This work proposes a unified framework that integrates graph neural networks with large language models (LLMs) to jointly detect, explain, and repair software maintainability and security issues. Addressing the high false-positive rates and maintenance overhead of existing code smell and vulnerability detection tools—stemming from their lack of structured contextual awareness—the approach uniquely fuses multi-dimensional program graphs, including abstract syntax trees (ASTs), control flow graphs (CFGs), and program dependence graphs (PDGs), with deep code embeddings. The resulting model is cross-lingual, interpretable, and readily integrable into CI/CD pipelines. Empirical evaluation on multilingual datasets demonstrates significant improvements over conventional rule-based analyzers and single-model baselines, achieving higher detection accuracy and generating more practical repair suggestions.

Code smells and software vulnerabilities both increase maintenance cost, yet they are often handled by separate tools that miss structural context and produce noisy warnings. This paper presents The Code Whisperer, a hybrid framework that combines graph-based program analysis with large language models to detect, explain, and repair maintainability and security issues within a unified workflow. The method aligns Abstract Syntax Trees (ASTs), Control Flow Graphs (CFGs), Program Dependency Graphs (PDGs), and token-level code embeddings so that structural and semantic signals can be learned jointly. We evaluate the framework on multi-language datasets and compare it with rule-based analyzers and single-model baselines. The results indicate that the hybrid design improves detection performance and produces more useful repair suggestions than either graph-only or language-model-only approaches. We also examine explainability and CI/CD integration as practical requirements for adopting AI-assisted code review in everyday software engineering workflows.