Package Exports
- cerber-core
- cerber-core/cerber
- cerber-core/guardian
- cerber-core/types
Readme
🛡️ Cerber Core
AI doesn't break your project. Lack of a contract does.
Cerber is a contract-driven project guardian for AI-assisted development.
It enforces a single source of truth (CERBER.md) across pre-commit, CI, and post-deploy health gates.
Owner: Agata Ślęzak | Creator: Stefan Pitek
Status: Production-ready ✅
License: MIT
🎯 Elevator Pitch
Cerber is not a linter.
It's not a CI tool.
It's a contract that everything else must obey.
🚀 Try It Now
npm install cerber-core --save-dev
npx cerber init
# Follow prompts to generate CERBER.md contract + guardian hooks⭐ Like what you see? Star the repo and share with your team!
🤖 For AI Agents (Copilot, Cursor, Windsurf, Claude, etc.)
Cerber's one rule: CERBER.md is the single source of truth.
- If
CERBER.mdis missing → generate template and STOP. User must fill the contract. - If
CERBER.mdexists → execute contract exactly as specified. - Never guess architecture. Never invent rules. Never auto-design.
Schema modes:
schema.mode: template_only→ Generate minimal starter with "NOT SOURCE OF TRUTH" headerschema.mode: strict→ Require existing schema file, never generate
Three enforcement points:
- Pre-commit (Guardian) - Blocks violating commits
- CI (GitHub Actions) - Validates on push
- Post-deploy - Health gate checks production
Working with Cerber: Read CERBER.md first. It tells you what's allowed and what's protected.
📊 Real Production Metrics
From Eliksir SaaS Backend (2026-01-02 session)
Time Saved: 4.5 hours in one session
Bugs Prevented: 43 issues caught before production
Architecture Violations: 6 caught & fixed
Commits Blocked: 2 (saved hours of debugging)
Production Incidents: 0 (vs 2-3/week before)
Bug Detection Rate: 95% pre-production
ROI: Break-even on Day 1What developers say:
"Guardian caught a critical auth bypass before it hit production. Saved us a potential security incident."
— Senior Developer, Eliksir Team
"Focus Mode changed how we work with AI. 500 LOC context vs 10K? Game changer."
— Tech Lead using TEAM layer
💼 Business Value
For CTOs & Engineering Managers:
- Reduce production incidents - 95% bugs caught pre-production (vs 60-70% manual reviews)
- Cut debugging costs - 4.5 hours saved per developer per session
- Speed up onboarding - CERBER.md = instant project understanding for new hires
- Enforce architecture - Prevent technical debt before it enters codebase
Cost Comparison:
Manual Code Reviews: $150/hour × 2 hours/day = $300/day
Cerber Core: $0 (open source) + 4h one-time setup
Break-even: Day 1 ✅
Ongoing savings: $6,000/month per developerWho uses Cerber Core?
- 🏢 Startups - Solo founders building fast with AI (SOLO layer)
- 👥 Small teams - 2-5 developers maintaining consistency (TEAM layer)
- 🚀 Growing companies - Enforcing architecture as team scales
- 🏭 SaaS companies - Production health monitoring (Cerber 2.1)
🎯 What is Cerber Core?
Cerber Core is a control system for Node.js architecture.
Critical distinction: Cerber does NOT design your system. Cerber EXECUTES your design.
You decide → CERBER.md (roadmap)
Cerber guards → enforces your decisions💎 The Core Value: Your Roadmap Becomes Executable Law
Traditional problem:
- Architect designs system → creates documentation
- Developers code → slowly drift from the plan
- Architecture reviews catch violations too late
- Technical debt accumulates
- You pay for architecture again and again
Cerber Core solution:
✅ Architect defines rules once (CERBER.md contract)
✅ Cerber enforces automatically forever
✅ Every commit validates against your roadmap (<1 second)
✅ Architecture stays intact as team scales💰 Pay your architect once. Cerber guards the plan.
Instead of hoping developers "follow the docs" → Guardian blocks commits that violate your architecture
// Your roadmap becomes code:
export const BACKEND_SCHEMA = {
rules: [
{
name: 'Protected routes must use authenticateToken',
pattern: /routes\/.*\.ts$/,
requiredImports: ['authenticateToken'],
severity: 'error' // Blocks violating commits
}
]
};Result: $6,000/month saved per developer. Architecture that doesn't erode. Teams that scale without chaos.
Four Layers:
🛡️ Guardian 1.0 - Pre-commit architecture validator
- Schema-as-Code (self-documenting architecture rules)
- Architect approval system for justified exceptions
- Forbidden pattern detection with exceptions
- Fast feedback (<1 second validation)
🔍 Cerber 2.1 - Runtime health diagnostics
- Deployment quality gates
- Detailed diagnostics (diagnosis + rootCause + fix)
- Severity levels (critical/error/warning)
- Automatic rollback on critical issues
⚡ SOLO - Automation for solo developers
- Auto-repair (format, sync, changelog)
- Dependency health checks
- Performance budget enforcement
- Daily snapshots & dashboard
👥 TEAM - Collaboration tools for teams
- Focus Mode - Generate 500 LOC context (vs 10K LOC) ⭐
- Module boundaries enforcement
- Connection contracts between modules
- CERBER.md project mapping
🤔 Why Cerber Exists
AI tools don't understand your project boundaries.
