Local-first repository proof

Make AI-agent work reviewable.

A product-grade CLI for maintainers who need Codex, Claude Code, Cursor, Gemini CLI, OpenCode, and MCP tools to operate inside clear, safe, verifiable repository boundaries.

Run the scan Release checklist
sample scan result
94Grade A
P0 secrets: 0 found
P1 CI proof: ready
P2 README: quick start present
P3 agent rules: clear boundary
what it checks

Agent instructions

Find missing or conflicting rules across AGENTS.md, Claude, Gemini, Codex, and Copilot instruction files.

Verification commands

Detect build, test, lint, typecheck, and check commands so agents can prove changes before they stop.

Security signals

Catch token-like values, tracked env files, unsafe workflow triggers, and risky pipe-to-shell patterns without uploading source code.

copy paste

One command, three reports.

npm install
npm run build
node dist/cli.js scan . --out .agent-reliability --format markdown,json,html
safety model

Local reports, redacted evidence.

Scans run on your machine and write local report files. Shared reports, docs examples, and issue reports must not include real secrets, private logs, cookies, browser profiles, or private URLs.

outputs

JSON and SARIF

Ready for automation, dashboards, and code scanning integrations.

HTML

A polished dashboard for maintainers, launch pages, and dogfood reports.

release material

Clean report

Use the clean report example to show the no-findings path without overclaiming coverage.

Safety boundary

Keep every shared report local-first, reproducible, and free of secrets, cookies, private logs, browser profiles, and private URLs.

launch kit

Channel copy

Use the prepared posts for X, LinkedIn, GitHub discussions, Hacker News, Reddit, and maintainer outreach.

Press kit

Use the boilerplate and FAQ when writing a release note, article, gallery caption, or maintainer reply.