Skip to content

What is Foil

Foil is a local AI-powered security code review tool for Apple Silicon Macs. It combines:

  • A function-level static scanner built on tree-sitter that extracts a code map and selects relevant rules per function
  • A code-specialised 7B LLM (default: Qwen2.5-Coder-7B-Instruct, 4-bit MLX) that reviews functions with the selected rules
  • An agentic investigation loop (Phase 6 during the scan, enabled by --deep) that re-examines HIGH logic-class findings using read-only inspector tools
  • A local web dashboard for browsing findings, managing projects, and reviewing deep-dive investigations

No source code, findings, or telemetry ever leave the machine. Models are downloaded once to ~/.foil/models/ and run through a local vllm-mlx engine on the unified memory.

Additional information

  • Foil is currentely tuned with limited gating on findings. We decided the 'get more findings, noise, and false positive' versus missing findings.
  • We use a non deterministic AI based review process, results might differ from a scan to another.
  • Using a bigger model, 14B if you have enough RAM, will give you better, more precise and less noisy results, paying with slower scan time.
  • If your system is tight in RAM, the model might start degrading reasoning performance. This is why we created a model (securityreview-7B) that runs fast and more 'on rails' instead of going free and hallucinating on tight HW local resources
  • Yes, an online cloud base Anthropic or Gemina model, will always work better, but we built the agent wrapping the model to make sure the model can operate in tight resources, more interactions, smaller context and tools that the agent/model can use to augment the context at investigation time.

Who it's for

  • Developers who want a fast, repeatable security review without sending code to a cloud LLM
  • Consultants and security teams auditing client codebases where exfiltration is not an option
  • Teams replacing or complementing pattern-based SAST with an LLM-reasoned second opinion

Editions

Edition What's included
Community CLI scanner, web dashboard, standard depth scans
Developer Everything in Community + --deep agentic investigations + deep-dive UI

Licensing and upgrade flow are documented in Licensing & editions.

How Foil works (at a glance)

  1. foil scan <path> or the app's "Scan" button hands a target to the background server.
  2. The scanner builds a code map (call graph, roles, entry points, data sinks).
  3. For each non-trivial function, it picks relevant rules and asks the LLM to review.
  4. Findings are stored in a per-project knowledge graph and surfaced in the CLI, dashboard, or as JSON.
  5. With --deep, HIGH logic-class findings (IDOR, broken auth, broken access) get a Phase 6 investigation that can request caller/auth/sink context before concluding.

Continue with Install or jump straight to the quick start.