{"id":48443887,"url":"https://github.com/kernlang/kern","last_synced_at":"2026-05-17T22:03:16.219Z","repository":{"id":345229751,"uuid":"1184038966","full_name":"KERNlang/kern","owner":"KERNlang","description":"MCP review engine with 148 rules (taint tracking, OWASP LLM01, concept model) + universal IR compiler: .kern compiles to 13 targets including Next.js, Vue, Express, and FastAPI. AGPL-3.0.","archived":false,"fork":false,"pushed_at":"2026-04-21T09:24:41.000Z","size":14877,"stargazers_count":7,"open_issues_count":2,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-21T09:41:09.589Z","etag":null,"topics":["claude","claude-code","codex","ollama","qwen"],"latest_commit_sha":null,"homepage":"https://kernlang.dev","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/KERNlang.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-17T07:31:17.000Z","updated_at":"2026-04-21T09:24:44.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/KERNlang/kern","commit_stats":null,"previous_names":["kernlang/kern"],"tags_count":31,"template":false,"template_full_name":null,"purl":"pkg:github/KERNlang/kern","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KERNlang%2Fkern","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KERNlang%2Fkern/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KERNlang%2Fkern/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KERNlang%2Fkern/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/KERNlang","download_url":"https://codeload.github.com/KERNlang/kern/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KERNlang%2Fkern/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32126709,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-22T07:37:52.372Z","status":"ssl_error","status_checked_at":"2026-04-22T07:37:51.635Z","response_time":58,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["claude","claude-code","codex","ollama","qwen"],"created_at":"2026-04-06T17:01:16.967Z","updated_at":"2026-05-17T22:03:16.209Z","avatar_url":"https://github.com/KERNlang.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n \u003cbr\u003e\n \u003cimg src=\"assets/banner.svg\" alt=\"KERN — The LLM Programming Language\" width=\"100%\"\u003e\n \u003cbr\u003e\u003cbr\u003e\n\n [![npm](https://img.shields.io/npm/v/@kernlang/cli?color=cb3837\u0026label=npm)](https://www.npmjs.com/package/@kernlang/cli)\n [![CI](https://img.shields.io/github/actions/workflow/status/KERNlang/kern/ci.yml?branch=main\u0026label=CI)](https://github.com/KERNlang/kern/actions/workflows/ci.yml)\n [![GitHub release](https://img.shields.io/github/v/release/KERNlang/kern?label=release)](https://github.com/KERNlang/kern/releases)\n [![license](https://img.shields.io/github/license/KERNlang/kern)](LICENSE)\n\n \u003cbr\u003e\n\n **Built for humans and AI.** 192-line spec. 13 compile targets. 184 review rules.\u003cbr\u003e\n \u003csub\u003eLLMs write .kern in up to 85% fewer tokens. 7 LLMs verified.\u003c/sub\u003e\n\n \u003cbr\u003e\n\n [**kernlang.dev**](https://kernlang.dev) \u0026nbsp;\u0026bull;\u0026nbsp; [MCP](https://kernlang.dev/mcp) \u0026nbsp;\u0026bull;\u0026nbsp; [Review](https://kernlang.dev/review) \u0026nbsp;\u0026bull;\u0026nbsp; [Playground](https://kernlang.dev/playground) \u0026nbsp;\u0026bull;\u0026nbsp; [Docs](https://kernlang.dev/docs) \u0026nbsp;\u0026bull;\u0026nbsp; [For LLMs](https://kernlang.dev/llm)\n\n \u003cbr\u003e\n\u003c/div\u003e\n\n---\n\n## Install\n\n```bash\nnpm install -g @kernlang/cli\n```\n\n```bash\nkern compile src/ --target=nextjs --watch --facades --index # One command — compile, watch, facades, barrel\nkern review src/ --recursive # Static analysis (184 rules, taint tracking)\nkern init --template=fullstack my-app # Scaffold fullstack app (Next.js + Express + MCP)\nkern init --mcp # Scaffold an MCP server with security guards\nkern import src/ --outdir=kern/ # TypeScript → .kern\nkern schema --json # Full schema for LLM consumption\n```\n\n---\n\n## What is KERN?