Skip to content

xodn348/codekit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

81 Commits
packages
packages
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
package.json
package.json
 
 

Repository files navigation

CodeKit

AI-native code quality and security toolkit for AI-assisted development

License: MIT

CodeKit is a monorepo containing two complementary tools that make AI agents write better and safer code.

Packages

Package npm Description
ai-native npm Evidence-based coding guidelines for AI agent interaction. Constitution + MCP tools.
codesure npm Privacy-first security scanner. 5-stage pipeline, 36 YAML rules, 100% local.

Quick Start

One command installs both tools for all your AI coding clients:

npx -y ai-native setup

This registers both ai-native (code quality) and codesure (security scanning) as MCP servers for Claude Code, Claude Desktop, Cursor, Codex, and more.

How They Work Together

Developer writes code with AI assistant
         │
         ├── ai-native (Layer 1)
         │     Constitution loaded per prompt (~1,100 tokens)
         │     Enforces: naming, types, error handling, architecture
         │
         └── codesure (on code changes)
               5-stage security scan runs automatically
               Catches: injection, XSS, secrets, malicious patterns

ai-native sets the quality bar. codesure enforces the security floor. Together they create a feedback loop where AI agents produce code that is both well-structured and vulnerability-free.

Architecture

codekit/
├── packages/
│   ├── ai-native/          # npm: ai-native
│   │   ├── src/             # MCP server + CLI (setup, init)
│   │   ├── docs/            # 16 guideline files (Layer 2)
│   │   ├── research/        # 25+ paper citations
│   │   └── templates/       # AGENTS.md, tsconfig templates
│   │
│   └── codesure/            # npm: codesure
│       ├── src/
│       │   ├── engine/      # regex, AST taint, entropy, chain, context
│       │   ├── tools/       # scan_code, scan_package, scan_manifest
│       │   └── rules/       # 36 YAML detection rules
│       └── AGENTS.md
│
├── scripts/
│   └── update-readme.js     # Shared: auto-inject changelog on npm version
└── package.json              # npm workspaces root

Development

# Install all dependencies
npm install

# Build both packages
npm run build

# Test both packages
npm run test

# Build/test individual package
npm run build -w packages/ai-native
npm run test -w packages/codesure
Release Process

Each package is versioned and published independently:

# Release ai-native
cd packages/ai-native
npm version patch
npm run build
npm publish
cd ../..
git push --follow-tags

# Release codesure
cd packages/codesure
npm version patch
npm run build
npm publish
cd ../..
git push --follow-tags

The version script automatically injects changelog entries into each package's README.

Cross-Evaluation

These packages evaluate each other:

  • ai-native evaluates codesure: Checks code quality (naming, types, error handling, function size, TSDoc coverage)
  • codesure evaluates ai-native: Scans for security vulnerabilities (injection, secrets, command execution)

This mutual evaluation ensures both packages maintain high standards.

Previously

This monorepo consolidates two previously separate repositories:

Git history from both repositories is preserved.

License

MIT

About

AI-native code quality and security toolkit for AI-assisted development

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages