How to use CodeGuardian AI — and how it actually works.
A complete walkthrough of the product: from your first analysis to the seven-agent pipeline, the architecture underneath, and the scoring formula behind every health score.
From zero to first analysis in under two minutes
Four steps. No local install, no model wiring — sign in, point us at your code, and watch the agents work.
Seven agents. One LangGraph pipeline. Full observability.
Each run executes the same seven-node graph in sequence. Every node records its kind, status, duration, and token usage to the agent_runs table — which is what the Agent Tasks page renders.
- Step 01
repositoryRepository ingestion
Indexes the uploaded codebundle or connected repository and prepares a structured snapshot for downstream agents.
Streams file paths, sizes, and detected languages into pipeline state.
- Step 02
analysisScanner agent (Gemma 4)
Reads the codebundle and emits structured findings — bugs, vulnerabilities, and code smells — with rule IDs, severity, and line ranges.
Output is parsed through a defensive JSON extractor that strips markdown fences and extracts the object body.
- Step 03
prioritizationPrioritization agent
Ranks findings by blast radius — severity, reach, and fix cost — so the highest-leverage issues surface first.
Produces an ordered list that drives the explanation and refactor steps.
- Step 04
explanationExplanation agent (Gemma 4)
Translates each prioritized finding into plain English: what is wrong, why it matters, and the recommended fix path.
Output is attached to every issue row and rendered on the analysis detail page.
- Step 05
refactorRefactor agent (Gemma 4)
Proposes a concrete before/after diff for the top findings, rendered inline on every issue card.
Suggestions include before/after snippets and a rationale grounded in the explanation step.
- Step 06
validationValidation agent (Gemma 4)
Reviews each proposed fix to confirm it addresses the finding without introducing new issues. No credit for fixes that do not hold up.
Emits a pass/fail verdict per finding, filtering out invalid suggestions before the report.
- Step 07
reportReport composer
Stitches everything into a single composite score, a counts summary, and a markdown report ready to share.
Final state is persisted to Supabase and surfaced across the dashboard.
A multi-agent stack wired for transparency
Every layer is intentionally observable — from the LLM provider down to the per-node token counts. Here are the six planes that make up CodeGuardian AI.
A capped-penalty formula that rewards progress
Each category contributes a bounded penalty. Caps mean a single noisy category cannot crater the score to zero — fix the worst bucket first and watch the number climb.
Five pages, one workflow
The sidebar navigation maps directly onto the analysis lifecycle — from starting a run to inspecting agent traces and acting on issues.
Common questions, straight answers
If something else is unclear, the Support page has contact details — we are happy to dig in.
Do I need to bring my own GPU or API key?
No. CodeGuardian AI runs Gemma 4 on an AMD Developer Cloud MI300X instance. The vLLM endpoint is already live — you just sign in and run analyses.
What languages are supported?
Anything Gemma 4 can reason about. The scanner agent is language-agnostic at the prompt level; structured findings come back as bugs, vulnerabilities, or code smells with file paths and line numbers.
Why did my analysis finish in under 5 seconds with no issues?
That was a known issue where Gemma 4 wrapped its JSON output in markdown fences and the parser silently swallowed the error. It has been fixed — every node now uses a defensive JSON extractor that strips fences and extracts the object body. If you see 0 issues on a real codebase, retry the upload.
How long should a full analysis take?
Between 20 and 90 seconds depending on codebundle size and model load. Each of the seven pipeline steps is recorded with its own duration in the Agent Tasks page, so you can see exactly where time is spent.
Can I edit a suggested refactor?
The refactor agent proposes diffs for the top-priority findings. The current demo surfaces the suggestion inline; full approve/edit/iterate flows are on the roadmap.
Where is my code stored?
Uploaded ZIP archives land in a Supabase Storage bucket. Repository metadata (owner/name, branch, language) lives in Postgres. CodeGuardian never persists the raw file contents beyond the analysis run.
What happens if a pipeline node fails?
The failing step is marked with status=failed in agent_runs, the error message is captured, and the overall analysis transitions to failed state. You can inspect the failure from the Agent Tasks table.
Ready to see it in action?
Run your first analysis in under two minutes. No setup, no API keys, no GPU required.