\n\n**KERN is a structural language with five capabilities: Compile, Review, Evolve, Infer, and MCP Security.**\n\nWrite `.kern` once, compile to 13 targets. Or skip `.kern` entirely and use `kern review` to scan your existing TypeScript and Python for security bugs, unguarded effects, and prompt injection — 184 AST-based rules that catch what ESLint misses.\n\n### Compilation Targets\n\n| Tier | Targets | Status |\n|:-----|:--------|:-------|\n| **Tier 1** (supported) | Next.js, Web (React), Tailwind, Express, MCP, CLI, Ink | Full schemas, deterministic output, golden examples |\n| **Tier 2** (stable) | Vue, Nuxt, FastAPI | Working, tested, production-ready |\n| **Tier 3** (experimental) | React Native, Terminal | Functional, limited test coverage |\n\nTiers are tracked per compile target, not per npm package. For example, `@kernlang/terminal` contains two separate targets: `--target=terminal` (pure ANSI/Node.js output) and `--target=ink` (React + Ink TSX output).\n\nFor detailed examples, interactive demos, and the full rule reference, visit **[kernlang.dev](https://kernlang.dev)**.\n\n---\n\n## Quick Example\n\n**7 lines of .kern:**\n\n```kern\nmachine name=Order initial=pending\n transition from=pending to=confirmed event=confirm\n transition from=confirmed to=shipped event=ship\n transition from=shipped to=delivered event=deliver\n```\n\n**Compiles to 140+ lines** of typed TypeScript — enums, transition functions, exhaustive checks, error classes.\n\n---\n\n## 5-Minute Quickstart\n\nBuild a fullstack Todo app (Next.js + Express + MCP) from scratch:\n\n```bash\n# 1. Install\nnpm install -g @kernlang/cli\n\n# 2. Scaffold\nkern init --template=fullstack my-todo-app\ncd my-todo-app\n\n# 3. Compile everything\nkern compile models.kern # shared types\nkern compile api.kern --target=express # backend API\nkern compile frontend.kern --target=nextjs # Next.js frontend\nkern compile mcp-server.kern --target=mcp # AI agent tools\n\n# 4. Run\ncd generated/api \u0026\u0026 npx tsx server.ts # API on :3001\n```\n\nAvailable templates: `fullstack`, `nextjs`, `express`, `file-tools`, `api-gateway`, `database-tools`\n\nSee [`examples/starter/fullstack/`](examples/starter/fullstack/) for the generated files.\n\n---\n\n## kern review\n\nStatic analysis with taint tracking, concept-level checks, and OWASP LLM01 coverage. No AI needed.\n\n```bash\nkern review src/ --recursive # Full scan\nkern review src/ --enforce --min-coverage=80 # CI gate\nkern review --diff origin/main # Only changed files\nkern review src/ --lint # KERN + ESLint + tsc unified\nkern review src/ --llm # AI review (see below)\n```\n\n**184 rules** across base, security, framework, performance, null-safety, dead-logic, concept, and taint-aware analysis layers.\n\n### AI-Assisted Review (`--llm`)\n\n`--llm` translates your code to KERN IR — a compressed semantic representation that strips framework sugar and gives raw meaning. Two modes:\n\n**Inside an AI CLI** (Claude Code, Codex, Cursor) — no env vars needed:\n```bash\nkern review src/ --llm # Outputs KERN IR + findings + taint for the AI to review\n```\n\n**CI/CD pipeline** — set both env vars to call an LLM API directly:\n```bash\nKERN_LLM_API_KEY=sk-... KERN_LLM_MODEL=gpt-4o kern review src/ --llm\n```\n\nNo hardcoded model — you choose via `KERN_LLM_MODEL`. Files are batched by token size, not count.\n\nFull rule reference: **[kernlang.dev/review](https://kernlang.dev/review)**\n\n### MCP Server Security\n\nScan MCP servers for vulnerabilities. 