CLI & Automation
Installation Overview
Code Genius is distributed as a standalone command-line binary that runs locally on your machine.
It does not require a runtime, package manager, or external dependencies.
Supported Operating Systems
Code Genius runs on:
- macOS (Intel and Apple Silicon)
- Linux
- Windows
A platform-specific binary is provided for each supported operating system.
Installation Process
At a high level, installing Code Genius involves:
- Downloading the appropriate binary for your operating system
- Renaming the binary to
code_genius - Adding the binary to your system
PATH - Verifying the installation from a terminal
Detailed, platform-specific instructions are available in the Devici platform.
Verifying Installation
After installation, verify that Code Genius is available by running:
code_genius --help
Authentication
Before running Code Genius commands, authenticate with Devici:
./code_genius login
This opens a browser window and securely authenticates your local CLI session.
Analyze Mode
Analyze mode generates a threat model from a single entry point.
Usage
./code_genius analyze [file] [flags]
Where [file] is the path to the file you want to analyze.
Function-Level Analysis
Analyze a specific function:
./code_genius analyze [file] --function [function_name]
List detected functions:
./code_genius analyze [file] --list
Combine both:
./code_genius analyze [file] -lf
Verbosity Levels
Control output detail using the --verbose flag:
./code_genius analyze [file] --verbose 0/1/2
- 0 — Minimal output
- 1 — Moderate output (default)
- 2 — Detailed output
Walk Mode
Walk mode analyzes all supported files in a directory.
./code_genius walk [directory]
Repository Mode (CI/CD)
Repository mode enables non-interactive execution for automation.
./code_genius repo [repository]
This mode requires a Devici API token and does not open a browser.
API Tokens for Code Genius
For CI/CD pipelines and other automated use cases, create an API token in Devici.
Recommended Preset
- Code Genius — includes all required permissions
Required Scopes (Manual Configuration)
If you configure scopes manually, ensure the API token includes:
cli— writethreat-models— writecollections— write
Configuration
Configure Code Genius using the config command.
Set Configuration Values
./code_genius config set <key>=<value>
Apply configuration to a profile:
./code_genius config set --profile <profile> <key>=<value>
List configuration options:
List configuration options:
Ignoring Files and Directories
.codegeniusignore
Exclude files or directories from analysis:
node_modules
dist
*.log
If no .codegeniusignore file exists, .gitignore is used when available.
Scenario Configuration (codegenius.yaml)
Define multiple threat modeling scenarios:
scenarios:
- name: ThreatModelOne
gitignore: false
include:
- src/
exclude:
- tests/
- name: ThreatModelTwo
gitignore: true
include:
- api/
Generate a template:
./code_genius walk template
Improving Model Accuracy
Model accuracy is influenced by:
- Code structure and complexity
- Framework conventions
- Inline documentation and annotations
- Entry point and function selection
Highly abstracted code may require additional refinement.
Known Limitations
- One repository per run
- Multi-repository aggregation is not supported
- Generated models require human review
Next Steps After Generation
After a model is created:
- Review elements, flows, and attributes
- Validate inferred trust boundaries
- Review threats and mitigations
- Use the Threat Register to manage findings
Code Genius accelerates threat modeling.