Built at JacHacks 2026

Corpus
the immune system for your code

Self-healing code. Zero human intervention.

AI writes your code. Corpus intercepts every file, catches CVE-linked vulnerabilities, hallucinated dependencies, and broken contracts — then heals them automatically.
Zero human intervention. The code fixes itself.

$npm install -g corpus-cli
Scan a repo
~/my-project

Try it now -- scan any GitHub repository

Paste a repo URL and Corpus builds the structural graph, runs security scanners, and shows findings.

or try:||

Features

UNDERSTAND

Auto-scans your codebase and builds a structural graph. Every file, function, and dependency mapped in seconds.

corpus init --deep

WATCH

Hooks into Claude Code and Cursor via MCP. Intercepts broken changes and auto-fixes them before they land.

MCP auto-fix enabled

SHOW

A visual graph of your entire project. Green means healthy, red means broken. Know your codebase at a glance.

/graph → live view

15 Defense Layers

Two tiers of protection. Code scanners catch file-level issues. Agent guardrails enforce behavioral safety.

CODE SCANNERSFile-level analysis in milliseconds

Graph Contracts

Diffs against structural graph. Catches removed functions, deleted guards, broken exports.

CVE Patterns

30 vulnerability patterns mapped to real CVE IDs. SQL injection, SSRF, prototype pollution.

Secret Detection

API keys, tokens, private keys, database URLs, webhook secrets in source code.

Code Safety

eval(), exec(), innerHTML, disabled SSL, SQL concatenation, wildcard CORS.

Dependency Check

Hallucinated npm packages, typosquats, non-existent imports. Checks against 12K+ known packages.

Pattern Intelligence

Learned from 280 repos. Context-aware: eval() in webpack = suppress, eval() in route = critical.

Trust Scoring

Per-file and codebase-wide trust scores. 0-100 based on finding density and severity.

AGENT GUARDRAILSBehavioral safety via Jac walkers

Injection Firewall

Scans external content for prompt injection before it enters LLM context.

Exfiltration Guard

Detects PII in outbound payloads — emails, SSNs, credit cards — and redacts.

Context Poisoning

Scans stored memory for poisoning signatures like "ignore previous instructions."

Cross-User Firewall

Enforces user context isolation. Prevents data from user A bleeding into user B.

Session Hijack

Detects rapid-fire events and timing anomalies that indicate automated injection.

Confidence Calibrator

Audits action logs for overconfidence and underconfidence per intent category.

Scope Enforcer

Checks if proposed action falls within developer-declared scope boundaries.

Undo Integrity

Classifies actions as reversible, best-effort, or irreversible before execution.

Real-time immune intelligence. Learned from 280+ open-source repos.

0
CVE patterns tracked
0
findings detected
0
packages verified
15
defense layers

Previously Scanned Repos

Benchmarked against popular open-source projects

RepositoryFilesNodesFindingsScan Time
honojs/hono3621,56769107ms
drizzle-team/drizzle-orm9664,87437334ms
trpc/trpc9092,9368255ms
shadcn-ui/ui3,38312,840--933ms
calcom/cal.com7,50822,794--2.1s
prisma/prisma2,8136,782--642ms
t3-oss/create-t3-app178322073ms

No more AI slop

1

Your AI writes code

Claude Code, Cursor, or any MCP-compatible tool generates changes to your codebase.

2

Corpus intercepts and evaluates

Deterministic policy evaluation powered by Jac catches regressions, broken imports, type errors, and structural damage.

3

Auto-fix or alert

Broken code is healed automatically. If it cannot be fixed, you see it instantly in the visual graph -- red nodes, clear diagnostics.

Corpus watches so you don't have to.

$npm install -g corpus-cli

10 Jac Walkers guarding your AI agent

Deterministic policy evaluation powered by Jac. No LLM opinions. No probabilistic guessing. Pure graph traversal that returns PASS, CONFIRM, or BLOCK.

Why Jac for Policy Evaluation?

Deterministic

LLMs are probabilistic -- ask the same question twice, get different answers. Safety policies must be deterministic. Jac walkers traverse a graph and return the same verdict every time.

Graph-Native

Jac is built around graphs. Policy evaluation is graph traversal -- walkers visit nodes, check conditions, and report verdicts. No ORM, no SQL.

Composable

Each walker is independent. Stack 10 built-in policies, then add your own custom walkers. Each one checks a specific concern -- no tangled if-else chains.

Action Safety

Blocks destructive actions universally

🛡️

Scope Guard

Enforces action scope boundaries

⏱️

Rate Guard

Rate limiting for AI actions

🎯

Confidence Calibrator

Detects AI overconfidence & underconfidence

🔥

Injection Firewall

Blocks prompt injection attacks

🔒

Exfiltration Guard

Prevents PII data exfiltration

👾

Session Hijack

Detects automated session injection

👥

Cross-User Firewall

Prevents cross-user data access

☠️

Context Poisoning

Detects poisoned memory chunks

↩️

Undo Integrity

Validates undo capability before execution

See full policy details & Jac source code
Built at JacHacks 2026Powered by JacBacked by Backboard.ioBuilt on InsForge