12 rules mapped to the [OWASP MCP Top 10](https://owasp.org/www-project-mcp-top-10/). Plus live server inspection and tool pinning.\n\n```bash\nnpx kern-mcp-security ./src/server.ts\n```\n\nAvailable as: **[VS Code Extension](https://github.com/KERNlang/kern-sight-mcp)** | **CLI** (`npx kern-mcp-security`) | **GitHub Action** (see CI/CD below)\n\n### MCP Server\n\nKERN ships its own MCP server. AI agents can compile, review, inspect, and self-correct `.kern` files via the Model Context Protocol.\n\n```bash\nnpx @kernlang/mcp-server # Start locally (stdio)\n```\n\nOr use the **hosted endpoint** — no install required:\n```\nhttps://kernlang.dev/api/mcp # Streamable HTTP — point any MCP client here\n```\n\n**Claude Desktop** — add to `claude_desktop_config.json`:\n```json\n{\n \"mcpServers\": {\n \"kern\": { \"command\": \"npx\", \"args\": [\"@kernlang/mcp-server\"] }\n }\n}\n```\n\n**Claude Code:**\n```bash\nclaude mcp add kern -- npx @kernlang/mcp-server\n```\n\n**16 tools** including `compile`, `compile-json`, `compile-and-review`, `review`, `review-kern`, `review-mcp-server`, `inspect-mcp-servers`, `verify-tool-pins`, `audit-mcp-config`, `generate-security-tests`, `parse`, `decompile`, `validate`, `list-targets`, `list-nodes`, `schema`\n**3 resources:** `kern://spec`, `kern://targets`, `kern://examples/{category}`\n**1 prompt:** `write-kern` (system prompt with full language spec)\n\nSelf-correction loop: `schema` → write `.kern` → `compile-json` → fix from diagnostics → done. Zero human intervention.\n\nFull setup guide: **[kernlang.dev/mcp](https://kernlang.dev/mcp)**\n\n### Build MCP Servers from .kern\n\n30 lines of .kern generates a production MCP server with auto-injected security guards:\n\n```bash\nkern init --mcp # Scaffold with templates\nkern compile server.kern --target=mcp --watch # Compile + hot reload\n```\n\nTemplates: `file-tools`, `api-gateway`, `database-tools`\n\n---\n\n## CI/CD\n\n### KERN Review — GitHub Action\n\nDrop this into `.github/workflows/kern-review.yml` to run `kern review` on every push and PR:\n\n```yaml\nname: KERN Review\n\non:\n push:\n branches: [main, dev]\n pull_request:\n branches: [main]\n\njobs:\n review:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v6\n\n - uses: actions/setup-node@v6\n with:\n node-version: '22'\n\n - name: Activate pnpm\n run: |\n corepack enable\n corepack prepare pnpm@10.32.1 --activate\n pnpm --version\n\n - run: pnpm install --frozen-lockfile --ignore-scripts\n - run: pnpm build\n\n - name: KERN Review\n run: npx @kernlang/cli review src/ --recursive\n\n # Optional: enforce minimum coverage\n # - name: KERN Review (enforced)\n # run: npx @kernlang/cli review src/ --recursive --enforce --min-coverage=80\n\n # Optional: LLM-assisted review (set secrets in repo settings)\n # - name: KERN Review (AI)\n # run: npx @kernlang/cli review src/ --recursive --llm\n # env:\n # KERN_LLM_API_KEY: ${{ secrets.KERN_LLM_API_KEY }}\n # KERN_LLM_MODEL: ${{ vars.KERN_LLM_MODEL }}\n```\n\n### MCP Security — GitHub Action\n\nDrop this into `.github/workflows/mcp-security.yml` for MCP server scanning with SARIF upload and PR comments:\n\n```yaml\nname: MCP Security\n\non:\n push:\n branches: [main, dev]\n pull_request:\n branches: [main]\n\npermissions:\n contents: read\n security-events: write\n pull-requests: write\n\njobs:\n scan:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n\n - uses: actions/setup-node@v4\n with:\n node-version: '20'\n\n - name: Install KERN MCP Security\n run: npm install -g @kernlang/review-mcp@latest\n\n - name: Scan MCP server code\n id: scan\n run: |\n kern-mcp-security --format json --output kern-mcp-security.json . || true\n kern-mcp-security --format sarif --output kern-mcp-security.sarif . || true\n\n RESULT=$(kern-mcp-security --quiet . 