OptiScan By OptiRefine
I Made a Python Code Checker in a Few Weeks. No Computer Science Degree, No Team
I want to be honest with you before you start reading this.
I did not study computer science in college. I took some computer science courses required but I never really wanted to go to school for it. I found that programing was a hobby that I loved to do during my off time. I even built an AI combining my passion for chemistry and programing. I can tell you that I didn't think I would be building a web application on a pure python engine and becoming a founder of a company.
This is the story of why I made OptiScan and what I learned along the way.
It Started With My Own Problems
I was not trying to make a product. I was trying to fix my way of working.
Like developers I was using artificial intelligence tools to help me write code faster.. For the most part it works. You get a function back in seconds. It looks right. It runs. You move on.
I kept running into the same problem. The code worked. Until it did not. A function that seemed fine would start slowing everything down once real data was running through it. A loop that looked innocent was secretly very slow. A database query that passed every test was firing a query for every single row in the result set.
The artificial intelligence was not lying to me. It was just doing what it was asked to do. Generating code that looks correct. It was not thinking about what happens when that code meets data. It was not checking whether the function it wrote three files over was already doing the thing. It was not checking for secrets sitting in text or file handles that never get closed.
I was doing all of that manually.. I kept missing things.
So I thought. What if there was something that could catch this stuff automatically? Not an intelligence second-guessing another artificial intelligence. Something that reads code the way a compiler does and tells you what it found.
Why Not Just Use an Artificial Intelligence Tool for This?
This is the question I knew people would ask, let me answer it.
Artificial intelligence code reviewers are like guessing games. They make guesses based on patterns in training data. Sometimes those guesses are very good. Sometimes they introduce a problem.. Importantly. You can never fully understand why they flagged something. The reasoning is a secret.
What I wanted was different. I wanted something where if it tells you there is a loop creating a bottleneck it is because it literally found a slow loop in the syntax tree of your code. Not because it thought there might be one. Not because it saw something that resembled one in training. Because it is there clearly in the code.
That is the foundation OptiScan is built on. Libcst, a syntax tree library for Python. It parses your source code into a tree structure where every single token, every node, every expression is accessible and traversable. When OptiScan finds something it found it. That is all.
What OptiScan Actually Does
Here is what the engine runs on every submission:
Time and Space Complexity Analysis
It checks loop depth detects slow patterns catches database query anti-patterns and flags blocking synchronous calls inside async functions.
Automated Refactoring
It does not just tell you what is wrong. It rewrites it. Slow loops get rewritten. Database queries get rewritten. Blocking calls get rewritten to async calls. The optimised code comes back ready to review.
Cyclomatic Complexity Scoring
Every function gets scored on decision-point density. How many if statements, loops, exception handlers, boolean operations it contains. Scores map to LOW, MEDIUM, HIGH. You can see at a glance which functions are becoming hard to maintain.
Dead Code Detection
A two-pass code scan identifies functions defined but never called and variables assigned but never read. Dead code is not just messy. It is hard to understand for every developer who reads the file. Remove it.
Memory and Resource Auditing
file handles. Lists wrapping expressions that only get iterated once. Appending inside loops accumulating lists in long-running services. These are the patterns that do not crash your app. They just slowly eat your memory until something does.
DevSecOps Static Analysis
secrets in variable names containing password, api_key token. Calls to eval or exec. Imports of subprocess, pickle, os without guardrails. These get flagged at parse time before they ever reach a code review.
In-Browser PyTest Generation and Execution
OptiScan generates PyTest scaffolding for every function it detects. Then. And this is the part I am most proud of. Executes those tests directly in your browser via Pyodide. No local environment. No installation. It just runs.
The Part Nobody Tells You About Building
The technical decisions were honestly the part.
The hard part was the week where I had been staring at the code for four days and could not figure out why the fix was breaking the module structure on certain inputs. There is no engineer to ask. No code review. Just. The error message and the documentation.
I also had to learn things I did not expect to need. Configuring security on a backend. Handling webhooks. Writing a Privacy Policy that actually protects both my users and me legally. None of that is in any tutorial on how to build a dev tool.
That is also what made shipping feel real. I did not hand off the parts. I figured them out.
What I Would Do
Start with security headers. I got flagged by a security scanner after launch because my frontend was missing a security header. Took twenty minutes to fix. Should have done it before day one.
Write the Privacy Policy earlier. As a developer tool that receives source code this matters more than most. Engineers are rightly suspicious of tools that might train on their code. I added an explicit source code pledge. We do not store it we do not train on it we do not read it.. I should have had that visible from the very first user.
Do not underestimate how much work marketing is. The code took weeks. The marketing is ongoing forever. You have to keep showing up.
Where It Is
OptiScan is live, at optirefine.qzz.io.
Free tier gets you the core analysis and refactoring engine. Pro unlocks the full suite. Code Quality reports, DevSecOps scanning, memory auditing and the interactive test runner.
If you write Python APIs, Django apps, data pipelines, async microservices. And you are using artificial intelligence tools to move faster OptiScan is the thing that checks what those artificial intelligence tools left behind.
Go try it. Break it. Tell me what you think.
I read every piece of feedback.
Made by a self-taught developer who just wanted to fix his workflow. Turns out other people had the problem.