Powered by Gemma 4 Thinking Mode

Your AI writes bugs.
NeuroGuard explains why.

Review Python, JavaScript, and TypeScript for security vulnerabilities using Gemma 4's glass-box Thinking Mode — watch the model reason through every flaw in real-time, then verify the fix with SAST.

$ pip install neuroguard-ai

Python 3.12+ · Free Google AI Studio API key

neuroguard review app.py
NeuroGuard live demo — Gemma 4 reasoning trace on the left, secure rewrite on the right

How it works

🧠

Glass-Box Reasoning

Gemma 4's include_thoughts=True API streams the full cognitive trace as structurally separate parts — you see exactly how the model found every vulnerability before accepting any output.

🔒

SAST Verified

Every rewrite is independently confirmed clean by Bandit. AI reasoning + static analysis. Two layers of confidence before you trust the output.

CI/CD Ready

JSON output, exit codes, GitHub Actions template, and pre-commit hook. Drop it into your pipeline — it fails the build if vulnerabilities are detected.

Usage

terminal
# review a file
$ neuroguard review app.py
# scan a directory
$ neuroguard review src/
# save the secure rewrite
$ neuroguard review app.py --save app_secure.py
# JSON output for CI/CD
$ neuroguard review app.py --format json | jq '.original_findings'
# add pre-commit hook
$ neuroguard install-hooks && pre-commit install

What NeuroGuard Catches

Gemma 4 reasons through OWASP Top 10 vulnerabilities in your code

SQL Injection

OWASP A03

Hardcoded Secrets

OWASP A02

Missing Auth

OWASP A01

Code Injection / eval()

OWASP A03

Debug Mode Exposure

OWASP A05

Insecure Deserialization

OWASP A08

Weak Cryptography

OWASP A02

XSS / Prototype Pollution

OWASP A03 / A08

Stop shipping vulnerabilities

Get a free Google AI Studio key and start reviewing in under 2 minutes.

pip install neuroguard-ai View on GitHub

Built for the Dev.to Google Gemma 4 Challenge · Apache 2.0 License · Python 3.12+

Find it useful? Star on GitHub  ·  React on Dev.to — both help with challenge judging.