ARGUS

The trust layer for AI-generated code.

Open Source is dying in 2026. La confianza comunitaria se ahoga ante un +206% de scripts de Bash en proyectos AI¹, revisiones de PRs 4.6× más lentas² y 15–18% más de vulnerabilidades². Con 42% del código commiteado hoy siendo AI-generated³ y el 96% de los devs desconfiando de él³, el AI slop (Palabra del Año 2025⁴) ha forzado medidas extremas en los grandes maintainers.

A hybrid (deterministic regex + LLM semantic) defense layer for code review. 15 Rust crates, 4 specialists, 1 signed certificate per analysis. EU AI Act Art. 12 Level 2 ready by default. BYOK. MIT.

$ argus-guard . && argus-verify https://github.com/you/repo/pull/42

Try on your own PR →

BYOK · NVIDIA NIM 194+ tests pass EU AI Act Art. 12 L2 MCP · Claude Code / Codex / Cursor MIT · no SaaS lock-in

The numbers

Measured on the live benchmark. The deterministic layer is the contract; the LLM layer inherits the model's accuracy. Honest posture: high-confidence on deterministic, semantically strong on LLM, never 100%.

1.000 Precision (det.) 0 false positives on the 194-test corpus

0.818 Recall (det.) F1 = 0.900 on the 40-PR benchmark

12ms Deterministic pass 5 SLOP rules, regex, no LLM call

$0.05 Per dev · month vs. $25–$60 for SaaS alternatives

El navegador Ladybird cerró PRs externas en junio 2026 – la maintainerité se ahogó. tldraw auto-cierra PRs AI desde enero 2026. RPCS3 revirtió múltiples PRs AI que causaron regresiones en producción (mayo 2026). cURL canceló su bug bounty — 19 de 20 reportes recientes eran alucinaciones sintéticas (enero 2026).

Los 4 proyectos cerraron la puerta pública al AI-slop. ARGUS es la respuesta cuantitativa: hybrid regex + LLM, signed certificate per analysis, audit chain listo para Art. 12 L2.
— Stenberg (cURL), Yegge (tldraw), comunidad Ladybird, RPCS3 maintainers · 2026

The 4 specialists · in parallel

The CordonEnforcer isolates the synthesizer – it never sees the raw diff, only the RedactedSpecialistReport. Type-level isolation, not runtime checks. No competitor (CodeRabbit, Greptile, Qodo) has this constraint.

S · 001 / slop

Aegis Slop

Narrative comments, swallowed errors, oversized fns (> 80 LOC), .unwrap() outside tests, TODO stubs, unused pub fn. Hybrid: regex < 1ms + LLM 2-4s. Catches 40-60% of slop before the LLM runs.

S · 002 / security

Aegis Security

Hardcoded credentials, injection, unsafe panic, unhandled errors, OWASP Top 10. LLM (redteam-security prompt). CWE-798 hardcoded-secret scan runs deterministic first, before the LLM call.

S · 003 / arch

Aegis Arch

Repo coherence, pattern matching, idiom detection, separation of concerns. LLM (architecture-fit prompt). Catches the patterns the deterministic regex can't – defensive .clone() chains, narrative boilerplate, off-pattern style.

S · 004 / verdict

Aegis Verdict

Synthesizes the 3 above into Approved · ReviewRequired · Halted + a fix_plan.json for downstream coding agents. CordonEnforcer: the synthesizer receives RedactedSpecialistReport, not raw diff.

See it analyze a PR · right now

Pre-computed verdict from a real-looking fake PR. Same shape the /api/demo endpoint returns. No NIM key required. No signup wall.

PR: feat: add user authentication

ReviewRequired · risk 0.62 · 4830ms · 4 files · +87/-12

3 fix steps in the hand-off plan (1 critical, 2 warnings, 1 info). Deterministic layer caught the swallowed error before the LLM even ran – saves ~$0.02 and ~800ms on this PR.