They generate changes that cause:
- Schema drift - Models diverge from database reality
- Architecture violations - Security patterns bypassed
- CI fail loops - 2-3 hours wasted on fixes
- Deployments without health validation - Production incidents
Cerber fixes this by enforcing a human-written contract:
CERBER.md is the only source of truth.
🔥 How Cerber is Different
Husky runs scripts.
Linters check syntax.
CI runs pipelines.
Cerber enforces project intent.
Cerber does not guess.
Cerber does not invent rules.
Cerber executes your contract.
✅ When to Use Cerber
Use Cerber if:
- ✅ You work with AI coding assistants / agents
- ✅ Your project has strict architecture or schema rules
- ✅ CI failures waste time
- ✅ You need a single source of truth for humans + AI
Do NOT use Cerber if:
- ❌ You want the tool to design your architecture
- ❌ You don't want to maintain a contract (CERBER.md)
🎯 ONE SOURCE OF TRUTH
Critical principle: Cerber does NOT design your system. Cerber enforces YOUR design.
The Rule
📜 CERBER.md = Your roadmap (single source of truth)
🛡️ Guardian = Enforces CERBER.md rules
📋 Schema files = Optional mirrors of CERBER.md (NOT source of truth)What this means:
✅ CERBER.md defines everything - architecture, rules, team mode
✅ Cerber executes CERBER.md - no assumptions, no magic
✅ Schema files are user-owned - Cerber helps, never decides
✅ You design. Cerber guards. - separation of concerns
❌ Cerber does NOT guess your architecture
❌ Cerber does NOT infer folder structures
❌ Cerber does NOT auto-design systems
Schema Mode: Strict vs Template_Only
In CERBER.md contract, you control schema generation:
schema:
enabled: true
file: BACKEND_SCHEMA.mjs
mode: strict # or template_onlyFor mature teams → mode: strict
- ✅ Cerber NEVER creates schema file
- ✅ You create schema based on YOUR architecture
- ✅ Full control, no helpers, no assumptions
- ✅
npx cerber initshows: "You must create BACKEND_SCHEMA.mjs"
For beginners → mode: template_only
- ✅ Cerber creates minimal template if file missing
- ⚠️ Template says: "NOT SOURCE OF TRUTH - Edit to match CERBER.md"
- ✅ Empty structures, commented examples only
- ✅ Helper scaffold, NOT design decision
Default: template_only (backward compatible)
Philosophy:
Traditional tools:
→ Auto-generate everything
→ Assume folder structures
→ "Helpful" magic that creates chaos
Cerber Core:
→ Execute CERBER.md contract
→ Never assume architecture
→ One decision point (CERBER.md)
→ Works WITH AI agents, not against themWhy this matters:
When your team (or AI agents) follow ONE source of truth:
- ✅ No conflicts between "docs" and "reality"
- ✅ No drift between "schema" and "roadmap"
- ✅ Clear authority: CERBER.md decides, Cerber enforces
- ✅ Architecture stays intact as team/AI scales
This is not "another tool". This is a control system.
🚀 Quick Start
30-Second Setup ⚡ (New in v1.1.0!)
npm install cerber-core --save-dev
npx cerber initHow it works:
If CERBER.md is missing → Cerber creates a template and exits.
- Fill the contract (
CERBER_CONTRACT) with your project settings - Choose mode:
solo|dev|team - Enable features:
guardian,health,ci
Run npx cerber init again to generate:
- ✅ Guardian hook + runner - Pre-commit validation
- ✅ Health templates - Production monitoring endpoints
- ✅ GitHub Actions workflow - CI/CD with stable check names
- ✅ Team mode: CODEOWNERS - Schema ownership enforcement
Example CERBER.md:
## CERBER_CONTRACT
\`\`\`yaml
version: 1
mode: dev # solo | dev | team
guardian:
enabled: true
schemaFile: BACKEND_SCHEMA.mjs
schema:
enabled: true
file: BACKEND_SCHEMA.mjs
mode: template_only # strict (mature teams) | template_only (beginners)
# strict = You create schema, Cerber never generates
# template_only = Cerber creates minimal helper if missing
health:
enabled: true
endpoint: /api/health
ci:
provider: github
branches: [main]
requiredOnPR: true
\`\`\`Error handling:
If CERBER.md exists but is invalid → you'll get a clear error message with:
- Exact problem location
- Expected format
- Suggestion:
npx cerber init --print-templateto see valid example
Useful flags:
npx cerber init --dry-run # Preview without creating files
npx cerber init --force # Overwrite existing files
npx cerber init --print-template # Print template to stdoutWhat happens:
- ✅ Creates
CERBER.mdwith your architecture contract - ✅ Generates Guardian pre-commit hooks
- ✅ Sets up health check templates
- ✅ Configures GitHub Actions workflow
- ✅ Adapts to your mode: solo/dev/team
Next step: Just commit! Guardian now protects your architecture.
Manual Setup (Alternative)
If you prefer manual configuration, follow the guides below.
Installation
npm install cerber-core --save-devChoose Your Path
⚠️ Note: Examples below show common patterns. Copy and customize to YOUR architecture. Schema files are templates, not decisions.
