TRINETRAGet Started

Architecture Intelligence

TRINETRA

Deterministic architecture analysis for AI coding agents.

Prevents architectural violations before code is generated. Rule-based. Local-first. Zero egress.

Architecture ScoreLIVE
0
Files scanned2,847
Violations1 blocked
EngineDeterministic
user.service.ts
1 import { UserRepo } from '@/infra/db'
2 import { EmailService } from '@/domain/email' // ✗ layer violation
3 
4 export class UserService {
5   constructor(private repo: UserRepo) {}
Import Graph AnalysisBarrel Re-export ResolutionPre-generation ValidationMCP ServerWorkspace InspectorCompositional Merge CheckingEd25519 Signed ReceiptsZero Egress100,000 FilesSARIF OutputCross-language TracingDeterministic EngineImport Graph AnalysisBarrel Re-export ResolutionPre-generation ValidationMCP ServerWorkspace InspectorCompositional Merge CheckingEd25519 Signed ReceiptsZero Egress100,000 FilesSARIF OutputCross-language TracingDeterministic Engine

The Problem

WHY AI
AGENTS
BREAK
ARCHITECTURE

01

Cross-layer imports

AI agents generate plausible imports that violate dependency boundaries without understanding architectural contracts.

02

Hidden barrel chains

Index files mask true dependencies. A single barrel import transitively pulls modules across forbidden boundaries.

03

Merge-time regressions

Individual commits pass review. Composed merges introduce architectural violations only visible in the full graph.

04

Post-generation linting

Existing tools run after code exists. Agents need deterministic validation before a single line is written.

Core Architecture Analysis

DETERMINISTIC
ENGINE

Rule-based analysis with instant validation. No LLM. No guesswork.

Import Graph Construction

Full dependency graph with transitive resolution across your entire workspace.

Architecture Rule Enforcement

Layer validation, forbidden dependency detection, and mandatory gateway enforcement.

Dependency Path Validation

Required architectural paths and cross-project architecture analysis.

Policy Evaluation

Zero false positives — rule-based engine with no AI inference in the core.

Protected Modules

Domain boundaries, database access rules, Controller → Service → Repository.

Custom Policies

Configured through .trinetra/architecture.json with full policy control.

Supported Languages

CROSS-LANGUAGE
TRACING

T

TypeScript

J

JavaScript

P

Python

  • Mixed TypeScript + Python monorepos
  • Cross-language dependency tracing
  • Python → TypeScript → Database paths
  • import / from x import y detection

Barrel Export Intelligence

8-HOP
resolution

Index files mask true dependencies. Trinetra traces through every re-export to reveal violations other tools miss.

01Resolves export *
02Multi-hop barrel exports
03Violations hidden behind re-exports
04Up to 8-hop barrel resolution
05True dependency path reconstruction

AI Coding Agent Integration

MCP
SERVER

Architecture tools exposed directly to Cursor, Claude, and any MCP-compatible agent.

trinetra-mcp → validate_import
trinetra-mcp → check_architecture
trinetra-mcp → suggest_repair

Pre-generation validation

Import permission checking

Architecture-aware code generation

Deterministic repair suggestions

Agent-safe architecture decisions

Prevents violations before code exists

Compositional Merge Checking

MERGE-TIME
ANALYSIS

Detects violations introduced only after merge. Identifies which branch introduced each edge. Explains conflicts graphically.

feature/auth-refactor
a3f8c2dAdd AuthService layer
b7e1a09Wire session middleware
c4d2f11Update barrel exports
main
d9a5e33Refactor domain entities
e1b6c44Split email module
f2c7d55Update protections.json
READY

Click analyze to simulate compositional merge

  • Multi-branch analysis
  • Newly created dependency cycles
  • Newly created forbidden paths
  • Branch attribution per edge
  • Graphical conflict explanation

Workspace Inspector

VS CODE / CURSOR
Live architecture context

Trinetra Workspace Inspector
TRINETRA WORKSPACE INSPECTOR
Active Profile: Enterprise Profile · defaultEval: 1ms
SECTION 1Live Contextcursor target
.idea/incidentflow-azure-fixed.tstypescript
 1 async function createUser(req) {
 2   const user = await resolveUser(req);
 3 return user;
 4 }
You Are Here

createUser() incidentflow-azure-fixed.ts:1

Layer: generic · 0 import(s) in this file

This Line

Returns `user`.

The flow

  1. 1.Compute the answer
  2. 2.Hand it to the caller
  3. 3.This step ends

If you deleted this line

The step would keep running past this point and the caller would receive a different answer (or nothing) — everything relying on this result changes behavior.

Current Function

createUser()Ln 1–4

Why This Function Exists

Encapsulates 2 recognized operation(s): async function, await expression

Call Stack Leading Here

createUser()← current

No known callers — safe to refactor

Variables Entering / Leaving Scope

IN
req
OUT
user

Declared in block

requser

Database Models Involved

No models touched

API Endpoints Touched

No endpoints touched

Related Files

Route stays in this file

Data Flow Visualization

createUser

Recent Git Changes

Not a git repository (or git not installed)

Control Flow

Ln 3 · typescript · Return statement · return user;

Ends the current function immediately and hands the given value back to whoever called it. Nothing after this line in the function will run on this code path.

Models and endpoints above are the live sensors for this block.

