Cross-layer imports
AI agents generate plausible imports that violate dependency boundaries without understanding architectural contracts.
Architecture Intelligence
Deterministic architecture analysis for AI coding agents.
Prevents architectural violations before code is generated. Rule-based. Local-first. Zero egress.
1 import { UserRepo } from '@/infra/db'
2 import { EmailService } from '@/domain/email' // ✗ layer violation
3
4 export class UserService {
5 constructor(private repo: UserRepo) {}The Problem
AI agents generate plausible imports that violate dependency boundaries without understanding architectural contracts.
Index files mask true dependencies. A single barrel import transitively pulls modules across forbidden boundaries.
Individual commits pass review. Composed merges introduce architectural violations only visible in the full graph.
Existing tools run after code exists. Agents need deterministic validation before a single line is written.
Core Architecture Analysis
Rule-based analysis with instant validation. No LLM. No guesswork.
Full dependency graph with transitive resolution across your entire workspace.
Layer validation, forbidden dependency detection, and mandatory gateway enforcement.
Required architectural paths and cross-project architecture analysis.
Zero false positives — rule-based engine with no AI inference in the core.
Domain boundaries, database access rules, Controller → Service → Repository.
Configured through .trinetra/architecture.json with full policy control.
Supported Languages
Barrel Export Intelligence
Index files mask true dependencies. Trinetra traces through every re-export to reveal violations other tools miss.
AI Coding Agent Integration
Architecture tools exposed directly to Cursor, Claude, and any MCP-compatible agent.
trinetra-mcp → validate_import
trinetra-mcp → check_architecture
trinetra-mcp → suggest_repair
Pre-generation validation
Import permission checking
Architecture-aware code generation
Deterministic repair suggestions
Agent-safe architecture decisions
Prevents violations before code exists
Compositional Merge Checking
Detects violations introduced only after merge. Identifies which branch introduced each edge. Explains conflicts graphically.
Click analyze to simulate compositional merge
Workspace Inspector
1 async function createUser(req) {
2 const user = await resolveUser(req);
3 return user;
4 }createUser() incidentflow-azure-fixed.ts:1
Layer: generic · 0 import(s) in this file
This Line
Returns `user`.
The flow
If you deleted this line
The step would keep running past this point and the caller would receive a different answer (or nothing) — everything relying on this result changes behavior.
Current Function
Why This Function Exists
Call Stack Leading Here
No known callers — safe to refactor
Variables Entering / Leaving Scope
Declared in block
Database Models Involved
API Endpoints Touched
Related Files
Data Flow Visualization
Recent Git Changes
Control Flow
Ln 3 · typescript · Return statement · return user;
Ends the current function immediately and hands the given value back to whoever called it. Nothing after this line in the function will run on this code path.
Models and endpoints above are the live sensors for this block.
IN/OUT and locals are derived from the enclosing function block.
Function and file git history listed above.
Compliance
Cryptographically signed architecture compliance receipts. Auditable proofs with deterministic evidence.
Verify receipts without network access. No third-party trust required.
No cloud. No telemetry. No API requests. Runs entirely on your machine.
Developer Workflow
Workspace scanning, rule validation, CI and pre-commit usage.
trinetra analyze --strictArchitecture validation, CI blocking, SARIF generation.
trinetra/action@v1Block violations before they enter your repository.
trinetra hook installGitHub Code Scanning compatible output. Offline execution.
trinetra analyze --sarif.trinetra/architecture.jsonLayer rules, forbidden imports, gateways
.trinetra/policy.jsonEnforcement mode, merge analysis, receipts
.trinetra/protections.jsonLocked files, protected directories
Protection System
Visual badges for locked, warning, and protected paths. Policy-driven scoring with threshold-aware verdicts.
New Service · Policy as Code
Redefining how software is built — and how AI agent coding works. Governed files, role-based permissions, and evidence-based verdicts instead of opaque pass/fail gates.
IAM for Code: only people with permission can modify protected code. Agents cannot delete or change governed files without authority.
.trinetra/architecture.jsonJSON{
"layers": ["domain", "application", "infra"],
"rules": [
{ "from": "application", "forbid": ["domain"], "except": ["ports/*"] }
]
}.trinetra/protections.jsonJSON{
"protected_paths": [
".trinetra/**",
"src/domain/**",
"architecture.json"
],
"locked_files": ["src/core/engine.ts"],
"iam": {
"require_approval_for": ["delete", "modify_protected"],
"roles": {
"staff-engineer": ["read", "modify_unprotected"],
"principal": ["read", "modify", "delete_with_receipt"]
}
},
"block_agent_delete": true,
"block_agent_modify_protected": true
}Requested operation
DELETE src/domain/user.entity.tsProtected path match: src/domain/** · IAM policy evaluated before execution
IAM policy — insufficient permissions for agent principal
Reason
Agent principal lacks delete permission on protected path. block_agent_delete is enforced.
Alternative
Signed compliance receipt required from a principal role holder — evidence attached, not opaque rejection.
Declarative architecture and protections in .trinetra/*.json — version-controlled, reviewable, and enforced at every touchpoint.
Role-based modify and delete permissions. Only principals with authority can change governed files — AI agents included.
Pre-generation and pre-delete validation. Agents cannot silently remove protected code or alter valuable configuration.
Not opaque pass/fail — every block carries evidence, policy reference, and a path to compliant resolution. Redefining the landscape of software development and agentic coding.
Developer Experience
REAL-TIME FEEDBACK
CLICKABLE EVIDENCE
HUMAN-READABLE EXPLANATIONS
TECHNICAL EXPLANATIONS
VISUAL DEPENDENCY CHAINS
NO WAITING FOR LLM RESPONSES
INSTANT ARCHITECTURE VALIDATION
Performance
Workspace-wide scanning with fast evaluation, low latency, and incremental updates.
Files stress-tested
Smoke tests passing
LLM calls in engine
Cursor debounce latency
Unique Selling Points
Prevents violations before code is generated
Deterministic — no AI in the core engine
Local-first with zero egress
Barrel re-export aware
Cross-language dependency analysis
Compositional merge checking
Live Workspace Inspector for VS Code/Cursor
Architecture-aware MCP server
Offline, cryptographically signed receipts
Interactive evidence-based explanations
Installation
No account. No API keys. Fully local.
npm install -g @trinetra/cli && trinetra inittrinetra init in your projectFAQ
No. The core engine is fully deterministic — static analysis, import graph resolution, and rule evaluation only.
TypeScript, JavaScript, and Python with cross-language dependency tracing in mixed monorepos.
Trinetra builds the import graph of the merged result before integration, detecting violations individual commits wouldn't surface.
Never. Zero egress, zero telemetry. All analysis runs locally on your machine.