Every Tool You Need to Govern AI Code

Full-text search across all session observations and learnings. Find what AI learned about any topic, pattern, or decision instantly.

Chronological view of observations and learnings across sessions. See how understanding evolved over time.

Deep dive into a specific observation with full context, related sessions, and linked decisions.

Browse and search past sessions with summaries, tool usage stats, and key outcomes.

Catalog of past failures and near-misses with root cause analysis and prevention strategies.

Manually ingest observations, learnings, or external knowledge into the memory system.

Build and update the CodeGraph index from your codebase. Analyzes files, functions, classes, imports, and relationships.

Retrieve rich context for any file or symbol including dependencies, dependents, domain, and related features.

Map tRPC router procedures to their implementations, showing input schemas, middleware, and handler locations.

Analyze coupling between modules, identifying tight dependencies and architectural boundaries.

Trace the blast radius of changes across the codebase. Shows all affected files, functions, and features.

View and manage business domain boundaries. Maps files and modules to logical domains defined in config.

Query database schema information including tables, columns, types, relationships, and constraints.

Search the feature registry by name, domain, status, or any metadata. Find any registered feature instantly.

Get full details on a registered feature including all files, functions, dependencies, and health metrics.

Analyze the impact of modifying or removing a registered feature. Shows cascading effects across the codebase.

Validate that a registered feature is complete and healthy. Checks file existence, export presence, and test coverage.

Register a new feature in the Sentinel registry with its files, entry points, dependencies, and metadata.

Check feature parity across environments, versions, or branches. Detect drift between expected and actual state.

Calculate an objective quality score for the current session based on verification coverage, test results, pattern compliance, and error density.

Track quality scores over time across sessions. Visualize improvement trends and identify regression patterns.

Generate detailed quality reports in summary, detailed, or SOC2-compliant formats with actionable insights.

Analyze the effectiveness of prompts and instructions given to AI. Score clarity, specificity, and result quality.

Get AI-powered suggestions for improving prompt quality based on patterns from high-scoring sessions.

Track token usage and estimated cost for the current session. Breaks down by tool calls, prompts, and responses.

Analyze cost trends over time. Identify expensive patterns, compare session costs, and forecast spending.

Attribute AI costs to specific features. See which features are most expensive to build and maintain with AI.

Cloud dashboard visualization of AI cost data with interactive charts, trend lines, and model breakdown views.

Automated email alerts when AI spend approaches or exceeds your configured monthly budget threshold.

AI spend projections based on current daily usage patterns, projecting month-end totals from your spending rate.

Side-by-side session analytics comparison showing cost, tokens, turns, and tool usage differences.

Log every significant action with timestamp, actor, tool, inputs, outputs, and outcome. Immutable audit chain.

Generate compliance reports from the audit trail. Supports summary, detailed, and SOC2 formats.

Verify the integrity of the audit trail using cryptographic chaining. Detect any tampering or gaps.

Run validation rules against code changes. Checks pattern compliance, naming conventions, and architectural constraints.

Generate a validation report showing all checks, pass/fail status, and remediation steps for failures.

List all Architectural Decision Records with status, date, and summary. Searchable and filterable.

View the full content of an ADR including context, decision, consequences, and linked code changes.

Create a new Architectural Decision Record with structured context, options analysis, and decision rationale.

Browse and install curated rule packs covering SOC2 compliance, React best practices, API security, and more.

Pre-built rule template sets that can be installed with one click and automatically kept up to date.

Calculate a security score for your codebase based on vulnerability patterns, exposed secrets, and security anti-patterns.

Visual heatmap of security risk across your codebase. Identifies hotspots where vulnerabilities cluster.

Track security scores over time. Detect improving or degrading security posture across sessions.

Score dependency risk based on maintenance status, known vulnerabilities, license compatibility, and alternatives.

Suggest safer or better-maintained alternatives for risky dependencies. Includes migration complexity estimates.

Continuous monitoring of project dependencies for CVE vulnerabilities, maintainer abandonment, and license changes.

Real-time alerts for dependency vulnerabilities, stale packages, license changes, and major version updates.