2\u003e\u00261) || true\n GRADE=$(echo \"$RESULT\" | head -1 | awk '{print $1}')\n SCORE=$(echo \"$RESULT\" | head -1 | awk '{print $2}')\n\n echo \"grade=$GRADE\" \u003e\u003e $GITHUB_OUTPUT\n echo \"score=$SCORE\" \u003e\u003e $GITHUB_OUTPUT\n echo \"MCP Security Score: $GRADE ($SCORE/100)\"\n\n - name: Verify tool pinning lockfile\n run: |\n if [ -f .kern-mcp-lock.json ]; then\n kern-mcp-security --verify . || echo \"::warning::Tool pinning drift detected\"\n else\n echo \"No .kern-mcp-lock.json found — run 'npx kern-mcp-security --lock .' to generate one\"\n fi\n\n - name: Upload SARIF to Code Scanning\n if: always() \u0026\u0026 hashFiles('kern-mcp-security.sarif') != ''\n uses: github/codeql-action/upload-sarif@v3\n with:\n sarif_file: kern-mcp-security.sarif\n category: kern-mcp-security\n continue-on-error: true\n\n - name: Post PR comment\n if: github.event_name == 'pull_request' \u0026\u0026 always()\n uses: actions/github-script@v7\n with:\n script: |\n const fs = require('fs');\n let report;\n try {\n report = JSON.parse(fs.readFileSync('kern-mcp-security.json', 'utf-8'));\n } catch { return; }\n\n const { grade, total } = report.score;\n const color = { A: '22c55e', B: '84cc16', C: 'f97316', D: 'f59e0b', F: 'ef4444' }[grade];\n const badge = `![Score](https://img.shields.io/badge/MCP_Security-${grade}_(${total}%25)-${color})`;\n\n let body = `## KERN MCP Security Report\\n\\n${badge}\\n\\n`;\n body += `| Metric | Score |\\n|--------|-------|\\n`;\n body += `| Guard Coverage | ${report.score.guardCoverage}% |\\n`;\n body += `| Input Validation | ${report.score.inputValidation}% |\\n`;\n body += `| Rule Compliance | ${report.score.ruleCompliance}% |\\n`;\n body += `| Auth Posture | ${report.score.authPosture}% |\\n\\n`;\n body += `**${report.findingsCount} finding(s)**\\n\\n`;\n body += `\u003e Scanned by [KERN MCP Security](https://kernlang.dev/review)`;\n\n const { data: comments } = await github.rest.issues.listComments({\n owner: context.repo.owner, repo: context.repo.repo,\n issue_number: context.issue.number,\n });\n const existing = comments.find(c =\u003e c.body?.includes('KERN MCP Security Report'));\n\n if (existing) {\n await github.rest.issues.updateComment({\n owner: context.repo.owner, repo: context.repo.repo,\n comment_id: existing.id, body,\n });\n } else {\n await github.rest.issues.createComment({\n owner: context.repo.owner, repo: context.repo.repo,\n issue_number: context.issue.number, body,\n });\n }\n\n - name: Enforce score threshold\n if: always()\n run: |\n SCORE=\"${{ steps.scan.outputs.score }}\"\n THRESHOLD=60\n if [ -n \"$SCORE\" ] \u0026\u0026 [ \"$SCORE\" -lt \"$THRESHOLD\" ] 2\u003e/dev/null; then\n echo \"::error::MCP Security score $SCORE is below threshold $THRESHOLD\"\n exit 1\n fi\n```\n\n### KERN Compile + Validate — GitHub Action\n\nDrop this into `.github/workflows/kern-compile.yml` to validate `.kern` files compile correctly on every PR:\n\n```yaml\nname: KERN Compile\n\non:\n push:\n branches: [main, dev]\n pull_request:\n branches: [main]\n\njobs:\n compile:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v6\n\n - uses: actions/setup-node@v6\n with:\n node-version: '22'\n\n - name: Activate pnpm\n run: |\n corepack enable\n corepack prepare pnpm@10.32.1 --activate\n pnpm --version\n\n - run: pnpm install --frozen-lockfile --ignore-scripts\n - run: pnpm build\n\n - name: Validate .kern files\n run: npx @kernlang/cli compile src/ --target=nextjs --json\n\n - name: Type-check generated output\n run: npx tsc --noEmit\n```\n\n### Release Process\n\nUse the built-in release workflows in this order:\n\n1. Run `Release Preflight` from `main` with a plain semver like `3.2.4`.