Skip to main content
Stelnyx

Engineering intelligence · Local-first · Deterministic

The Carfax for code.

AI shipped your codebase. We tell you what's actually inside — before your acquirer, investor, or new hire finds out. We ran LuxScope against express-pin — score 85/100, 7 findings across 51 risk files, plus 10 deterministic handoff docs. View the report →

View sample report

Everything we build, shipped publicly.

Infrastructure tools built for engineers. MIT where open, proprietary where not.

Intelligence. Delivered as a session.

LuxScope reads your codebase deterministically and ships a scored report a senior engineer walks you through — one hour, nothing leaves your machine.

Codebase IntelApache-2.0

LuxScope

Know what breaks before you change it.

Know which files will break before you touch them. Identify the tech debt due-diligence will surface — before the investor does. Give a new hire a working mental model in one report instead of two weeks of context-gathering. Audit AI-generated code you didn't write and can't fully vouch for. LuxScope reads your codebase deterministically — no LLMs, no cloud, runs on your machine.

Sample: 85/100 · 51 risk files · 7 findings · 10 handoff docs (express-pin)

View sample report →

Also free for engineering teams.

Two MIT-licensed CLIs we maintain alongside LuxScope. One command, no account, same scoring discipline — built for engineers who already own the codebase, not for buyers commissioning a review.

SecurityMIT · free · zero config

SecGate

One command. One report. One exit code.

$ npx @stelnyx/secgate

Runs Semgrep, Gitleaks, osv-scanner, Trivy, and npm audit in one command. Normalizes findings into one report and fails the pipeline on CRITICAL or HIGH. Aggregation is deterministic — same inputs produce a JSON-byte-identical report every run, locked by determinism + golden snapshot tests.

Sample: FAIL · 43 findings · risk 365 · 5 scanners (express-pin)

View sample report →
API SurfaceMIT · free · zero config

ApiGate

Every endpoint. Scored. One command.

$ npx @stelnyx/apigate .

Inventories every HTTP endpoint across Express, Fastify, NestJS, and OpenAPI specs. Classifies auth posture, diffs code vs spec, fails the pipeline on open writes. 100% static — no HTTP, no credentials, no running server. Same inputs → byte-identical report.

Sample: FAIL · 50/100 · 68 endpoints · 68 open · 0 auth-drift (express-pin)

View sample report →
Score is the headline. Report ships findings, fix order, ETAs.View sample report →
Score is the headline. Report ships findings, fix order, ETAs.View sample report →

Contact us

Drop us a line — we read everything and reply within a day.