Attune auto-detects your framework, knows what patterns to check, and gives you actionable findings. Outputs in terminal, JSON, Markdown, HTML, and SARIF to be read by anyone or plugged into just about anything you want.
Why local? If I'm already leaving out AI then there's no need for the extra overhead. No API keys, no cloud accounts, no code sent anywhere. Just a CLI that runs on your machine, works offline, and respects your privacy.
What It Catches: - Security: Hardcoded secrets, SQL injection, command injection, auth issues
- Performance: Memory leaks, N+1 queries, bundle bloat
- Error Handling: Missing try-catch, unhandled promises
- Architecture: MVC violations, state management issues
- Accessibility: WCAG compliance
- Framework-Specific: Most common Node/TS frameworks, planning Python support for 1.0.0
npm install -D attune or npx attune analyze .
Will be in mcp, vscode, and github actions as soon as I figure those out.
Lots more in the Readme.
Would love feedback!