I built LucidShark: a local-first, open-source CLI tool that acts as a quality & security pipeline. It can be used to increase the confidence in AI-generated (or AI-assisted) code.
- Config lives as code in version-controlled lucidshark.yml
- 100% local; no cloud, no SaaS
- Runs 10 quality domains automatically: linting, formatting, type checking, SAST/security scanning, SCA/dependency checks, IaC validation, container scanning, unit tests, coverage thresholds, code duplication, etc.
- Produces a QUALITY.md dashboard with health scores (e.g. 9.1/10), trends, and issue lists that you can commit to git
PM_ME_YOUR_CAT•44m ago
The frustrating part: the feedback loop is terrible. You write code with Claude Code or Cursor, commit, push, wait for CI to run... and only then find out you have a hardcoded secret or a vulnerable package. By that point you've already context-switched.
LucidShark runs the same checks locally; linting, SAST, SCA, dependency scanning - before anything hits your pipeline. It's a pre-commit gate that speaks the same language as your CI, just faster and offline.
Happy to answer any questions about how it works or the design decisions behind keeping it fully local with no cloud dependency.