Skip to content

Latest commit

 

History

History
144 lines (107 loc) · 5.5 KB

File metadata and controls

144 lines (107 loc) · 5.5 KB

codeguard placeholder banner

CI status CD status Go Report Card LinkedIn

codeguard is a standalone Go service and CLI for repository checks across code quality, design boundaries, security, CI/CD hygiene, AI prompt governance, and repo-specific policy rules.

It now supports repository exclusions, baselines, waivers, changed-lines diff scans, SARIF output, GitHub annotations, custom rule packs, natural-language custom rules through an optional AI runtime, policy profiles, scan caching, doctor checks, rule discovery from the CLI, native TypeScript/Python quality, design, and security heuristics, and language-specific command checks.

AI-generated-code quality coverage includes an AI-failure-mode rule pack, slop_score artifacts, provenance-aware review policy hooks, local idiom drift checks, optional provider-backed hybrid triage and semantic review passes, natural-language custom rules through an optional AI runtime, and a verified-fix flow that only returns patches after isolated patch validation plus test reruns succeed.

Rule discovery APIs expose per-check metadata, including execution_model (go-native, language-agnostic, or command-driven) and language_coverage (fixed target languages, repository-wide, or configurable).

Installation

go install github.com/devr-tools/codeguard/cmd/codeguard@latest

Or build from source:

make build

Other install paths:

  • GitHub Releases: tagged archives for direct download
  • Homebrew: brew install devr-tools/tap/codeguard
  • GitHub Marketplace Action: Devr Codeguard

npm (installs a prebuilt binary, no Go toolchain required):

npm install -g @devr-tools/codeguard
codeguard version

pip (installs a prebuilt binary per platform; the project is devr-codeguard because the plain codeguard name is taken, but the command is still codeguard):

pip install devr-codeguard
codeguard version
- name: Devr Codeguard
  uses: devr-tools/codeguard@v0.8.1

Or run in Docker:

docker build -t codeguard .
docker run --rm -v "$PWD:/workspace" -w /workspace codeguard scan

For local release automation:

make commit
make release
make release-check
make deploy

For SDK consumers:

go get github.com/devr-tools/codeguard/pkg/codeguard

Quick Start

codeguard init
codeguard validate -config codeguard.yaml
codeguard doctor -config codeguard.yaml
codeguard scan -config codeguard.yaml
codeguard scan-history
codeguard rules
codeguard profiles
codeguard explain security.hardcoded-credential
codeguard baseline -config codeguard.yaml -output codeguard-baseline.json

codeguard rules prints each rule's level, execution model, language coverage, section, and title. codeguard explain <rule-id> includes the same metadata for a single rule.

By default, codeguard looks for codeguard.yaml, codeguard.yml, or codeguard.json in the repository root. If those are missing, it also checks .codeguard/codeguard.yaml, .codeguard/codeguard.yml, and .codeguard/codeguard.json.

If you point -config at a directory such as .codeguard, codeguard will look inside it for codeguard.* or config.* files.

Text output includes ANSI color and emoji markers by default. Set NO_COLOR=1 if you want plain terminal output.

If you want a JSON starting point instead, use examples/codeguard.json.

SDK

Import the SDK from github.com/devr-tools/codeguard/pkg/codeguard.

package main

import (
	"context"
	"log"

	"github.com/devr-tools/codeguard/pkg/codeguard"
)

func main() {
	cfg := codeguard.ExampleConfig()
	report, err := codeguard.Run(context.Background(), cfg)
	if err != nil {
		log.Fatal(err)
	}
	_ = report
}

Docs