
3. Search for "Sentrik"
4. Click Install

From a .vsix File

If you have a .vsix package (e.g., from a GitHub Release):

1. Open VS Code
2. Open the Command Palette (Ctrl+Shift+P / Cmd+Shift+P)
3. Run Extensions: Install from VSIX...
4. Select the .vsix file

First Launch — Zero-Config Setup

When you open a project folder in VS Code with the Sentrik extension installed, it automatically:

1. Detects your project — identifies language, framework, and CI platform
2. Initializes config — creates .sentrik/config.yaml if one doesn't exist (runs sentrik init --no-interactive behind the scenes)
3. Runs an initial scan — analyzes your code and displays findings immediately

You don't need to create any config files or run any commands manually. Just open your project and Sentrik starts working.

Note: Auto-init and auto-scan can be disabled in settings if you prefer manual control (see Configuration below).

Understanding the Interface

Inline Diagnostics

Sentrik findings appear as native VS Code diagnostics — the same squiggly underlines you see for TypeScript errors or ESLint warnings:

Severity	Appearance	VS Code Level
Critical	Red underline	Error
High	Red underline	Error
Medium	Yellow underline	Warning
Low	Blue underline	Information
Info	Dots	Hint

Each diagnostic includes:

• The rule ID (e.g., SEC-001)
• A description of the issue
• Remediation guidance explaining how to fix it

You can see all findings in the Problems panel (Ctrl+Shift+M / Cmd+Shift+M), grouped by file.

Status Bar

The Sentrik status bar item sits in the bottom-left of your editor and shows the current state:

Status	Display	Meaning
Idle	Sentrik (shield icon)	Extension active, no recent scan
Scanning	Sentrik: scanning... (spinner)	Scan in progress
Clean	Sentrik: clean (checkmark, green)	No findings detected
Issues found	Sentrik: N issues (shield, yellow)	N findings in your project
Error	Sentrik: error (warning, red)	Scan failed — check Output panel

Click the status bar item to manually trigger a scan at any time.

Output Channel

For detailed logs, open the Output panel (Ctrl+Shift+U) and select Sentrik from the dropdown. This shows:

• Scan start/finish timestamps
• CLI command being executed
• Error messages and stack traces (if something goes wrong)
• Config initialization output

Commands

Open the Command Palette (Ctrl+Shift+P / Cmd+Shift+P) and type "SENTRIK" to see all available commands:

SENTRIK: Run Scan

Runs a full sentrik scan on your workspace and displays findings as inline diagnostics.

• Keyboard shortcut: Click the status bar item
• Equivalent CLI: sentrik scan

SENTRIK: Run Gate

Runs a governance gate check against your project. This is the same gate that runs in CI/CD pipelines.

• If the gate passes, you'll see a success notification
• If the gate fails, you'll see a failure notification with the counts of findings by severity

Use this to check whether your code would pass the CI gate before pushing.

SENTRIK: Open Dashboard

Starts the Sentrik dashboard server and opens it in your browser at http://localhost:8000/dashboard. Gives you access to all 21 tabs — compliance reports, evidence maps, threat models, audit logs, governance controls, and AI-powered fix suggestions.

SENTRIK: Quality Score

Runs sentrik quality-score and displays your project's 0–100 quality score across six dimensions (security, compliance, maintainability, documentation, test coverage, and architecture) in the status bar and output panel.

SENTRIK: Configure AI Provider

Opens a step-by-step wizard to set your AI provider for fix suggestions and analysis. Options:

Provider	Details
GitHub Copilot	Recommended — uses your existing Copilot subscription, no API key needed
Anthropic (Claude)	Requires an Anthropic API key. Default model: claude-sonnet-4-6
OpenAI	Requires an OpenAI API key. Default model: gpt-4o
OpenAI-compatible	Any custom endpoint (e.g., Azure OpenAI). Prompts for base URL and API key
Ollama	Local models. Prompts for endpoint (default: http://localhost:11434)

API keys are stored securely in VS Code's secret storage — never written to disk or config files.

SENTRIK: Copilot AI Status

Shows whether the Copilot LM proxy is active and which model is being used. Useful for confirming Copilot integration is working.

SENTRIK: Clear Diagnostics

Removes all Sentrik diagnostics from the editor. Useful if you want a clean slate before running a fresh scan, or if you're temporarily working on something where the findings are distracting.

SENTRIK: Enable Pack / Disable Pack / Manage Packs

Browse, enable, and disable standards packs directly from the Command Palette without editing config files.

SENTRIK: Create Custom Pack

Launches a wizard to scaffold a new custom rules pack in your .sentrik/rules/ directory.

SENTRIK: Scan This File / Scan This Folder

Right-click any file or folder in the Explorer and select these commands to scope a scan to just that file or directory — useful for focused reviews without rescanning the entire project.

GitHub Copilot Integration

The Sentrik extension automatically connects to GitHub Copilot with zero configuration. When Copilot is installed and active, Sentrik routes all AI features — fix suggestions, threat model analysis, design review — through Copilot's language model via VS Code's built-in vscode.lm API.

This means:

• No API keys needed — Sentrik uses your existing Copilot subscription
• No configuration — auto-detected on startup, no settings to change
• Works immediately — open a finding, click "Fix with AI", and Copilot responds

The integration runs on a local proxy (port 47200) that translates Sentrik's AI requests into VS Code LM API calls. If Copilot is not installed, Sentrik falls back to the LLM provider configured in your .sentrik/config.yaml.

Dashboard

Launch the full Sentrik management dashboard directly from VS Code:

1. Open the Command Palette (Ctrl+Shift+P / Cmd+Shift+P)
2. Run SENTRIK: Open Dashboard

This starts the dashboard server and opens it in your browser at http://localhost:8000/dashboard. The dashboard gives you access to all 21 tabs including compliance reports, evidence maps, threat models, audit logs, and governance controls — without leaving your development environment.

Alternatively, run from the integrated terminal:

sentrik dashboard

Automatic Scan on Save

By default, Sentrik scans your project every time you save a file. The scan is debounced (500ms delay) so rapid saves don't trigger multiple scans.

The scan runs in the background — you can keep editing while it processes. When complete, diagnostics update automatically.

To disable auto-scan:

1. Open Settings (Ctrl+, / Cmd+,)
2. Search for sentrik.autoScan
3. Uncheck the box

With auto-scan disabled, use the SENTRIK: Run Scan command or click the status bar to scan manually.

Configuration

Extension Settings

Open VS Code Settings and search for "sentrik" to see all options:

Setting	Type	Default	Description
sentrik.autoInit	boolean	true	Auto-create .sentrik/config.yaml when opening a project without one
sentrik.autoScan	boolean	true	Automatically scan on every file save
sentrik.binaryPath	string	"" (auto)	Path to the sentrik CLI binary. Leave empty to auto-detect from PATH
sentrik.severityFilter	array	["critical", "high", "medium"]	Which severity levels to show as diagnostics

Severity Filter

By default, low and info severity findings are hidden to reduce noise. To see all findings:

{
  "sentrik.severityFilter": ["critical", "high", "medium", "low", "info"]
}

Or to only see critical and high severity issues:

{
  "sentrik.severityFilter": ["critical", "high"]
}

Custom Binary Path

If the sentrik CLI isn't on your PATH, point the extension to it explicitly:

{
  "sentrik.binaryPath": "/usr/local/bin/sentrik"
}

On Windows:

{
  "sentrik.binaryPath": "C:\\Users\\you\\AppData\\Local\\Programs\\sentrik\\sentrik.exe"
}

Project Configuration

The extension uses the same .sentrik/config.yaml (or legacy .guard.yaml) that the CLI uses. Common settings you might configure:

# .sentrik/config.yaml

# Standards packs to enforce
standards_packs:
  - owasp-top-10
  - soc2

# Gate thresholds — which severities block the gate
gate_fail_on:
  - critical
  - high

# Output directory for reports
output_dir: out

# Enable parallel scanning for faster results
parallel_scan: true
max_workers: 4

See the Configuration Guide for the full reference.

Typical Workflows

Workflow 1: Catch Issues While Coding

1. Open your project in VS Code
2. Sentrik auto-initializes and runs an initial scan
3. As you edit and save files, findings appear as inline diagnostics
4. Hover over a squiggly underline to see the rule and remediation guidance
5. Fix the issue and save — the diagnostic disappears on the next scan

Workflow 2: Pre-Push Gate Check

Before pushing a branch:

1. Open the Command Palette
2. Run SENTRIK: Run Gate
3. If it passes — push with confidence
4. If it fails — review the findings in the Problems panel and fix them

This mirrors exactly what your CI pipeline does, so there are no surprises.

Workflow 3: Focused Review

When reviewing a specific area of the codebase:

1. Run SENTRIK: Clear Diagnostics to start clean
2. Open the files you want to review
3. Run SENTRIK: Run Scan
4. Review findings in the Problems panel, grouped by file

Workflow 4: Compliance Audit Prep

For regulated environments (medical devices, fintech):

1. Configure appropriate standards packs in .sentrik/config.yaml:

   standards_packs:
     - fda-iec-62304
     - hipaa
   

2. Save the config — Sentrik rescans with the new rules
3. Review all findings in the Problems panel
4. Address each finding or document justification for suppression

Troubleshooting

"Sentrik: error" in status bar

Open the Output panel and select Sentrik to see the error details. Common causes:

• CLI not found: Install the sentrik package or set sentrik.binaryPath
• Config error: Run sentrik validate-config in your terminal to check for YAML issues
• Timeout: Scans timeout after 120 seconds. For very large projects, consider using parallel_scan: true or scanning specific directories

No diagnostics appearing

1. Check that sentrik.autoScan is enabled
2. Check that your sentrik.severityFilter includes the severity levels you expect
3. Verify the CLI works: run sentrik scan in your terminal from the project root
4. Check that out/findings.json is generated after a scan

Diagnostics on wrong lines

This can happen when the file has been modified since the last scan. Save the file to trigger a rescan, and the diagnostics will update to the correct positions.

Extension not activating

The extension activates when VS Code detects any files in your workspace. If it's not activating:

1. Make sure the extension is installed and enabled
2. Check the Extensions view for any error badges on the Sentrik extension
3. Try reloading VS Code (Ctrl+Shift+P > Developer: Reload Window)

Legacy Settings

If you were using the older "AI SDLC Guard" extension, your settings still work. The extension checks legacy settings as a fallback:

Legacy Setting	New Setting
ai-sdlc-guard.scanOnSave	sentrik.autoScan
ai-sdlc-guard.guardPath	sentrik.binaryPath

Legacy command IDs (ai-sdlc-guard.scan, ai-sdlc-guard.gate, ai-sdlc-guard.clearDiagnostics) also continue to work.

Next Steps

• CLI Reference — Full list of Sentrik CLI commands
• CI/CD Integration — Set up Sentrik in your CI pipeline
• Dashboard Guide — Use the web dashboard for deeper analysis
• Standards Packs Overview — Browse available compliance packs
• Custom Packs — Create your own rules