🎨 Frontend Developer (React/Vue/Angular)
# 1. Initialize Cerber (generates CERBER.md + templates)
npx cerber init --mode=solo
# 2. Customize your schema for frontend
# Edit BACKEND_SCHEMA.mjs (rename to FRONTEND_SCHEMA.mjs if you prefer)
# 3. Test it!
git commit -m "test"
# Guardian will validate automatically (<1s)What Guardian will check:
- ❌ No
console.login production code - ❌ No direct DOM manipulation in React components
- ✅ Required imports (
react,react-dom) - ✅ Required files (
tsconfig.json,vite.config.ts)
Then customize: Edit BACKEND_SCHEMA.mjs (rename to FRONTEND_SCHEMA.mjs if you prefer) to match YOUR folder structure, YOUR rules, YOUR tech stack.
⚙️ Backend Developer (Node.js/Express/NestJS)
# 1. Initialize Cerber (generates CERBER.md + guardian + health templates)
npx cerber init --mode=dev
# 2. Customize BACKEND_SCHEMA.mjs
# Edit to match YOUR routes, YOUR layers, YOUR security rules
# 3. Add health endpoint (see example below)Then customize: Edit BACKEND_SCHEMA.mjs to match YOUR routes, YOUR layers, YOUR security rules.
// server.js (ESM)
import express from 'express';
import { Cerber } from 'cerber-core/cerber';
const app = express();
// Define health checks
const databaseCheck = async () => {
const isHealthy = await db.ping();
return isHealthy ? [] : [{
code: 'DB_DOWN',
severity: 'critical',
message: 'Database connection failed'
}];
};
// Create Cerber instance
const cerber = new Cerber([databaseCheck]);
// Health endpoint
app.get('/api/health', async (req, res) => {
const result = await cerber.runChecks();
const statusCode = result.status === 'healthy' ? 200 : 500;
res.status(statusCode).json(result);
});
app.listen(3000);What you get:
- 🔍
/api/healthendpoint for monitoring - 🚨 Automatic rollback on critical issues
- 📊 Detailed diagnostics with root cause analysis
⚡ SOLO Developer (Automation Scripts)
# Add to package.json
{
"scripts": {
"cerber:morning": "node node_modules/cerber-core/solo/scripts/cerber-morning.js",
"cerber:repair": "node node_modules/cerber-core/solo/scripts/cerber-auto-repair.js"
}
}
# Run daily dashboard
npm run cerber:morning
# Auto-fix issues
npm run cerber:repair --dry-runWhat you get:
- 🌅 Daily dashboard (vulnerabilities, outdated deps, TODOs)
- 🔧 Auto-repair (format, sync package-lock, fix imports)
- 📈 Performance budget checks
👥 TEAM Lead (Focus Mode for Large Codebases)
# 1. Setup .cerber structure
mkdir -p .cerber/modules
cp -r node_modules/cerber-core/.cerber-example/* .cerber/
# 2. Create module
bash node_modules/cerber-core/team/scripts/cerber-add-module.sh pricing-engine
# 3. Generate focus context (500 LOC instead of 10K LOC)
bash node_modules/cerber-core/team/scripts/cerber-focus.sh pricing-engine
# 4. Use with AI
cat .cerber/FOCUS_CONTEXT.md
# Share with ChatGPT/Claude - 10x faster responses!What you get:
- 🎯 500 LOC context instead of 10,000 LOC (10x faster AI)
- 🗺️ Module boundaries (clear what belongs where)
- 🔗 Connection contracts (how modules communicate)
Unified CLI
All features available through unified CLI:
# Guardian - Pre-commit validation
cerber guardian --schema ./SCHEMA.ts
# Cerber - Health checks
cerber health --checks ./health-checks.ts
# SOLO - Daily dashboard
cerber morning
# SOLO - Auto-repair
cerber repair --dry-run
# TEAM - Focus mode
cerber focus pricing-engine
# Or use dedicated commands
cerber-guardian
cerber-health
cerber-morning
cerber-repair
cerber-focus⚠️ Important: Schema Files Are NOT Source of Truth
Before diving into examples below, understand this:
📋 Schema files (BACKEND_SCHEMA.mjs, FRONTEND_SCHEMA.mjs):
- Are examples and optional templates
- Mirror YOUR architecture decisions from CERBER.md
- Are user-owned and user-created (in strict mode)
- Should be customized to YOUR project structure
📜 CERBER.md:
- Is the ONLY source of truth
- Defines your roadmap, rules, team mode
- Controls if/how Cerber helps with schema generation
Cerber does NOT design your system. The examples below show patterns - YOU decide which patterns fit YOUR architecture.
Guardian Setup (3 minutes)
1. Create architecture schema:
// BACKEND_SCHEMA.mjs
export const BACKEND_SCHEMA = {
version: '1.0.0',
rules: [
{
name: 'Route files must import Router from express',
pattern: /routes\/.*\.ts$/,
requiredImports: ['Router', 'express'],
severity: 'error'
},
{
name: 'Protected routes must use authenticateToken',
pattern: /routes\/.*\.ts$/,
requiredImports: ['authenticateToken'],
exceptions: ['routes/public.ts'],
severity: 'error'
}
]
};2. Add pre-commit hook:
# Pre-commit hook is automatically installed by npx cerber init
# Or manually:
npx husky add .husky/pre-commit "npm run cerber:guardian"3. Done! Guardian now blocks commits that violate architecture rules.
