{"id":50318690,"url":"https://github.com/golab-arch/synaptic-sentinel","last_synced_at":"2026-05-29T02:01:53.322Z","repository":{"id":359846348,"uuid":"1247002205","full_name":"golab-arch/synaptic-sentinel","owner":"golab-arch","description":"The vibe-coding security sentinel. Apache-2.0 agentic security toolkit for AI-assisted projects: 5 deterministic scouts + LLM Brain Layer (BYOK Anthropic), in the IDE and CI.","archived":false,"fork":false,"pushed_at":"2026-05-23T17:55:33.000Z","size":762,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-23T19:24:54.400Z","etag":null,"topics":["ai-coding","ai-generated-code","byok","llm-security","sast","security","synaptic","taint-analysis","vibe-coding","vscode-extension"],"latest_commit_sha":null,"homepage":"https://marketplace.visualstudio.com/items?itemName=GoLab.synaptic-sentinel","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/golab-arch.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-22T19:45:46.000Z","updated_at":"2026-05-23T17:55:37.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/golab-arch/synaptic-sentinel","commit_stats":null,"previous_names":["golab-arch/synaptic-sentinel"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/golab-arch/synaptic-sentinel","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/golab-arch%2Fsynaptic-sentinel","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/golab-arch%2Fsynaptic-sentinel/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/golab-arch%2Fsynaptic-sentinel/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/golab-arch%2Fsynaptic-sentinel/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/golab-arch","download_url":"https://codeload.github.com/golab-arch/synaptic-sentinel/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/golab-arch%2Fsynaptic-sentinel/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33633468,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-29T02:00:06.066Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-coding","ai-generated-code","byok","llm-security","sast","security","synaptic","taint-analysis","vibe-coding","vscode-extension"],"created_at":"2026-05-29T02:01:52.431Z","updated_at":"2026-05-29T02:01:53.316Z","avatar_url":"https://github.com/golab-arch.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SYNAPTIC Sentinel\n\n\u003e **The vibe-coding security sentinel.** An Apache-2.0 agentic security toolkit for projects where most of the code is written by AI. Five deterministic scouts catch the syntactic problems; a Brain Layer (BYOK Anthropic) decides what really matters and how to fix it — all inside the IDE.\n\n**SYNAPTIC Sentinel** audits a project **inside the client's perimeter** — your code never leaves your machine — and produces inline findings for the developer plus an audit _tome_ (evidence package) for compliance and CI.\n\nThird product in the SYNAPTIC family, sibling of [SYNAPTIC Expert](https://marketplace.visualstudio.com/items?itemName=GoLab.synaptic-expert).\n\n## Status\n\n[![Visual Studio Marketplace Version](https://img.shields.io/visual-studio-marketplace/v/RealGoLab.synaptic-sentinel?label=marketplace\u0026color=blue)](https://marketplace.visualstudio.com/items?itemName=RealGoLab.synaptic-sentinel)\n[![Visual Studio Marketplace Installs](https://img.shields.io/visual-studio-marketplace/i/RealGoLab.synaptic-sentinel)](https://marketplace.visualstudio.com/items?itemName=RealGoLab.synaptic-sentinel)\n[![License: Apache-2.0](https://img.shields.io/badge/license-Apache--2.0-blue)](./LICENSE)\n\n🚀 **Live on the Visual Studio Marketplace** — [`RealGoLab.synaptic-sentinel`](https://marketplace.visualstudio.com/items?itemName=RealGoLab.synaptic-sentinel) (v0.3.3, Apache-2.0).\n\n🚧 **Active development (pre-1.0).** Operational: the Scout Layer (5 scanners), the Coordinator, the reporters (JSON/HTML/SARIF tome), the CLI, and the VSCode extension; the Brain Layer with 3 agents (Triage / Context / Remediation, BYOK multi-provider). **All packages under Apache-2.0** — no premium tier, no proprietary gating.\n\nInstall in VSCode:\n\n```sh\ncode --install-extension RealGoLab.synaptic-sentinel\n```\n\n## How it works\n\n- **Scout Layer (deterministic, parallel)** — five auditors that run as local processes and normalize their findings: **OpenGrep** (SAST, 17 curated rules with taint-flow), **Gitleaks** (secrets), **Trivy** (SCA), **Checkov** (IaC), and **Vibe-Detect** (anti-patterns specific to AI-generated code).\n- **Coordinator** — orchestrates the scouts with a per-scout kill-switch, deduplicates findings, and persists them in `colony.db`.