Skip to content

Code Genius

Code Genius is an intelligent, local-first analysis tool that generates threat models directly from source code.

It analyzes real application logic to infer architecture, data flows, and security-relevant behavior, producing a draft threat model that teams can review and refine in Devici.

What Code Genius Does

Code Genius helps teams:

  • Generate threat models from source code
  • Identify architectural components and data flows
  • Infer security-relevant attributes from code behavior
  • Accelerate early-stage and continuous threat modeling

The output is a draft threat model, intended to be validated and refined by your organization.

How Code Genius Works

Code Genius runs as a local command-line application.

  • Source code is analyzed locally on your machine
  • Code is never uploaded to Devici
  • Lightweight architectural artifacts are generated in memory
  • Only high-level design metadata is sent to the Devici platform

This approach preserves source code privacy while enabling accurate model generation.

Supported Languages and Frameworks

Code Genius currently supports:

  • JavaScript / TypeScript

    • Node.js
    • Express
    • NestJS

  • Python

    • Django
    • Flask
    • FastAPI
    • boto3

  • Java

    • Spring

  • C#

    • .NET / ASP.NET

  • C++

Model Generation and Mapping

Code Genius generates threat models by applying deterministic, rule-based analysis to source code and mapping the results to the Devici Open Threat Model (OTM) schema.

It does not use AI or machine learning and does not perform semantic interpretation of business logic.

Schema-Aware Model Generation

Code Genius is aware of the Devici OTM structure, including:

  • Processes
  • Data stores
  • External entities
  • Trust boundaries
  • Data flows
  • Element metadata

Using this schema, Code Genius maps detected code constructs into structurally valid threat models that integrate directly into Devici workflows.

Rule-Based Inference

Based on static analysis and framework-specific rules, Code Genius can:

  • Assign element types based on detected constructs
  • Apply attributes derived from framework usage and code patterns
  • Identify data flow relationships between components
  • Detect trust boundary transitions where applicable

Code Genius does not infer intent or business meaning and does not fabricate attributes.
All outputs are the result of deterministic rules applied to analyzed code.

Security Controls and Mitigations

Any security controls or mitigations associated with generated models are applied through predefined mappings in the Devici Codex based on detected attributes.

They are not the result of contextual reasoning or dynamic analysis and should be reviewed and validated by users.

Data Handling and Security

What Code Genius Processes

  • Source code is read locally
  • Relevant structures are parsed in memory
  • Lightweight artifacts are generated

What Is Sent to Devici

  • High-level architectural metadata only
  • No source code
  • No proprietary logic

What Is Not Stored

  • Source code
  • Application IP
  • Local file contents

Isolation and Compliance

  • Each Devici workspace is isolated
  • Data remains within Devici’s secure environment
  • Code Genius does not persist local analysis data