Package Exports
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@whitehatd/crag) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
crag
Make every AI agent obey your codebase.
One governance.md -> compiled to CI, hooks, and every agent. No drift.
npx @whitehatd/cragAGENTS.md | Claude Code | Cursor | Copilot | Gemini | Cline | Continue | Windsurf | Zed | Amazon Q | GitHub Actions | Forgejo Actions | Husky | Pre-commit
crag.sh | Audit Tool | Leaderboard | Dashboard | Docs | VS Code | Neovim | Status
The problem
Your CI is the ground truth for what quality means in your repo. Your AI agents don't know it. When you add a lint gate in GitHub Actions, your Cursor rules don't update. Your CLAUDE.md doesn't update. Fourteen tool-specific files -- all drifting apart.
Developers fix bad AI suggestions in 2 seconds and think "AI is dumb sometimes." They never aggregate the cost: 30 seconds per bad suggestion x 10 devs x 50 prompts per day = hours of wasted time. Nobody diffs their config files.
The fix
crag reads your CI and codebase once, writes a single governance.md, and compiles it to every tool's native format. One file in. Fourteen files out. Change a rule once, recompile, done.
Deterministic. No LLM. No network. No API keys. Zero dependencies.
Install
# Global install
npm install -g @whitehatd/crag
# Or run directly
npx @whitehatd/cragRequires Node.js 18+ and git.
Quick start
# 1. See it live on a temp project (~3 seconds)
crag demo
# 2. Analyze your repo -- generates governance.md
crag analyze
# 3. Compile to all AI tools and CI
crag compile --target all
# 4. Check for drift
crag audit
# 5. Auto-fix drift
crag audit --fix
# 6. Install pre-commit hook to keep configs in sync
crag hook installOr do it all in one shot:
crag # analyze + compile + audit
crag auto # full pipeline: analyze, compile, audit, hook installCommands
| Command | Description |
|---|---|
crag |
Default: analyze + compile + audit in one shot |
crag analyze |
Read CI, package manifests, code patterns. Write governance.md |
crag compile --target <t> |
Compile governance.md to a specific target format |
crag compile --target all |
Compile to all 14 targets at once |
crag compile --target scaffold |
Generate hooks, settings, agents, CI playbook |
crag audit |
Detect drift between governance.md and compiled configs |
crag audit --json |
Machine-readable drift report |
crag audit --fix |
Auto-recompile stale targets |
crag auto |
Full pipeline: analyze, compile, audit, hook install |
crag check |
Verify crag infrastructure is complete and current |
crag demo |
Self-contained proof-of-value on a temp project |
crag diff |
Show exactly where governance and codebase diverge |
crag doctor |
Deep diagnostic: integrity, drift, hook validity |
crag hook install |
Install pre-commit hook (auto-recompile on governance change) |
crag hook install --drift-gate |
Also block commits if drift is detected |
crag init |
Interactive setup for new projects |
crag login |
Authenticate with crag cloud |
crag sync |
Sync governance to crag cloud |
crag team |
Manage team governance (create, invite, join) |
crag upgrade |
Update universal skills in this repo |
crag upgrade --siblings |
Update all repos in the parent directory at once |
crag workspace |
Detect and display monorepo/workspace structure |
Compile targets
crag compile --target all generates configs for 14 targets:
| Target | Output file | Consumer |
|---|---|---|
github |
.github/workflows/gates.yml |
GitHub Actions |
forgejo |
.forgejo/workflows/gates.yml |
Forgejo / Gitea Actions |
husky |
.husky/pre-commit |
Husky pre-commit hooks |
pre-commit |
.pre-commit-config.yaml |
pre-commit.com |
agents-md |
AGENTS.md |
Codex, Aider, Factory (60K+ repos) |
cursor |
.cursor/rules/governance.mdc |
Cursor |
gemini |
GEMINI.md |
Gemini, Gemini CLI |
copilot |
.github/copilot-instructions.md |
GitHub Copilot |
cline |
.clinerules |
Cline |
continue |
.continuerules |
Continue.dev |
windsurf |
.windsurf/rules/governance.md |
Windsurf Cascade |
zed |
.rules |
Zed |
amazonq |
.amazonq/rules/governance.md |
Amazon Q Developer |
claude |
CLAUDE.md |
Claude Code |
Each target uses the tool's native format: MDC frontmatter for Cursor, YAML triggers for Windsurf, numbered steps for AGENTS.md, path-scoped files for monorepos.
The scaffold meta-target generates hooks, editor settings, agent configurations, and CI playbooks.