Replay any past session step-by-step. See every tool call, prompt, response, and outcome in chronological order.

Analyze prompts used in sessions for clarity, specificity, ambiguity, and effectiveness patterns.

Analyze tool usage patterns across sessions. Identify most-used tools, common workflows, and underutilized capabilities.

Aggregate statistics across sessions including duration, tool usage, error rates, and productivity metrics.

Audit documentation completeness by comparing code exports, public APIs, and features against existing documentation.

Calculate documentation coverage percentage. Shows documented vs undocumented exports, functions, and modules.

Automated weekly team activity summaries with quality trends, cost breakdown, and risk alerts delivered to your inbox.

Aggregated quality analytics, risk hotspot identification, coupling change detection, and developer activity heatmaps.

Auto-generated onboarding documentation from team knowledge, common patterns, frequent mistakes, and key files.

Save, search, share, and rate effective prompts. Includes effectiveness scoring and full-text search across your prompt collection.

Search team knowledge across all members. Find who knows what, past decisions, and shared learnings.

Map team expertise by domain, technology, and codebase area. Identify knowledge gaps and single points of failure.

Detect conflicting changes across team members. Identify merge risks and coordination needs before they cause problems.

Monitor the health of registered features over time. Track stability, test coverage, bug density, and change frequency from local session data.

Assess regression risk for any proposed change based on historical patterns, test coverage, and feature coupling from local session data.

Real-time compliance monitoring with automated score computation, violation detection, and remediation suggestions.

Automated compliance report generation on weekly, monthly, or quarterly schedules with email distribution to stakeholders.

Generate downloadable PDF evidence bundles with audit chain certificates, change logs, and approval records.

Create and publish private rule template packs within your organization for consistent governance across teams.

Ingest structured knowledge into topic files from any source — documentation, ADRs, session learnings, or external references.

Full-text search across all knowledge topics with relevance ranking and source attribution.

View all entries for a specific knowledge topic with metadata, timestamps, and source references.

List all knowledge topics with entry counts, last-updated timestamps, and coverage summaries.

Update or supersede existing knowledge entries with new information, preserving the change history.

Remove outdated or incorrect knowledge entries with soft-delete and optional purge.

Export knowledge topics to Markdown, JSON, or YAML for use in documentation or external systems.

Bulk-import knowledge from Markdown files, JSON exports, or structured documentation directories.

Identify topics referenced in sessions but not present in the knowledge base. Surface knowledge coverage gaps.

Link related knowledge entries across topics to build a connected knowledge graph.

Usage statistics for knowledge entries — query frequency, session attribution, and coverage over time.

Synchronize knowledge base across machines and team members via cloud. Merge conflict detection included.

Persistent cross-session memory stored in a local MEMORY.md file. AI reads this at session start to recover context from previous sessions automatically.

Automatically capture and apply corrections made during sessions. AI learns from your corrections and avoids repeating the same mistakes.

Organize memory into topic-specific files (e.g., MEMORY-auth.md, MEMORY-payments.md) for domain-scoped context injection.

Fires when a Claude Code session begins. Injects project context, loads MEMORY.md, and prepares the AI with codebase state.

Fires when a session ends. Saves observations, updates MEMORY.md, and records session outcomes for future reference.

Fires after every tool call. Records tool usage, logs outcomes, and triggers quality event tracking.

Fires on every user message. Appends canonical rules, active context, and governance reminders to each prompt.

Fires before context compaction. Saves critical state to MEMORY.md so nothing important is lost during compaction.

Fires before any file deletion. Checks Sentinel registry and blocks deletion of registered feature files.

Fires after file edits. Provides AI with updated coupling and impact context for recently changed files.

Fires on file writes. Scans for secrets, credential patterns, and security anti-patterns before changes land on disk.

Fires on every tool call. Estimates token usage and cost in real time, accumulating session cost totals.

Fires at session start. Analyzes recent work and suggests the most likely next task based on open items and session history.

Smart test runner with failure analysis, coverage gap detection, and automatic test generation for untested modules.

Hypothesis-driven debugging with root cause tracing, call chain analysis, and verified fixes.

Behavioral equivalence verification during code restructuring with incremental transforms and automatic rollback.