\n2. Wait for the preflight run to pass build, test, and `pnpm publish --dry-run`.\n3. Publish a GitHub Release with a lowercase tag like `v3.2.4`.\n4. Let `Version \u0026 Publish` publish to npm and sync versions back to `dev`.\n\nContributor architecture guide: [docs/architecture.md](docs/architecture.md)\n\n---\n\n## Ecosystem\n\n| Package | What it does |\n|:--------|:-------------|\n| **[@kernlang/cli](https://www.npmjs.com/package/@kernlang/cli)** | CLI — compile, review, evolve, dev |\n| **[@kernlang/core](https://www.npmjs.com/package/@kernlang/core)** | Parser, codegen, types — the compiler engine |\n| **[@kernlang/test](https://www.npmjs.com/package/@kernlang/test)** | Native KERN structural test runner |\n| **[@kernlang/review](https://www.npmjs.com/package/@kernlang/review)** | 159 rules, taint tracking, OWASP LLM01, concept model |\n| **[@kernlang/review-mcp](https://www.npmjs.com/package/@kernlang/review-mcp)** | MCP security scanner (12 rules, OWASP MCP Top 10) |\n| @kernlang/react | Next.js, Tailwind, Web transpilers |\n| @kernlang/vue | Vue 3 SFC, Nuxt 3 transpilers |\n| @kernlang/native | React Native transpiler |\n| @kernlang/express | Express backend + WebSocket transpiler |\n| @kernlang/fastapi | FastAPI Python + WebSocket transpiler |\n| @kernlang/mcp | MCP server transpiler — .kern to secure MCP servers |\n| @kernlang/mcp-server | KERN's own MCP server — compile, review, parse via MCP |\n| @kernlang/terminal | ANSI terminal + Ink transpilers |\n| @kernlang/evolve | Self-extending template system |\n| @kernlang/review-python | Python review support (FastAPI, Django) |\n| @kernlang/playground | [Interactive compiler UI](https://kernlang.dev/playground) |\n| @kernlang/metrics | Language coverage analysis |\n| @kernlang/protocol | AI draft communication protocol |\n\n### VS Code Extensions\n\n- **[Kern MCP Security](https://marketplace.visualstudio.com/items?itemName=KERNlang.kern-mcp-security)** — MCP security scanner with inline findings, Security Score, autofixes ([Open VSX](https://open-vsx.org/extension/KERNlang/kern-mcp-security))\n- **[Kern Sight](https://marketplace.visualstudio.com/items?itemName=KERNlang.kern-sight)** — Review findings as inline diagnostics, sidebar panel, .kern syntax highlighting\n\n---\n\n## License\n\n**Dual-licensed: AGPL-3.0 + Commercial.**\n\n| Use case | License | Cost |\n|:---------|:--------|:-----|\n| Personal projects | AGPL-3.0 | Free |\n| Open-source projects | AGPL-3.0 | Free |\n| Education \u0026 research | AGPL-3.0 | Free |\n| Internal company tools (not distributed) | AGPL-3.0 | Free |\n| Commercial products \u0026 SaaS | **Commercial license** | [Contact us](mailto:hello@kernlang.dev) |\n\n**Why AGPL?** AGPL means if you use KERN in a product you distribute or serve to users, you must open-source your modifications. If you don't want that obligation, the commercial license gives you full freedom to use KERN in proprietary products without disclosure.\n\n**What the commercial license includes:**\n- Use KERN in closed-source products and SaaS\n- No obligation to open-source your code\n- Priority support and issue resolution\n- License for your entire engineering team\n\n**Contact:** [hello@kernlang.dev](mailto:hello@kernlang.dev) — we respond within 24 hours.\n\nCopyright (c) 2026 KERNlang\n\n---\n\n\u003cdiv align=\"center\"\u003e\n \u003ca href=\"https://kernlang.dev\"\u003e\u003cstrong\u003ekernlang.dev\u003c/strong\u003e\u003c/a\u003e\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkernlang%2Fkern","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkernlang%2Fkern","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkernlang%2Fkern/lists"}