Cerber Setup (2 minutes)
1. Add health endpoint:
// server.ts
import { createHealthEndpoint } from 'cerber-core';
const healthChecks = {
database: async () => {
const result = await db.query('SELECT 1');
return result ? [] : [{ code: 'DB_DOWN', severity: 'critical' }];
},
redis: async () => {
const pong = await redis.ping();
return pong === 'PONG' ? [] : [{ code: 'REDIS_DOWN', severity: 'error' }];
}
};
app.get('/api/health', createHealthEndpoint(healthChecks));2. Deploy & monitor!
curl https://your-api.com/api/health{
"status": "healthy",
"summary": {
"totalChecks": 2,
"failedChecks": 0,
"criticalIssues": 0,
"errorIssues": 0,
"warningIssues": 0
},
"components": [
{
"name": "database",
"status": "healthy",
"durationMs": 12.4
}
]
}✨ Features
Guardian 1.0 (Pre-commit)
- ✅ Schema-as-Code - Architecture rules in version control
- ✅ Fast feedback - Catch errors in <1 second (vs 5 min CI wait)
- ✅ Required imports - Enforce patterns across codebase
- ✅ Architect approvals - Traceable exceptions with justification
- ✅ Framework-agnostic - Works with Express, Fastify, NestJS
- ✅ Zero CI waste - No more failed pipelines from trivial errors
Cerber 2.1 (Runtime)
- ✅ Detailed diagnostics - Not just status, but diagnosis + fix
- ✅ Severity levels - critical/error/warning (block only when needed)
- ✅ Component-based - Easy parsing for monitoring tools
- ✅ Performance tracking - Duration metrics per check
- ✅ Database validation - Schema, connections, migrations
- ✅ Integration checks - External APIs, Cloudinary, Redis, etc.
🏗️ Architecture
┌─────────────────────────────────────────────────────────┐
│ DEVELOPER │
└─────────────────┬───────────────────────────────────────┘
│
▼
┌────────────────┐
│ git commit │
└────────┬───────┘
│
▼
┌─────────────────────────┐
│ 🛡️ Guardian 1.0 │ ◄─── Pre-commit validation
│ Architecture Validator │
└─────────┬───────────────┘
│
├─ ✅ Pass → Continue
│
└─ ❌ Fail → Block commit
Show diagnostics
Developer fixes
┌────────────────┐
│ git push │
└────────┬───────┘
│
▼
┌────────────────┐
│ CI/CD │
│ (TypeScript, │
│ Tests, etc) │
└────────┬───────┘
│
▼
┌────────────────┐
│ Deploy │
└────────┬───────┘
│
▼
┌─────────────────────────┐
│ 🔍 Cerber 2.1 │ ◄─── Post-deploy validation
│ Health Diagnostics │
└─────────┬───────────────┘
│
├─ ✅ Healthy → Production OK
│
└─ ❌ Degraded → Alert + rollback option📖 Guardian Examples
Example 1: Enforce Express Router in routes
// BACKEND_SCHEMA.mjs
{
name: 'Route files must import Router',
pattern: /routes\/.*\.ts$/,
requiredImports: [
'import { Router } from "express"',
'import express'
],
severity: 'error'
}Before Guardian:
// routes/users.ts ❌
const app = require('express')(); // Wrong pattern!
app.get('/users', ...);After Guardian:
// routes/users.ts ✅
import { Router } from 'express';
const router = Router();
router.get('/users', ...);Example 2: Protected routes must have auth middleware
{
name: 'Protected routes require authenticateToken',
pattern: /routes\/admin\/.*\.ts$/,
requiredImports: ['authenticateToken'],
severity: 'error'
}Example 3: Architect approval for exceptions
// routes/special-case.ts
// ARCHITECT_APPROVED: Legacy endpoint - migration planned Q2 2026 - Stefan
import legacyAuth from '../legacy/auth'; // Would normally be blocked📖 Cerber Examples
Example 1: Database health check
import { makeIssue } from 'cerber-core';
export const databaseCheck = async () => {
try {
const result = await db.query('SELECT 1');
return []; // Healthy
} catch (err) {
return [
makeIssue({
code: 'DB_CONNECTION_FAILED',
component: 'database',
diagnosis: 'Cannot connect to PostgreSQL database',
rootCause: 'Connection string invalid or DB server down',
fix: 'Check DATABASE_URL env var and verify DB is running',
durationMs: 150.5,
details: { error: err.message }
})
];
}
};Response when unhealthy:
{
"status": "unhealthy",
"summary": {
"criticalIssues": 1,
"errorIssues": 0,
"warningIssues": 0
},
"components": [
{
"id": "DB_CONNECTION_FAILED",
"component": "database",
"status": "critical",
"message": "Cannot connect to PostgreSQL database",
"diagnosis": "Cannot connect to PostgreSQL database",
"rootCause": "Connection string invalid or DB server down",
"fix": "Check DATABASE_URL env var and verify DB is running",
"durationMs": 150.5,
"details": {
"error": "connect ECONNREFUSED 127.0.0.1:5432"
}
}
]
}Example 2: Integration check (Cloudinary)
export const cloudinaryCheck = async () => {
if (!process.env.CLOUDINARY_API_KEY) {
return [
makeIssue({
code: 'CLOUDINARY_NOT_CONFIGURED',
component: 'cloudinary',
diagnosis: 'Cloudinary API key not set',
rootCause: 'Missing CLOUDINARY_API_KEY environment variable',
fix: 'Add CLOUDINARY_API_KEY to .env file',
severity: 'warning', // Non-blocking
durationMs: 0.5
})
];
}
const ping = await cloudinary.api.ping();
return ping.status === 'ok' ? [] : [/* error */];
};🎛️ Configuration
Guardian Configuration
// BACKEND_SCHEMA.mjs
export const BACKEND_SCHEMA = {
