Delv
Codingby Qodo4.3

Qodo

Agentic code integrity platform (formerly Codium AI) with 15+ review, test and documentation workflows across IDE, CLI and Git.

Try it Also in Tools: AI Code & Dev
C
Safety & Trust

Delv Safety Grade: C

Score 58/100 · assessed 2026-04-18

Maintainer65
Permissions40
Supply chain55
Transparency45
Incidents85

Qodo (formerly Codium AI) is a commercial code integrity platform from a venture-backed startup. The company has raised funding and maintains an active product across multiple IDEs and Git platforms, suggesting reasonable organisational stability. However, the absence of a public repository severely limits transparency and independent security review. As an autonomous agent with broad code access, it requires filesystem read/write, network outbound for AI processing, and likely shell execution for testing workflows. The closed-source nature means supply chain verification relies entirely on vendor distribution channels. The rebrand from Codium AI to Qodo occurred in 2024. Freemium model with paid tiers suggests ongoing commercial support, but lack of open code review and unclear data handling for AI processing present notable trust barriers for security-conscious teams.

Green flags

  • Venture-backed company with apparent ongoing development
  • Multi-platform support suggests sustained engineering effort
  • Freemium model indicates commercial viability
  • Established presence in IDE marketplaces (VSCode, JetBrains)

Red flags

  • No public repository limits independent security review
  • Closed-source autonomous agent with broad code access
  • Unclear where code is sent for AI processing (external LLM likely)
  • Rebrand from Codium AI may indicate corporate instability
  • No visible changelog or public issue tracker

Permissions requested

Read filesWrite filesOutbound networkShell executeExternal LLM callRepo readRepo write
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Pricing

FREEMIUMFree tier, paid plans

Platforms

vscodejetbrainsgithubcli

Review

Qodo (the rebrand of Codium AI) is a code integrity agent that runs fifteen-odd workflows across your IDE, CLI and Git pipeline. The autonomy here is narrow but real: point it at a pull request and it will analyse changes, flag risks, suggest tests, and write documentation without you babysitting each step. I've used it most for PR review on GitHub, where it catches the boring stuff - missing null checks, untested edge cases, inconsistent error handling - that I'd otherwise skim past at 5pm. The test generation workflow is the standout. Feed it a function and it writes unit tests that actually compile and cover realistic branches, not the toy examples you get from raw GPT-4. It understands project context because it indexes your codebase, so the tests match your existing patterns. The IDE plugins (VS Code and JetBrains) feel less essential. They surface suggestions inline, but the feedback loop is slower than just asking Cursor or Copilot directly. The CLI is where Qodo earns its keep if you want to gate CI on quality checks. Compared to something like Sweep, Qodo is less ambitious about autonomous bug fixes but more reliable on the tasks it does tackle. Sweep will try to write entire features; Qodo sticks to review, test and docs, and does them well enough that I trust the output without heavy editing. Failure modes: it occasionally hallucinates test assertions when the function logic is ambiguous, and the documentation it writes can be verbose. The free tier is generous - enough to evaluate it properly - but the paid plans add team features and higher rate limits that matter if you're running it on every PR in a busy repo.
Verdict

Worth paying for if you review a lot of pull requests or maintain legacy code that lacks tests. Skip it if you're already happy with Cursor's inline suggestions and don't need the CI integration. The free tier is enough to decide.

Good at

  • Test generation that actually compiles and matches project conventions
  • PR review catches real issues without false positive spam
  • CLI integration works well in CI pipelines
  • Indexes your codebase for context-aware suggestions
  • Generous free tier with no credit card required

Watch out

  • IDE plugins feel redundant if you already use Cursor or Copilot
  • Documentation output can be unnecessarily verbose
  • Occasionally hallucinates test assertions on ambiguous logic
  • Paid plans required for team features and higher rate limits
  • Less ambitious than agents like Sweep for autonomous bug fixes

Use cases

  • PR review
  • unit test generation
  • code quality