\n- **Brain Layer (LLM, BYOK Anthropic)** — agents that triage, contextualize, and propose remediation for findings. Your Anthropic API key goes **directly** to the model; there is no Synaptic backend.\n- **Memory of the swarm** — patterns the Brain Layer has classified with strong evidence are pre-resolved on subsequent scans without spending an LLM token.\n- **Surfaces** — a CLI and a VSCode extension (primary surface).\n\n## What makes it the vibe-coding security sentinel\n\n- **Vibe-Detect scout** — a built-in scout dedicated to anti-patterns specific to AI-generated code: hallucinated APIs, plausible-looking but broken control flow, sycophantic comments, unbounded eval-of-user-input patterns. Native TypeScript, runs offline, no binary required.\n- **Taint analysis tuned for AI-assisted code** — `request.*` / `req.*` / `sys.argv` / `os.environ` followed to dangerous sinks (`exec`, `innerHTML`, `cursor.execute`, `open`), with the sanitizers an LLM-coded project will _actually_ use (`DOMPurify`, `escapeHtml`, `secure_filename`, `os.path.basename`).\n- **LLM-driven triage** — when a scout fires, the Brain Layer decides if the finding is a true positive in this codebase, not just a textbook pattern match. Three agents, three perspectives: **Triage** (true / false / inconclusive), **Context** (entry → propagation → sink → exposure), **Remediation** (concrete fix + code snippet).\n- **CI-native** — SARIF 2.1.0 export for GitHub Code Scanning / Azure DevOps; `scan --fail-on \u003cseverity\u003e` turns the scan into a CI gate (exit code 2 above threshold).\n\n## Monorepo structure\n\n| Package                     | License    | Description                                               |\n| --------------------------- | ---------- | --------------------------------------------------------- |\n| `packages/shared`           | Apache-2.0 | Common utilities                                          |\n| `packages/core`             | Apache-2.0 | Coordinator, `colony.db`, types (zod)                     |\n| `packages/scouts`           | Apache-2.0 | `ScoutAgent` contract + the 5 scouts                      |\n| `packages/reporters`        | Apache-2.0 | Tome model + JSON/HTML/SARIF export                       |\n| `packages/cli`              | Apache-2.0 | The `synaptic-sentinel` CLI                               |\n| `packages/vscode-extension` | Apache-2.0 | VSCode extension (thin shell, spawn-CLI architecture)     |\n| `packages/agents`           | Apache-2.0 | Brain Layer — LLM agents (Triage / Context / Remediation) |\n\n## Requirements\n\n- Node.js ≥ 20\n- pnpm ≥ 10\n\n## Quickstart\n\n```bash\npnpm install              # install dependencies and link workspaces\npnpm scanners:install     # download the OSS scanner binaries\npnpm build                # build packages + bundle the extension\nnode packages/cli/dist/index.js scan --path /path/to/your/project\n```\n\n**Full installation and usage guide: [ONBOARDING.md](ONBOARDING.md).**\n\n## Development\n\n```bash\npnpm build       # tsc -b (project references) + extension bundle\npnpm test        # full Vitest suite (unit + integration)\npnpm test:unit   # unit tests only (fast)\npnpm lint        # ESLint (flat config + typescript-eslint)\npnpm typecheck   # type check\npnpm format      # Prettier\npnpm verify      # per-cycle gate: format:check + lint + build + test:unit\n```\n\n## Privacy and data flow\n\n- **Your code never leaves your machine for the deterministic scans.** The 5 scouts run locally as child processes.\n- **For the Brain Layer (optional), each finding's snippet goes directly to Anthropic** — no proxy, no middleman, no Synaptic backend. BYOK.\n- **The audit memory (`colony.db`) lives in your repo's `.sentinel/` directory** (alongside `agents.yaml`). You decide whether to commit it. _Repos from v0.3.5 or earlier:_ the legacy `.synaptic-sentinel/colony.db` is still read (dual-read, no auto-migration to avoid data loss).\n\n## Documentation\n\n- [ONBOARDING.md](ONBOARDING.md) — installation, CLI and extension usage\n- [docs/colony-db.md](docs/colony-db.md) — the pheromone database\n- [.synaptic/DESIGN_DOC.md](.synaptic/DESIGN_DOC.md) — design and decisions log\n- `context/Synaptic_Sentinel_v0.4.md` — master design document\n\n## License\n\nAll packages are licensed under **Apache License 2.0** — see [LICENSE](LICENSE).\n\n© 2026 GoLab SpA.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgolab-arch%2Fsynaptic-sentinel","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgolab-arch%2Fsynaptic-sentinel","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgolab-arch%2Fsynaptic-sentinel/lists"}