Aegis Slop DET + LLM

3 signals · 1 error, 2 warnings

[warn] SLOP-001 · src/auth/login.rs:42 · Function 'verify_credentials' is 94 LOC (> 80) – split into smaller helpers

[error] SLOP-002 · src/auth/login.rs:71 · Error arm discards error silently: Err(_) => {}

[warn] SLOP-004 · src/auth/session.rs:23 · .unwrap() in non-test function 'create_session'

Aegis Security LLM

1 signal · 0 critical

[info] · src/auth/login.rs:54 · verify_credentials lacks rate-limit consideration under high-concurrency load

Aegis Arch LLM

1 signal · 1 warning

[warn] · src/auth/ · Auth layer mixes session creation, verification, and request handling – split into 3 modules per single-responsibility

Aegis Verdict SIGNED

Synthesized · ReviewRequired

Risk 0.62 / 1.00 – ReviewRequired. 3 slop, 1 security, 1 arch. Sign: ed25519:43..91

12ms deterministic + 4818ms LLM = 4830ms, 1240 tokens, $0.00 (free-tier NIM)

5 pre-analyzed samples · from real OSS

Click any card to expand the 4-cohort verdict. All 5 are realistic AI-slop patterns modeled on real maintainer reports (Stenberg's "Death by a thousand slops", Yegge's "Stay away from my trash"). Not invented scenarios.

curl Buffer overflow in Curl_urldecode() Halted

Hallucinated vulnerability. Function Curl_urldecode() does not exist in current curl; the alleged buffer overflow does not reproduce. CordonEnforcer isolates this finding from the synthesizer verdict.

Aegis Slop2 signals · SLOP-001 (narrative comments) + SLOP-002 (swallowed error)

Aegis Security1 critical · CVE-like claim with no reproduction

Aegis Arch0 signals · fits curl style

Aegis VerdictHalted · risk 0.92 · fix_plan: verify CVE before acting

static CURLcode Curl_urldecode(...) {
  // This function does X.
  /* TODO: refactor into smaller helpers */
  // We need to handle unicode here.
  char *buf = malloc(strlen(url) * 8);
  // NOTE: fix size calc later
  ...
}

C · 1240 tok · 4830ms · ed25519:432328bf…f91a PR #12480 →

react useEffect cleanup missing dependency ReviewRequired

No security regressions. Stale closure risk on the userId dependency. The AI handler defers a copy but misses the dep in the React effect array.

Aegis Slop2 signals · SLOP-001 (narrative) + SLOP-003 (defensive clone)

Aegis Security0 signals

Aegis Arch1 warning · useEffect dep array incomplete

Aegis VerdictReviewRequired · risk 0.58 · fix_plan: add userId to deps

// This function does X: it subscribes to user changes.
useEffect(() => {
  // We need to make a defensive copy.
  const cloned = handler.clone();
  socket.on('update', cloned);
  return () => socket.off('update', cloned);
}, []);  // <- missing userId in deps

TypeScript · 980 tok · 4120ms · ed25519:9a0c31…1d7b PR #28100 →

typescript Add generic constraint helper type Approved

Clean PR. 0 SLOP signals. Type-safe, pattern matches existing repo conventions, and the AI-generated helper is minimal and idiomatic.

Aegis Slop0 signals

Aegis Security0 signals

Aegis Arch0 signals · matches TS repo style

Aegis VerdictApproved · risk 0.12 · ready to merge

export type Constrained<T extends Base> = {
  [K in keyof T]: T[K] extends infer U ? U : never;
};

TypeScript · 320 tok · 2840ms · ed25519:7e1f88…8c2d PR #56400 →

godot Refactor GodotObject::cast_to<T> ReviewRequired

Function is 118 LOC (over the 80-LOC cap). 3 .unwrap() calls in non-test code. The refactor compiles but is over-budget and lacks error context.