version: '1.0.0',
// Forbidden patterns (will block commit)
forbiddenPatterns: [
{ pattern: /console\.log/gi, name: 'CONSOLE_LOG' },
{ pattern: /debugger;/gi, name: 'DEBUGGER' },
{ pattern: /TODO_REMOVE/gi, name: 'TODO_REMOVE' }
],
// Required imports per file pattern
requiredImports: {
'src/routes/**/*.ts': [
'import { Router } from "express"',
'import { authenticateToken }'
],
'src/cerber/**/*.ts': [
'import { makeIssue, CerberIssueInstance }'
]
},
// Architecture rules
rules: [
{
name: 'Cerber checks must use shared schema',
pattern: /cerber\/.*\.ts$/,
requiredImports: ['import.*shared/schema'],
forbiddenImports: ['import.*server/db/schema'],
severity: 'error'
}
],
// Architect approvals (tracked exceptions)
approvals: [
{
file: 'src/legacy/auth.ts',
reason: 'Legacy code - migration planned Q2 2026',
approvedBy: 'Stefan Pitek',
date: '2026-01-02'
}
]
};Cerber Configuration
// cerber/health-checks.ts
import { CerberCheck, makeIssue } from 'cerber-core';
export const checks: Record<string, CerberCheck> = {
database: async () => {
// Returns: CerberIssueInstance[] (empty if healthy)
},
redis: async () => {
// Your Redis health check
},
cloudinary: async () => {
// Your Cloudinary check
}
};
// Route
app.get('/api/health', async (req, res) => {
const results = await Promise.all(
Object.entries(checks).map(async ([name, check]) => ({
name,
issues: await check()
}))
);
const allIssues = results.flatMap(r => r.issues);
const critical = allIssues.filter(i => i.severity === 'critical').length;
const errors = allIssues.filter(i => i.severity === 'error').length;
const warnings = allIssues.filter(i => i.severity === 'warning').length;
const status = critical > 0 ? 'unhealthy' :
errors > 0 ? 'degraded' : 'healthy';
res.status(status === 'healthy' ? 200 : 503).json({
status,
summary: { criticalIssues: critical, errorIssues: errors, warningIssues: warnings },
components: allIssues
});
});🔧 CI/CD Integration
GitHub Actions (Recommended)
# .github/workflows/ci-cd.yml
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- run: npm ci
- run: npm run build
# E2E tests must pass before deploy
e2e:
needs: build
runs-on: ubuntu-latest
steps:
- run: npm test
# Deploy only if tests pass
deploy:
needs: [build, e2e] # ✅ Blocks deploy if E2E fails
runs-on: ubuntu-latest
steps:
- run: echo "Deploying..."
# Cerber validates production health AFTER deploy
cerber-gatekeeper:
needs: deploy
runs-on: ubuntu-latest
steps:
- name: Wait for deployment
run: sleep 90
- name: Check production health
run: |
RESPONSE=$(curl -s https://api.example.com/api/health)
ERRORS=$(echo "$RESPONSE" | jq '.summary.errorIssues')
if [[ "$ERRORS" != "0" ]]; then
echo "❌ DEPLOYMENT BLOCKED - Health check failed"
exit 1
fi
echo "✅ Production healthy"📊 Real-world Impact
Case Study: Eliksir Backend (January 2, 2026)
Session timeline:
Problems encountered:
- 35 TypeScript compilation errors
- Schema sync mismatch (shared vs server/db/schema)
- node-fetch ESM compatibility issue
- Missing is_active column in production
- 14/19 E2E tests failing (cold start)
- Workflow security gap (deploy before E2E)
- Cloudinary blocking deployment
- API format mismatch (Cerber 2.0 → 2.1)
Time to resolution:
WITHOUT Guardian + Cerber: 80 minutes (estimated)
WITH Guardian + Cerber: 32 minutes (actual)
Time saved: 48 minutes (60% reduction)
Issues caught pre-commit: 35 (TypeScript, imports, patterns)
Issues caught post-deploy: 1 (Cloudinary severity)
Production incidents prevented: 2 (schema mismatch, missing column)
ROI: 2.5x time saved on first day of useDeveloper experience:
- ❌ Push → Wait 5 min → CI fails → Fix → Repeat 6x
+ ✅ Commit blocked instantly → Fix → Commit passes → Deploy once🤝 Contributing
Contributions welcome! Please:
- Fork the repo
- Create feature branch (
git checkout -b feature/amazing) - Commit with Guardian validation (
git commit -m 'feat: add amazing feature') - Push (
git push origin feature/amazing) - Open Pull Request
Development setup:
git clone https://github.com/Agaslez/cerber-core.git
cd cerber-core
npm install
npm run test🗺️ Roadmap
v1.1 (Q1 2026)
- TypeScript full type definitions
- Jest integration (run checks in tests)
- VS Code extension (real-time validation)
- npm package publication
v1.2 (Q2 2026)
- Slack/Discord notifications
- Grafana dashboard integration
- Auto-remediation for common issues
- Multi-language support (Python, Go, Java)
v2.0 (Q3 2026)
- AI-powered diagnostics (suggest fixes)
- Historical health trends
- Load testing integration
- Kubernetes operator
📚 Resources
- Documentation: https://github.com/Agaslez/cerber-core/wiki
- Examples: https://github.com/Agaslez/cerber-core/tree/main/examples
- Issues: https://github.com/Agaslez/cerber-core/issues
- Discussions: https://github.com/Agaslez/cerber-core/discussions
📄 License
MIT © 2026 Stefan Pitek
🌟 Show Your Support
If Cerber Core saved you time, give it a ⭐ on GitHub!
