Features
Dead code detection (unused functions, imports, classes, variables)
Security vulnerability scanning (SQL injection, command injection)
Secrets detection for hardcoded credentials (AWS, Stripe, etc.)
Quality checks (complexity, nesting, duplicate literals)
AI defect detection: hallucinated imports, phantom calls, insecure defaults, removed controls
Confidence scoring for findings
CI/CD integration: GitHub Actions, tokenless CI
PR gate for blocking high-confidence regressions
Cloud workspace for shared triage and history
Real repo benchmarks: 98.1% recall, 21× fewer false positives than Vulture
Built-in Python framework coverage (Django, Flask, FastAPI, Pydantic)
Agent workflow detection (Claude Code, Cursor, Codex, Copilot)
@ai_fn decorator for LLM-powered Python functions
@ai_classifier decorator for text classification
Structured data extraction via Pydantic models
Agent loops with tool calling and function calling
Built-in streaming (SSE) support
Async-first API for concurrent applications
Rate limiting and automatic retries
LLM response caching for performance
Concurrency control for workload management
CLI tool for monitoring and debugging
SQLite state store for persistence
OpenAI and Anthropic model support
Embeddings generation for semantic search
Local execution with no cloud dependency
Self-hosted deployable as a library