The Code Whisperer: LLM and Graph-Based AI for Smell and Vulnerability Resolution

TL;DR

The paper introduces The Code Whisperer, a hybrid AI framework combining graph analysis and large language models to improve detection, explanation, and repair of code smells and vulnerabilities across multiple programming languages.

Contribution

It presents a novel unified approach that jointly learns structural and semantic code signals, outperforming rule-based and single-model methods in detection and repair tasks.

Findings

Hybrid approach improves detection accuracy.

Produces more useful repair suggestions.

Enhances explainability and CI/CD integration.

Abstract

Code smells and software vulnerabilities both increase maintenance cost, yet they are often handled by separate tools that miss structural context and produce noisy warnings. This paper presents The Code Whisperer, a hybrid framework that combines graph-based program analysis with large language models to detect, explain, and repair maintainability and security issues within a unified workflow. The method aligns Abstract Syntax Trees (ASTs), Control Flow Graphs (CFGs), Program Dependency Graphs (PDGs), and token-level code embeddings so that structural and semantic signals can be learned jointly. We evaluate the framework on multi-language datasets and compare it with rule-based analyzers and single-model baselines. The results indicate that the hybrid design improves detection performance and produces more useful repair suggestions than either graph-only or language-model-only approaches. We also examine explainability and CI/CD integration as practical requirements for adopting AI-assisted code review in everyday software engineering workflows.