CodeAnt-AI
diff --git a/‎changelog.md‎
Lines changed: 3 additions & 0 deletions b/‎changelog.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎package-lock.json‎
Lines changed: 15 additions & 3 deletions b/‎package-lock.json‎
Lines changed: 15 additions & 3 deletions
diff --git a/‎package.json‎
Lines changed: 3 additions & 2 deletions b/‎package.json‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎src/commands/secrets.js‎
Lines changed: 6 additions & 47 deletions b/‎src/commands/secrets.js‎
Lines changed: 6 additions & 47 deletions
@@ -1,5 +1,8 @@
 # Changelog
 
+## [0.3.5] - 01/04/2026
+- Local secret detection
+
 ## [0.3.4] - 25/03/2026
 - Telemetry opt-out flag
 
 
@@ -1,6 +1,6 @@
 {
   "name": "codeant-cli",
-  "version": "0.3.4",
+  "version": "0.3.5",
   "description": "Code review CLI tool",
   "type": "module",
   "bin": {
@@ -40,7 +40,8 @@
     "minimatch": "^10.1.1",
     "open": "^10.1.0",
     "posthog-node": "^5.28.5",
-    "react": "^18.3.1"
+    "react": "^18.3.1",
+    "smol-toml": "^1.6.1"
   },
   "devDependencies": {
     "vitest": "^1.6.1"
 
@@ -1,15 +1,13 @@
 import { useState, useEffect } from 'react';
 import { useApp } from 'ink';
-import { getConfigValue } from '../utils/config.js';
-import { fetchApi } from '../utils/fetchApi.js';
 import SecretsApiHelper from '../utils/secretsApiHelper.js';
+import { detectSecrets } from '../utils/secretsDetector.js';
 import {
   renderInitializing,
   renderFetchingDiff,
   renderScanning,
   renderNoFiles,
   renderError,
-  renderNotLoggedIn,
   renderDone,
 } from '../components/SecretsUI.js';
 
@@ -22,30 +20,12 @@ export default function Secrets({ scanType = 'all', failOn = 'CRITICAL', include
   const [scanMeta, setScanMeta] = useState(null);
   const [startTime] = useState(() => Date.now());
 
-  const apiKey = getConfigValue('apiKey');
-
-  // Handle not logged in state
-  useEffect(() => {
-    if (!apiKey) {
-      if (process.stdin.isTTY) {
-        return;
-      }
-      const id = setTimeout(() => exit(new Error('Not logged in')), 0);
-      return () => clearTimeout(id);
-    }
-  }, [apiKey, exit]);
-
-  if (!apiKey) {
-    return renderNotLoggedIn();
-  }
-
-  // Helper to check if a secret should cause failure based on failOn level
   const shouldFailOn = (confidenceScore) => {
     const score = confidenceScore?.toUpperCase();
     if (score === 'FALSE_POSITIVE') return false;
     if (failOn === 'HIGH') return score === 'HIGH';
     if (failOn === 'MEDIUM') return score === 'HIGH' || score === 'MEDIUM';
-    return true; // 'all' - fail on any non-false-positive
+    return true;
   };
 
   useEffect(() => {
@@ -56,7 +36,6 @@ export default function Secrets({ scanType = 'all', failOn = 'CRITICAL', include
         if (cancelled) return;
         setStatus('fetching_diff');
 
-        // Initialize git helper and get files
         const helper = new SecretsApiHelper(process.cwd());
         await helper.init();
 
@@ -66,8 +45,6 @@ export default function Secrets({ scanType = 'all', failOn = 'CRITICAL', include
 
         const meta = requestBody._meta || null;
         setScanMeta(meta);
-
-        // Strip _meta before sending to API
         delete requestBody._meta;
 
         if (requestBody.files.length === 0) {
@@ -78,17 +55,10 @@ export default function Secrets({ scanType = 'all', failOn = 'CRITICAL', include
         setFileCount(requestBody.files.length);
         setStatus('scanning');
 
-        // Call the secrets detection API
-        const response = await fetchApi(
-          '/extension/pr-review/secrets-detection',
-          'POST',
-          requestBody
-        );
+        // Local detection — no API call needed
+        const detectedSecrets = detectSecrets(requestBody.files);
 
         if (cancelled) return;
-        const detectedSecrets = response.secretsDetected || [];
-
-        // Filter to only include files with actual secrets
         const filesWithSecrets = detectedSecrets.filter(
           file => file.secrets && file.secrets.length > 0
         );
@@ -106,25 +76,16 @@ export default function Secrets({ scanType = 'all', failOn = 'CRITICAL', include
     }
 
     scanSecrets();
-
-    return () => {
-      cancelled = true;
-    };
+    return () => { cancelled = true; };
   }, [scanType, include, exclude, lastNCommits, baseBranch, baseCommit]);
 
-  // Handle exit after status changes
   useEffect(() => {
     if (status === 'done') {
-      // Check if any secrets should cause failure based on failOn level
       const hasBlockingSecrets = secrets.some(file =>
         file.secrets.some(secret => shouldFailOn(secret.confidence_score))
       );
-
       if (hasBlockingSecrets) {
-        setTimeout(() => {
-          process.exitCode = 1;
-          exit(new Error('Secrets detected'));
-        }, 100);
+        setTimeout(() => { process.exitCode = 1; exit(new Error('Secrets detected')); }, 100);
       } else {
         setTimeout(() => exit(), 100);
       }
@@ -135,8 +96,6 @@ export default function Secrets({ scanType = 'all', failOn = 'CRITICAL', include
     }
   }, [status, secrets]);
 
-  // ── Renders ──────────────────────────────────────────────────────────────
-
   if (status === 'initializing') return renderInitializing(startTime);
   if (status === 'fetching_diff') return renderFetchingDiff(startTime);
   if (status === 'scanning') return renderScanning(startTime, fileCount, scanMeta);