IN/OUT and locals are derived from the enclosing function block.

Function and file git history listed above.

Cursor-aware · dictionary match · v1.5.0~150ms debounce · Theme integrated

Compliance

LOCAL-FIRST
SECURITY

Ed25519 Signatures

Cryptographically signed architecture compliance receipts. Auditable proofs with deterministic evidence.

Offline Verification

Verify receipts without network access. No third-party trust required.

Zero Egress

No cloud. No telemetry. No API requests. Runs entirely on your machine.

✗ Cloud✗ Telemetry✗ API requests✗ Remote processing✓ Editor theme sync

Developer Workflow

INTEGRATE
EVERYWHERE

CLI

Workspace scanning, rule validation, CI and pre-commit usage.

trinetra analyze --strict

GitHub Action

Architecture validation, CI blocking, SARIF generation.

trinetra/action@v1

Pre-commit Hook

Block violations before they enter your repository.

trinetra hook install

SARIF

GitHub Code Scanning compatible output. Offline execution.

trinetra analyze --sarif
.trinetra/architecture.json

Layer rules, forbidden imports, gateways

.trinetra/policy.json

Enforcement mode, merge analysis, receipts

.trinetra/protections.json

Locked files, protected directories

Protection System

GOVERNED
EXCEPTIONS

Visual badges for locked, warning, and protected paths. Policy-driven scoring with threshold-aware verdicts.

Locked files
Warning-only files
Allow-listed paths
Protected directories

New Service · Policy as Code

WE HAVE CREATED
POLICY AS CODE

Redefining how software is built — and how AI agent coding works. Governed files, role-based permissions, and evidence-based verdicts instead of opaque pass/fail gates.

IAM for Code: only people with permission can modify protected code. Agents cannot delete or change governed files without authority.

.trinetra/architecture.jsonJSON
{
  "layers": ["domain", "application", "infra"],
  "rules": [
    { "from": "application", "forbid": ["domain"], "except": ["ports/*"] }
  ]
}
.trinetra/protections.jsonJSON
{
  "protected_paths": [
    ".trinetra/**",
    "src/domain/**",
    "architecture.json"
  ],
  "locked_files": ["src/core/engine.ts"],
  "iam": {
    "require_approval_for": ["delete", "modify_protected"],
    "roles": {
      "staff-engineer": ["read", "modify_unprotected"],
      "principal": ["read", "modify", "delete_with_receipt"]
    }
  },
  "block_agent_delete": true,
  "block_agent_modify_protected": true
}
Agent ActionDELETE
principal: cursor-agent · role: unprivileged

Requested operation

DELETE src/domain/user.entity.ts

Protected path match: src/domain/** · IAM policy evaluated before execution

BLOCKED

IAM policy — insufficient permissions for agent principal

Reason

Agent principal lacks delete permission on protected path. block_agent_delete is enforced.

Alternative

Signed compliance receipt required from a principal role holder — evidence attached, not opaque rejection.

01

Policy as Code

Declarative architecture and protections in .trinetra/*.json — version-controlled, reviewable, and enforced at every touchpoint.

02

IAM for Code

Role-based modify and delete permissions. Only principals with authority can change governed files — AI agents included.

03

Agent Guardrails

Pre-generation and pre-delete validation. Agents cannot silently remove protected code or alter valuable configuration.

Not opaque pass/fail — every block carries evidence, policy reference, and a path to compliant resolution. Redefining the landscape of software development and agentic coding.

Developer Experience

INSTANT
VALIDATION

01

REAL-TIME FEEDBACK

02

CLICKABLE EVIDENCE

03

HUMAN-READABLE EXPLANATIONS

04

TECHNICAL EXPLANATIONS

05

VISUAL DEPENDENCY CHAINS

06

NO WAITING FOR LLM RESPONSES

07

INSTANT ARCHITECTURE VALIDATION

Performance

BUILT FOR
SCALE

Workspace-wide scanning with fast evaluation, low latency, and incremental updates.

0

Files stress-tested

0

Smoke tests passing

0

LLM calls in engine

0

Cursor debounce latency

Unique Selling Points

WHY TRINETRA

01

Prevents violations before code is generated

02

Deterministic — no AI in the core engine

03

Local-first with zero egress

04

Barrel re-export aware

05

Cross-language dependency analysis

06

Compositional merge checking

07

Live Workspace Inspector for VS Code/Cursor

08

Architecture-aware MCP server

09

Offline, cryptographically signed receipts

10

Interactive evidence-based explanations

Installation

START IN
60 SECONDS

No account. No API keys. Fully local.

npm install -g @trinetra/cli && trinetra init
  1. 1. Install the CLI globally via npm
  2. 2. Run trinetra init in your project
  3. 3. Configure .trinetra/architecture.json
  4. 4. Install VS Code extension or connect MCP
VIEW DOCS

FAQ

QUESTIONS

Does Trinetra use an LLM for analysis?

No. The core engine is fully deterministic — static analysis, import graph resolution, and rule evaluation only.

What languages are supported?

TypeScript, JavaScript, and Python with cross-language dependency tracing in mixed monorepos.

How does compositional merge checking work?

Trinetra builds the import graph of the merged result before integration, detecting violations individual commits wouldn't surface.

Is any data sent externally?

Never. Zero egress, zero telemetry. All analysis runs locally on your machine.