Features
Dead code detection (unused functions, imports, classes, variables)
Security vulnerability scanning (SQL injection, command injection)
Secrets detection for hardcoded credentials (AWS, Stripe, etc.)
Quality checks (complexity, nesting, duplicate literals)
AI defect detection: hallucinated imports, phantom calls, insecure defaults, removed controls
Confidence scoring for findings
CI/CD integration: GitHub Actions, tokenless CI
PR gate for blocking high-confidence regressions
Cloud workspace for shared triage and history
Real repo benchmarks: 98.1% recall, 21× fewer false positives than Vulture
Built-in Python framework coverage (Django, Flask, FastAPI, Pydantic)
Agent workflow detection (Claude Code, Cursor, Codex, Copilot)
Performance trace recording and insights
Network request analysis and inspection
Console message reading with source-mapped stack traces
Puppeteer-based automation with auto-wait
Slim mode for basic browser tasks
CLI usage without MCP client
Optional CrUX API integration for field data
Usage statistics with opt-out
Update checks via npm (configurable)
Multi-account Chrome support
Gemini integration via extension
Source-mapped stack traces in console output
Auto-wait for action results