Audit system
crag audit detects drift across three axes:
| Axis | What it catches |
|---|---|
| Stale configs | Compiled configs older than governance.md |
| Phantom gates | Governance references tools that don't exist (e.g., "run eslint" but eslint isn't installed) |
| Missing targets | AI tool directories exist (.cursor/, .github/copilot-instructions.md) but no compiled config |
$ crag audit
crag audit -- governance drift report
Compiled configs
X .cursor/rules/governance.mdc stale -- governance.md is newer
X AGENTS.md stale -- governance.md is newer
OK .github/workflows/gates.yml in sync
OK .husky/pre-commit in sync
Gate reality
X npx tsc --noEmit tsc not in devDependencies
X npm run lint "lint" script not in package.json
2 stale, 2 drift
Fix: crag compile --target allJSON output
crag audit --jsonReturns:
{
"summary": { "stale": 2, "drift": 2, "extra": 0, "missing": 1, "total": 5 },
"stale": [{ "path": ".cursor/rules/governance.mdc", "target": "cursor" }],
"drift": [{ "command": "npx tsc --noEmit", "detail": "tsc not in devDependencies" }],
"extra": [],
"missing": [{ "tool": "Copilot", "target": "copilot" }],
"current": ["github", "husky"],
"unmanagedCI": []
}Auto-fix
crag audit --fix # recompiles all stale targetsGitHub Action
Add drift detection to your CI with crag-audit-action:
# .github/workflows/crag-audit.yml
name: crag audit
on: [pull_request]
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: WhitehatD/crag-audit-action@v1The action runs crag audit on every PR and posts a comment with the drift report. Optional fail-on-drift: true blocks merging when drift is detected.
Web audit tool
Audit any public GitHub repo at crag.sh/audit. Paste a repo URL, get a drift report in seconds. No install required.
Connect GitHub to also audit private repos.
Benchmark: 87 repos, 99% have drift
We audited 87 of the most popular open-source repos. 20+ languages. Multiple CI systems. Monorepos to single-file libraries.
| Metric | Result |
|---|---|
| Repos audited | 87 |
| Repos with drift | 86 (99%) |
| Zero AI config files | 46 (53%) |
| Total gates inferred | 3,136 |
| Mean gates per repo | 36.0 |
| Crashes | 0 |
Top repos by gate count:
| Repo | Stack | Gates | Score |
|---|---|---|---|
| grafana/grafana | Go + React + Docker | 67 | 100 |
| astral-sh/ruff | Rust + Python + Docker | 53 | 100 |
| calcom/cal.com | Next.js + React + Docker | 53 | 100 |
| hashicorp/vault | Go + Docker + Node | 50 | 100 |
| vitejs/vite | TypeScript + Node | 45 | 100 |
| sveltejs/svelte | TypeScript + Node | 43 | 100 |
Full results: benchmarks/leaderboard.md | Live leaderboard
Previous benchmark (50 repos): benchmarks/phase1-benchmark.md
How it works
Analyze. Reads your repo with 25+ language detectors, 12 CI system extractors, and 8 framework convention engines. Writes governance.md with gates, architecture, testing profile, code style, and anti-patterns. Under a second, zero config.
Compile. Converts governance.md to each tool's native format. MDC frontmatter for Cursor. YAML triggers for Windsurf. Numbered steps for AGENTS.md. Path-scoped files for monorepos. Custom content survives recompilation.
Audit. Three detection axes: staleness (compiled configs older than governance.md), reality (governance references tools that don't exist), completeness (AI tool directories present but no compiled config).
Diff. Shows where governance and codebase diverge: gates in governance missing from CI, gates in CI missing from governance, and which files caused the discrepancy.
Doctor. Deep diagnostic that verifies governance integrity, hook installation, compile target presence, and latent drift that audit might miss.
Hook. Pre-commit hook auto-recompiles when governance.md changes. Optional drift gate blocks commits if configs are stale.
Universal skills
AI agents forget context between sessions. Two skills ship with crag to fix this:
| Skill | What it does |
|---|---|
pre-start-context |
Loads full project context at session start: stack, architecture, governance rules, prior session state. Every agent starts informed. |
post-start-validation |
Runs governance gates after any task, captures decisions as searchable knowledge, writes session state for continuity. |
crag compile --target scaffold # install into .claude/skills/
crag upgrade --siblings # update across all reposThe skills read governance.md and adapt. Nothing hardcoded. Works with Claude Code, Cursor Agent, Copilot Chat, any IDE with agent support.
Verification
| Metric | Result |
|---|---|
| 87-repo benchmark | 87 repos, 0 crashes, 3,136 gates, 99% drift |
| 50-repo benchmark | 50 repos, 0 crashes, 1,809 gates, 46% drift |
| Stress test | 101 repos, 4,400 invocations, 0 crashes |
| Reference benchmark | 40/40 Grade A across 7 language families |
| Determinism | SHA-verified, byte-identical across Ubuntu + macOS + Windows |
| Tests | 593 passing |
| Dependencies | 0 |
Ecosystem
| Surface | URL |
|---|---|
| Website | crag.sh |
| Web Audit | crag.sh/audit |
| Leaderboard | crag.sh/leaderboard |
| Dashboard | app.crag.sh |
| API | api.crag.sh |
| VS Code | Marketplace |
| Neovim | crag.nvim |
| GitHub Action | crag-audit-action |
| npm | @whitehatd/crag |
| Status | crag.sh/status |
Contributing
Issues and PRs at github.com/WhitehatD/crag.
If crag analyze misses a language, CI system, or gate pattern on a public repo, file an issue with the repo URL and crag analyze --dry-run output. That's the most valuable bug report.
MIT -- Alexandru Cioc (WhitehatD)