Never fakes “done”
The verdict is computed by strict rules. On the same code the answer is always identical, so you can show it to a manager or make it a condition for shipping.
Product · open source · MCP server
Blueprints and a spec before the code. Oversight while you work. An honest verdict and fresh docs after. AILC connects with one line, picks the checks for your project itself, and does not say “done” until it is true. Everything runs on your machine; your code never leaves it.
Two stubs and tests never run. AILC will not write “done” until the check truly passes.
The verdict is computed by strict rules. On the same code the answer is always identical, so you can show it to a manager or make it a condition for shipping.
It refutes half the empty alarms itself: a key in a comment, a stub, a textbook example. Only real problems are flagged in red.
It tracks the dangerous path of data across strings and functions, catching holes typical of code written by neural networks.
Three steps, all inside the editor you already have open.
Into your editor config. The right binary for your system downloads itself. No build, no scripts, no Rust.
For example, “check whether everything is fine before shipping.” No tool names to learn: AILC picks the checks itself.
A list of problems, a quality score, and a one-click fix for format and style. Dangerous is red, the rest are hints.
AILC follows where user input or a model’s reply ends up, and whether it reaches a dangerous place, even across several lines and renamings. Ordinary line-by-line checks miss this. It covers the OWASP list for AI apps: prompt injection and insecure handling of model output.
Not promises but specifics. 74 tools in nine families; here is the core.
Hardcoded keys: AWS, GitHub, Stripe and 28 more kinds. OWASP Top 10 vulnerabilities. Dependency checks against known holes, offline via the OSV database.
Code smells, dead code, over-complex functions, cyclic dependencies, stubs and TODOs, undocumented code.
Documentation stale against the code and broken public interfaces others depend on. Docs are regenerated straight from the code.
Personal data in logs (152-FZ), storing data abroad (242-FZ), foreign trackers. These are signals for review, not a legal guarantee.
Deep analysis on 15 languages
Already have Node.js? Paste the config. Nothing to build, no registration.
claude mcp add ailc -- npx -y ailc-mcp{
"mcpServers": {
"ailc": {
"command": "npx",
"args": ["-y", "ailc-mcp"]
}
}
}{
"servers": {
"ailc": { "type": "stdio", "command": "npx", "args": ["-y", "ailc-mcp"] }
}
}From scratch? One command installs AILC and prints the config. Node and Docker not needed.
curl -fsSL https://raw.githubusercontent.com/pro-deploy/ailc/main/install.sh | shirm https://raw.githubusercontent.com/pro-deploy/ailc/main/install.ps1 | iexOn first connect AILC downloads itself and creates an .ailc folder in the project with rules and scaffolding. After that the AI agent calls the check itself whenever you ask it to look at the code.
For a developer, open code and honesty weigh more than pretty logos.
Honestly: AILC does not replace human review or a pentest, and legal signals are not a legal guarantee. Deep analysis works on 15 languages; for rare ones the checks are simpler. We say this plainly because trust is worth more than pretty promises.
One line in your config, the ready binary downloads itself. Then AILC runs the cycle: blueprints before the code, oversight during, an honest verdict and fresh docs after.
Questions? Telegram @max_birkin, GitHub pro-deploy, email maxbirkin@gmail.com