Built with ❤️ by Stefan Pitek
🔗 Related Projects
- Husky - Git hooks made easy
- lint-staged - Run linters on staged files
- ArchUnit - Architecture testing (Java)
- express-healthcheck - Basic health checks
What makes Cerber Core unique?
- 🆕 Dual-layer protection (pre-commit + runtime)
- 🆕 Detailed diagnostics (not just status codes)
- 🆕 Architect approval system
- 🆕 Schema-as-Code architecture
- 🆕 Framework-agnostic
🆕 Cerber SOLO - Automation for Solo Developers
New in v2.0: Cerber SOLO extends Guardian + Cerber with automation tools for solo developers.
What's New
- Auto-repair - Fixes package.json, .env.example, CHANGELOG automatically
- Performance budget - Enforces bundle size limits
- Dependency health - Weekly security & deprecation checks
- Documentation sync - Validates code vs docs
- Feature flags - Toggle features without redeploy
- Daily dashboard - Morning health overview
- Smart rollback - Surgical file rollback
Quick Start (SOLO)
# Install SOLO tools (already included in cerber-core)
npm install cerber-core --save-dev
# Add SOLO scripts to package.json
# (See examples/solo-integration/package.json)
# Daily workflow
npm run cerber:morning # Start day (2 min)
npm run cerber:repair # Auto-fix issues
npm run cerber:pre-push # Before push (3 min)
npm run cerber:snapshot # End of daySOLO + Guardian Integration
Cerber SOLO works alongside your existing Guardian setup:
Morning:
npm run cerber:morning # SOLO dashboard
Development:
git commit # Guardian validates (pre-commit)
npm run cerber:repair # SOLO auto-fixes
Before Push:
npm run cerber:pre-push # SOLO full check
Deploy:
curl /api/health # Cerber 2.1 validates🆕 Cerber TEAM - Team Collaboration Layer
New in v2.0: Cerber TEAM adds module system and focus mode for teams working on large codebases.
What's New
- Module System - Clear boundaries between components
- Focus Mode - AI gets 500 LOC context instead of 10,000 LOC (10x faster)
- Connection Contracts - Explicit interfaces between modules
- BIBLE.md - Master project map
- Module Validation - Enforce boundaries, prevent cross-contamination
Quick Start (TEAM)
# Create module
bash team/scripts/cerber-add-module.sh pricing-engine
# Work on module (focus!)
bash team/scripts/cerber-focus.sh pricing-engine
cat .cerber/FOCUS_CONTEXT.md # Only 500 LOC!
# Validate
bash team/scripts/cerber-module-check.sh pricing-engine
bash team/scripts/cerber-connections-check.sh
# Commit
git commit # Guardian validates🏆 Why Cerber Core?
Unique Innovations
1. Architect Approval System
The only pre-commit tool with inline approval tracking:
// ❌ Without approval - BLOCKED
console.log('debug info');
// ✅ With approval - ALLOWED + TRACKED
// ARCHITECT_APPROVED: Debugging cold start issue - 2026-01-02 - Stefan
console.log('debug info');Benefits:
- Flexibility when rules need exceptions
- Inline documentation of why exceptions exist
- Audit trail for architecture decisions
- Easy cleanup when exceptions no longer needed
2. Dual-Layer Validation
Guardian (pre-commit) → catches 90% of issues
↓
Cerber (runtime) → catches remaining 10%
↓
Result: 95%+ detection rate3. Focus Mode for AI ⭐
Problem: AI needs 10,000 LOC of context, making it slow and expensive.
Solution: Generate focused 500 LOC context for specific modules.
cerber-focus pricing-engine
# Generates: .cerber/FOCUS_CONTEXT.md
# Share with AI instead of entire codebase
# Result: 10x faster responses, better accuracyWhat's included:
- Module documentation (MODULE.md)
- Public interface (contract.json)
- Dependencies (dependencies.json)
- Related connections
- Recent changes
� Real-World Examples
Want to see Cerber in action?