Version bump, changelog generation, pre-release verification across 4 tiers, and clean tagging.

Automated dead code removal, unused import cleanup, and orphaned file detection with full verification.

Generate JSDoc comments, README sections, and API reference documentation from actual code behavior.

AI-powered effort estimation using codebase analysis, complexity scoring, and historical session data.

Generate implementation plans aligned with project architecture, config patterns, and canonical rules.

Continuous verification audit loop that checks plan specificity, feasibility, blast radius, and pattern compliance.

Execute plan items with mandatory proof at each step — build, type-check, test, and pattern verification.

Full verification audit before commit — type safety, tests, pattern compliance, and security scanning.

Complete regression detection, security scan, and test suite verification before pushing to remote.

Automated 7-dimension code review covering patterns, security, architecture, performance, and accessibility.

Comprehensive dependency audit for vulnerabilities, outdated packages, license compliance, and unused dependencies.

Scoped fix workflow with automatic branch creation, targeted fix, test verification, and PR creation.

Generate structured changelog entries from conventional commits with category grouping.

Read-only project health dashboard with 14 health checks across build, tests, patterns, and security.

Fast pre-push verification — type check and pattern scan without running the full test suite.

Run all VR-* verification checks — build, type, test, pattern, security, and coverage in one pass.

Feature scaffolding with config registration, test stubs, and verification plan generation.

Enforce architectural golden paths for new code. Validates new files and modules against defined structural patterns.

Find and remove unused exports, unreferenced files, and orphaned modules with safe-removal verification.

Test-driven development loop with red-green-refactor enforcement, coverage gates, and test-first plan generation.

Step-by-step interactive onboarding guide for new developers covering codebase structure, patterns, and key workflows.

Run and verify Playwright end-to-end tests with failure analysis, retry logic, and screenshot capture.

Manage dependencies with upgrade planning, breaking change detection, and migration path generation.

Generate comprehensive API documentation, README sections, and architecture docs from actual code behavior.

Check feature parity between source and target systems. Detect missing features, behavioral differences, and drift.

Structured deployment workflow with pre-deploy verification, environment checks, and rollback planning.

Iterative development loop with Playwright browser testing — implement, verify visually, and refine until all checks pass.

Code simplification and cleanup — reduce complexity, flatten abstractions, and remove unnecessary indirection.

Programmatic access to all your cloud data via authenticated, versioned REST endpoints with per-key rate limiting.

Real-time event delivery to your systems with HMAC signature verification, retry logic, and delivery logs.

Automated risk assessment for pull requests combining impact, regression, security, and coupling analysis via GitHub Actions.

Embeddable SVG badges for your repository READMEs showing quality, security, or cost scores in shields.io format.

Index and query Python import edges across your backend codebase. Identifies relative and absolute imports, star imports, and per-symbol dependencies.

Discover and inspect all FastAPI route endpoints — methods, URL patterns, dependencies, authentication status, and response models.

Detect cross-language coupling between TypeScript frontend code and Python backend routes. Surfaces uncoupled routes and dangling frontend fetches.

Inspect SQLAlchemy ORM model definitions including table mappings, columns, types, nullable constraints, and foreign key relationships.

Query Alembic migration history with revision chains, operation summaries, and schema drift detection against current model definitions.

Apply domain boundary enforcement to Python files. Routes and models are assigned to business domains; cross-domain violations are detected alongside TypeScript boundary checks.

Full cross-language blast radius analysis for Python files. Shows TypeScript files that call affected routes and all downstream Python importers.

Rich context for any Python file: domain assignment, imports, importers, coupled frontend files, applicable governance rules, and related models.

Define project-specific coding conventions, naming rules, and architectural constraints in massu.config.yaml. All convention enforcement is config-driven.

License validation with offline grace period. Validates API keys against the cloud license server with automatic fallback for intermittent connectivity.

Manage API keys for cloud sync, REST API access, and CI/CD integration. Per-key rate limiting and usage tracking included.

Automatic tool access control based on subscription tier. Core tools are always free; Pro, Team, and Enterprise tools unlock with the corresponding subscription.