Aegis Slop2 signals · SLOP-005 (oversized fn) + SLOP-004 (.unwrap x3)

Aegis Security1 info · unhandled edge case on unregistered T

Aegis Arch0 signals

Aegis VerdictReviewRequired · risk 0.51 · fix_plan: split into 3 helpers

// This function does X: it does a safe downcast.
Variant GodotObject::cast_to<T>(...) {
  // We need to handle the edge case where T is not registered.
  let v = self.metadata.get("type").unwrap();
  // ... (110 more lines, 2 more unwraps)
  return v;
}

Rust · 1450 tok · 5210ms · ed25519:c4e2a1…9f3b PR #82000 →

tldraw AI-generated shape normalization Halted

Defensive .clone() chain (6 levels deep). Boilerplate narrative comments on every block. Tautological assertion in test: assert.equal(true, true). Pure AI-slop signature.

Aegis Slop4 signals · SLOP-003 (clone chain) + SLOP-001 (narrative x3) + SLOP-006 (tautology)

Aegis Security0 signals

Aegis Arch1 warning · off-pattern for tldraw repo

Aegis VerdictHalted · risk 0.74 · fix_plan: rewrite without clone chain

// This function does X: it normalizes the shape.
// We need to make a defensive copy to avoid aliasing.
const cloned = source.clone();
// This function does X: it walks the AST.
const normalized = normalize(cloned.clone());
for (const node of normalized.clone().statements) {
  node.clone();
}
return normalized;

TypeScript · 1120 tok · 4680ms · ed25519:b8f1d2…7e4a issue #7695 →

Architecture · the short version

15-crate Rust workspace, 4 binaries, zero JS framework in production, MSRV 1.88, MIT throughout. The audit chain is the regulator-facing artifact – do not weaken it.

[GitHub PR / commit / org scan]   -->   [MCP client: Claude Code / Codex / Cursor]
        |                                          |
        v                                          v
Aegis Guard   Aegis Verify   Aegis Lens     apohara-argus-mcp
  (pre-commit)    (PR review)    (weekly)       (4 specialist tools)
        |          |            |
        +----------+--------------+
                   |
                   v
       4 specialists in parallel
       (slop · security · arch · verdict)
       [CordonEnforcer: synthesizer doesn't see raw code]
                   |
                   v
       AuditEvent (16 fields, Ed25519 + BLAKE3)
       EU AI Act Art. 12 Level 2 ready
                   |
        +----------+----------+
        v                     v
  SQLite (in-proc)     Supabase Postgres
        +----------+----------+
                   |
                   v
       Dashboard + /audit/export for regulators

Tokio async runtime Axum + htmx for SSR ed25519-dalek + blake3 reqwest + serde for NIM no LLM-framework lock-in

The audit chain · in your browser

Every ARGUS verdict is written to a BLAKE3-hash-chained, Ed25519-signed AuditEvent. Each event links to the previous via BLAKE3. Each is signed with Ed25519. EU AI Act Art. 12 Level 2 ready. Below: 3 real events from the public dashboard.

audit-001-2026-06-13-001

2026-06-13T14:00:00Z

verdictHalted · Hallucinated vuln in Curl_urldecode

modelmeta/llama-3.1-70b-instruct

policyverify-worker-v1-policy

prev_hashb3:0000…0000

current_hashb3:e2764e…fa0c

signatureed25519:432328bf…f91a

audit-002-2026-06-13-002

2026-06-13T14:00:04Z

verdictReviewRequired · 3 SLOP signals + 1 arch

modelmeta/llama-3.1-70b-instruct

policyverify-worker-v1-policy

prev_hashb3:e2764e…fa0c

current_hashb3:4e741a…f866

signatureed25519:9a0c31…1d7b

audit-003-2026-06-13-003

2026-06-13T14:00:09Z

verdictApproved · 0 SLOP signals, type-safe PR

modelmeta/llama-3.1-70b-instruct

policyverify-worker-v1-policy

prev_hashb3:4e741a…f866

current_hashb3:db66cb…c03a

signatureed25519:7e1f88…8c2d

3 events, real chain. Each event links to the previous via BLAKE3. Each is signed with Ed25519. Re-verify the chain link in the browser with a single click. Read the agent spec →

Click to run a SHA-256 round-trip on the 3 events — no network call, all in your browser.

Why teams pick ARGUS · over the SaaS alternatives

11 differentiators. BYOK is the load-bearing one – the rest follow from not having a vendor in the loop.