→ Real Workflows from Eliksir Project ⭐
Real production session (January 2, 2026) showing:
- ✅ Morning routine - 2 min → complete context (vs 8+ min manual)
- ✅ Auto-repair - 30 sec → dependencies + format (vs 20 min manual)
- ✅ Focus Mode - 8s AI response (vs 60s with full codebase)
- ✅ Guardian blocks - 2 bugs prevented (debug code + missing import)
- ✅ Cerber gatekeeper - 1 production incident prevented (DB config)
- ✅ Time saved - 4.5 hours in one day
- ✅ ROI - 230% on Day 1
💰 COST-BENEFIT ANALYSIS
Setup: 4 hours (one-time)
Saved: 1.2 hours + 12 hours (bugs prevented) = 13.2 hours
ROI = (13.2 - 4) / 4 = 230%
Break-even: Day 1 ✅Workflow Guides by Team Size:
- Solo Developer - 1 person, 15 min setup, 1+ hour saved/day
- Small Team (2-5) - Module system, 1-2 hours setup, 2-3 hours saved/dev/day
- Growing Team (5-20) - Architecture governance, 1-2 days setup, 3-5 hours saved/dev/day
Track Your Progress:
- Monthly Report Template - Track metrics, ROI, wins & learnings
�📚 Documentation
- Guardian API Reference - Complete Guardian documentation
- Cerber API Reference - Runtime health checks guide
- SOLO Documentation - Automation tools (666 LOC guide)
- TEAM Documentation - Collaboration layer (1861 LOC guide)
- Architecture Overview - System design & philosophy
- Contributing Guide - How to contribute
💡 Examples
⚠️ Remember: Examples show patterns, NOT decisions. Copy and customize to YOUR architecture defined in CERBER.md.
Complete Examples in /examples
- Frontend (React + Guardian) - React/Vue patterns (customize to your structure)
- Backend (Express + Cerber) - Node.js/Express patterns (customize to your layers)
- Health Checks - 6 production-ready checks
- SOLO Integration - Automation setup
- TEAM Integration - Module system setup
Quick Example: Guardian Schema
// FRONTEND_SCHEMA.ts
export const SCHEMA = {
requiredFiles: [
'src/lib/config.ts',
'package.json',
],
forbiddenPatterns: [
{
pattern: /console\.log\s*\(/gi,
name: 'CONSOLE_LOG',
exceptions: ['tests/', '.spec.'],
severity: 'warning'
},
{
pattern: /fetch\(/gi,
name: 'DIRECT_FETCH',
exceptions: ['src/lib/api.ts'],
severity: 'error'
},
],
requiredImports: {
'src/components/Calculator.tsx': [
"import { API } from '../lib/config'",
],
},
};Quick Example: Cerber Health Checks
import { makeIssue, CerberCheck } from 'cerber-core/cerber';
export const checkDatabase: CerberCheck = async (ctx) => {
try {
await db.query('SELECT 1');
return []; // No issues
} catch (err) {
return [makeIssue({
code: 'DB_CONNECTION_FAILED',
component: 'Database',
severity: 'critical',
message: `Cannot connect to database: ${err.message}`,
rootCause: err.stack,
fix: 'Verify DATABASE_URL and database server status',
})];
}
};🚀 Advanced Usage
SOLO - Daily Automation
# Morning routine
cerber-morning
# Shows:
# - Git status
# - Dependency health
# - Performance metrics
# - TODO reminders
# Auto-repair issues
cerber-repair --dry-run # Preview fixes
cerber-repair # Apply fixes
# Dependency health
cerber-deps-health
# Checks:
# - Outdated packages
# - Security vulnerabilities
# - License compliance
# Performance budget
cerber-performance-budget
# Enforces bundle size limitsTEAM - Module System
# Create new module
bash team/scripts/cerber-add-module.sh payment-gateway
# Work on module (Focus Mode)
cerber-focus payment-gateway
# Generates .cerber/FOCUS_CONTEXT.md (500 LOC)
# Share with AI for 10x faster development
# Validate module
bash team/scripts/cerber-module-check.sh payment-gateway
# Validate all connections
bash team/scripts/cerber-connections-check.sh
# Morning team briefing
bash team/scripts/cerber-team-morning.sh� Support This Project
If Cerber Core saved you time, prevented bugs, or improved your codebase quality, consider supporting its development!
🌟 GitHub Sponsors
Why sponsor?
- ✅ Keeps the project actively maintained
- ✅ Funds new features and improvements
- ✅ Priority support for sponsors
- ✅ Your logo in README (Silver+ tiers)
- ✅ Influence development roadmap
Sponsorship Tiers:
- ☕ Coffee ($5/month): Sponsor badge, access to sponsor discussions
- 🥉 Bronze ($25/month): Everything above + small logo in README + priority support (24h)
- 🥈 Silver ($100/month): Everything above + medium logo + priority support (12h) + monthly consultation call
- 🥇 Gold ($500/month): Everything above + large logo (top position) + priority support (4h) + custom feature requests
- 💎 Platinum ($2,500/month): Everything above + dedicated support + weekly calls + custom integrations
💼 Professional Services
Need help integrating Cerber Core into your organization?
Available Services:
🎓 Team Training (5-10 developers): $2,500
- Half-day workshop on Guardian, Cerber, and Focus Mode
- Best practices for architecture enforcement
- Custom schema creation for your stack
💼 Enterprise Integration (custom pricing)
- Full integration with your CI/CD pipeline
- Custom health checks for your infrastructure
- Team Focus Mode setup and training
- Ongoing support and consultation
🚀 1-on-1 Consultation: $200/hour
- Schema design review
- Architecture strategy session
- Troubleshooting and optimization
Contact: st.pitek@gmail.com
☕ One-Time Donation
Prefer a one-time contribution? Buy me a coffee!
