CodeSage analyzes your GitHub repository and generates viva-ready questions that go beyond surface documentation — reaching into architecture, trade-offs, and your actual implementation.
codesage — viva session
$ codesage analyzegithub.com/you/your-project✦ Cloning repository...✦ Parsing AST with Tree-sitter (TypeScript, Python)...✦ Embedding 847 code chunks via NV-Embed-QA...✦ Generating examination with Llama-3.3-70B...✓ Ready · 12 questions across 4 difficulty levelsQ1 Your AuthMiddleware validates JWT on every route, but yourWebSocket handler skips it. Was this intentional? What are the implications for session hijacking?
Examination Modes
Three ways to be tested
Each mode is calibrated to a different evaluation context, from academic defense to industry hiring loops.
Viva Voce
Oral Defense
Simulates academic examination panels. Questions probe rationale, alternatives considered, and design intent — not just what you built, but why.
Technical Interview
Industry Hiring Loop
Replicates FAANG-style system design and code review rounds. Surfaces scalability gaps, edge cases, and algorithmic trade-offs in your actual codebase.
Code Review
Peer Review Sim
Generates senior-engineer-level feedback on architecture, coupling, test coverage, and documentation framed as questions you should be able to answer.
5
Specialized NIM models
15+
Languages via Tree-sitter
~3s
Time to first question
4
Difficulty levels
AI Pipeline
Five models. One examiner.
No single model handles examination well. CodeSage routes each task to a specialist — embedding, ranking, generation, scoring, and safety run as a coordinated pipeline.
Model
Role
Task
NV-Embed-QA
Embedding
Semantic code chunks
NV-Rerank-QA
Reranking
Query relevance scoring
Llama-3.3-70B
Examiner
Question generation
Nemotron-340B
Scorer
Objective answer grading
Llama-Guard-3
Safety
Content moderation
Live Demo
Questions from real code
These questions were generated from an actual Next.js repository. The examiner read the source — not the README.
The catch block on line 14 swallows the error silently. If JWT verification fails, the function returns undefined — not a redirect. How does Next.js handle a middleware that returns undefined?
SecurityMiddlewareHard
Q 02 · AUTH.TS:7
You're reading the token from req.cookies. What are the CSRF implications of cookie-based JWT vs Authorization header?
SecurityMedium
Q 03 · ENV
You use a non-null assertion on process.env.JWT_SECRET!. What happens in production if this variable is unset, and how would you guard against it?
ConfigTypeScriptEasy
Q 04 · ARCHITECTURE
This middleware runs at the edge but verify() from jsonwebtoken is a Node.js library. Why might this cause silent failures in Vercel Edge Runtime?
ArchitectureExpert
Direct GitHub import
Paste any public or private repo URL. CodeSage clones, parses, and analyzes — no local setup required.
AST-level analysis
Tree-sitter parses your code into an abstract syntax tree — questions reference actual line numbers, not summaries.
Personalized study guides
After each session, a scored breakdown maps your weak areas to specific concepts worth reviewing before the real exam.
Progress tracking
Historical session scores tracked across runs so you can see which areas have improved — and which need more work.
Objective scoring
The Nemotron reward model evaluates answers against rubrics — not vibes. Scores are reproducible and explainable.
Built-in content safety
Llama Guard 3 runs alongside the examiner, ensuring every generated question stays within appropriate academic scope.
Know your own code.
Connect your repository and start your first viva session in under a minute.