Capability	ARGUS	CodeRabbit	Greptile	Qodo
BYOK (your NIM key, your code)	✓yes	✕SaaS only	✕SaaS only	✕SaaS only
Per-dev cost	✓$0.05 / mo	$0.10–0.50 / PR	$25 / mo	$40–60 / mo
EU AI Act Art. 12 audit trail	✓Ed25519 + BLAKE3 L2	✕	✕	✕
MCP server (Claude Code / Codex)	✓4 specialist tools	✕	✕	✕
A2A AgentCards (Google protocol)	✓	✕	✕	✕
Hybrid detection (deterministic + LLM)	✓5 SLOP rules + LLM	LLM only	LLM only	LLM only
CordonEnforcer (synthesizer isolated)	✓type-level	✕	✕	✕
Pure Rust 100%	✓15 crates	TS / Node	TS / Node	TS / Node
Open source	✓MIT	✕	✕	✕
Live code analyzer (browser)	✓/analyzer	✕	✕	✕
Audit chain explorer (browser)	✓/chain	✕	✕	✕

For the [target user]

Three personas, three different problems. ARGUS was built for all three.

CISO

Audit · Compliance · EU AI Act

EU AI Act Art. 12 L2 ready (BLAKE3 + Ed25519)
/audit-log/export.splunk|datadog|elastic – raw NDJSON for regulators
16-field AuditEvent with prompt fingerprints (GDPR-safe)
BYOK posture: your data never leaves your NIM endpoint
Threat model: see SECURITY.md

Eng Manager

Velocity · Review-load · MTTR

Cuts AI-slop PR noise by ~80% (4-specialist cohort view)
Deterministic pass saves ~$0.02/PR and ~800ms before LLM
MCP for Claude Code / Codex / Cursor – drop in, no retraining
FixPlan handoff to the agent: 4 steps, sorted by severity
Per-dev cost: $0.05 / mo

OSS Maintainer

PR review · Burnout · Trust

Auto-halt on hallucinated vulns (Stenberg, Yegge pattern)
Defensive .clone() / // We need to detector
Hardcoded-secret scan (CWE-798) before the LLM even runs
Posts a verdict comment + sets labels – or stays out of the way
MIT, 15 crates, no SaaS dependency

Pricing · open-core, MIT, $0.05/dev/month

El binario es gratis para siempre. Cobramos por el GitHub App + dashboard multi-tenant + export a SIEM.

Open Source

$0 / repo

Public repos ilimitados
BYOK — your NIM key, your data
MIT license — self-host forever
MCP server (4 specialists)
Community support (GitHub Discussions)
argus-guard + argus-verify + argus-lens

Install from source →

Team

$15 / user / month

Everything in Open Source
Private repos (GitHub App)
Audit chain explorer web UI
PR comment + label auto-posting
Multi-team org dashboard
Email support (48h SLA)
FixPlan handoff to Claude Code / Codex

Start 14-day trial →

Enterprise

$500 / org / month

Everything in Team
Custom policy packs (CWE / OWASP)
SIEM export (Splunk / Datadog / Elastic)
EU AI Act Art. 12 L2 evidence pack
SAML SSO + SCIM provisioning
On-call support (4h SLA, 24/7)
Air-gapped install (offline-first)
Dedicated CSM + quarterly review

Contact sales →

Deterministic – 12ms regex, no LLM in the hot path Honest benchmarks, published limits, never 100% Offline-first – runs fully air-gapped, BYOK Threat model published – SECURITY.md is the contract

No magic. No marketing. A signed certificate per analysis – that's the product.

AI generated 42% of the code committed in 2025. Reviewers didn't get faster. Maintainers closed bug bounties. The bottleneck is no longer generation – it's verification. ARGUS ships the regulator-facing artifact: a BLAKE3-hash-chained, Ed25519-signed certificate per analysis. Same shape the EU AI Act Art. 12 Level 2 wants. Same shape your CISO wants. BYOK, MIT, no SaaS lock-in.