🏢 Sponsors
💎 Platinum Sponsors
Become the first Platinum sponsor! Your logo here + dedicated support.
🥇 Gold Sponsors
Become the first Gold sponsor! Your logo here + priority support + monthly calls.
🥈 Silver Sponsors
Become the first Silver sponsor! Your logo here + priority support.
🥉 Bronze Sponsors
Your name here - Support Cerber Core development!
�🔧 Configuration
Guardian Configuration
// SCHEMA.ts
export interface GuardianSchema {
requiredFiles?: string[];
forbiddenPatterns?: ForbiddenPattern[];
requiredImports?: Record<string, string[]>;
packageJsonRules?: {
requiredScripts?: string[];
requiredDependencies?: string[];
requiredDevDependencies?: string[];
};
}Cerber Configuration
// health-checks.ts
import type { CerberCheck } from 'cerber-core/cerber';
export const checks: CerberCheck[] = [
checkDatabase,
checkRedis,
checkExternalAPI,
checkDiskSpace,
checkMemory,
];🤝 Contributing
We welcome contributions! Here's how:
- Read CONTRIBUTING.md
- Fork the repository
- Create a feature branch
- Make your changes
- Test locally
- Submit a pull request
Development Setup
git clone https://github.com/Agaslez/cerber-core.git
cd cerber-core
npm install
npm run build
npm test� Security
Security is a top priority for Cerber Core. We take the security of our users seriously.
Reporting Security Issues
⚠️ DO NOT create public issues for security vulnerabilities.
If you discover a security issue, please email: st.pitek@gmail.com
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Your contact information
Response time: 24-48 hours acknowledgment, 7-14 days for fix.
Security Features
✅ No External Calls: Guardian and Cerber run locally, no data sent externally
✅ Open Source: Full transparency - audit the code yourself
✅ No Telemetry: No tracking, no analytics, no data collection
✅ MIT Licensed: Safe for commercial use
Best Practices
- Never commit secrets to schemas (use
process.env) - Keep
.envfiles in.gitignore - Update regularly:
npm update cerber-core - Enable Dependabot for automated security updates
- Run
npm auditregularly
Full security policy: SECURITY.md
📄 License
MIT © 2026 Stefan Pitek
See LICENSE for details.
Commercial Use
Cerber Core is free for commercial use under MIT License. No attribution required (but appreciated!).
Need:
- Custom features or private fork support?
- Dedicated SLA or priority bug fixes?
- On-premises deployment assistance?
- Enterprise training and integration?
Contact: st.pitek@gmail.com
🌟 Acknowledgments
- Inspired by pre-commit framework
- Tested in production at Eliksir SaaS
- Built with TypeScript + Node.js
- Community feedback from 100+ developers
📞 Support
- 🐛 Issues: GitHub Issues
- 💡 Discussions: GitHub Discussions
- ⭐ Repository: cerber-core
🎯 Roadmap
Version 1.1 (Q1 2026)
- VS Code Extension (visual dashboard)
- GitHub Action (automated checks in CI)
- Slack/Discord notifications
- Web dashboard (React app)
Version 2.0 (Q2 2026)
- Playwright integration (E2E health checks)
- Custom reporter plugins
- Metrics export (Prometheus, DataDog)
- Multi-language support (Python, Go)
⭐ Star History
If Cerber saved you time, please give us a star! ⭐
Integration
Morning:
npm run cerber:morning # SOLO + TEAM dashboard
Create module:
bash team/scripts/cerber-add-module.sh payment
Focus mode:
bash team/scripts/cerber-focus.sh payment
# AI gets FOCUS_CONTEXT.md (500 LOC vs 10,000 LOC)
Validate:
bash team/scripts/cerber-module-check.sh payment
bash team/scripts/cerber-connections-check.sh
Commit:
git commit # Guardian validates
Before push:
npm run cerber:pre-push # SOLO checks
Deploy:
curl /api/health # Cerber 2.1 validatesMade with 🛡️ by developers, for developers
👥 About the Project
Founded by Agata Ślęzak, created and developed by Stefan Pitek
🎯 The Story
Stefan Pitek - Career changer who started coding in May 2025
- 30 years professional experience: 12 years banking, 8 years hospitality, 8 years business, 2 years as chef
- Co-owned restaurant with Agata
- First line of code: May 2025
- 8 months later: 3 production SaaS apps + this open-source tool
- Built entirely with AI assistance (Claude, ChatGPT, Copilot)
Agata Ślęzak - Business owner and project sponsor
- Former restaurant co-owner
- Provides business direction and funding
- Handles legal and financial aspects
- Most importantly: Believed in Stefan's potential when he had zero coding experience
- Continues to support and encourage through every challenge
Partnership: 90/10 split reflecting business ownership and technical contribution.
"None of this would exist without Agata's unwavering belief and support. When I wrote my first
console.log, she saw a future developer. Eight months later, here we are." — Stefan
From restaurants to SaaS - bringing the same attention to quality and customer experience that we learned in hospitality.