Summary

TheAuditor is an AI-centric SAST and code intelligence platform designed as an "antidote to VibeCoding." It provides verifiable ground truth for developers and AI assistants, detecting security vulnerabilities, tracking data flow, analyzing architecture, and identifying refactoring issues. Its core benefit is enabling trustworthy AI-assisted development by ensuring AI tools operate on factual, uninterpreted data.

How It Works

TheAuditor orchestrates industry-standard linters and security scanners, preserving their raw output without summarization. This verifiable data is then adapted into structured, AI-digestible chunks for LLMs. This approach ensures AI assistants work with facts, facilitating self-correction loops where AI can identify and fix its own mistakes, making AI development trustworthy and production-ready.

Quick Start & Requirements

Install via git clone and pip install -e . using system Python. To analyze a project, navigate to it and run aud setup-claude --target . for a sandbox. Analysis uses aud init (first time) and aud full. Results are in .pf/.

Highlighted Details

• AI-Ready Reports: Generates chunked, structured output optimized for LLM consumption.
• Refactoring Detection: Identifies incomplete migrations, API contract mismatches, and cross-stack inconsistencies.
• Dependency Graph Visualization: Offers rich visual intelligence with multiple view modes and AI-readable SVG output.
• Universal AI Integration: Works with any AI assistant or IDE that can execute commands and read files.

Maintenance & Community

Contributions are welcomed via CONTRIBUTING.md. Support and feature requests should be directed to GitHub issues. A roadmap is available.

Licensing & Compatibility

Licensed under AGPL-3.0. For commercial use, SaaS, or proprietary integration, contact via GitHub for licensing options.

Limitations & Caveats

Its security scanning behavior can trigger antivirus software, causing performance degradation (10-50%) and potential file quarantines. This is an inherent consequence of security analysis tools. It is an engineering tool, not a replacement for formal third-party audits.