Neural Inverse is Open Source →
DocsChecks Manager

Checks Manager

The Checks Manager enforces compliance rules in real time as developers write code. Violations appear directly in the editor before code is committed - the same way a compiler surfaces syntax errors. Every violation is logged to the audit trail.

How It Works

Analysis runs in two layers simultaneously:

Static analysis - rules evaluated against AST and language server data on every file save. Runs offline, no LLM involved, sub-100ms latency.

AI reasoning - two-phase analysis for violations that require semantic understanding. Phase 1 comprehends the framework rules. Phase 2 evaluates the file against those contracts. Runs asynchronously in the background.

Both layers write to the same violation feed. Developers see a unified view in the editor gutter and in the Checks panel.

Built-in Compliance Frameworks

FrameworkDomain
MISRA C:2012 / 2023Embedded C safety
MISRA C++Embedded C++ safety
CERT CC secure coding
IEC 62304Medical device software
ISO 26262Automotive functional safety
IEC 61508Industrial safety-critical
DO-178CAerospace software
SOC 2 Trust Services Criteria v2.0Cloud service security
AUTOSARAutomotive software architecture
Neural Inverse Enterprise Security StandardNI proprietary baseline

Custom Frameworks

Organisations can define their own compliance frameworks in .inverse/frameworks/. Each framework is a JSON document following the framework schema:

{
  "id": "acme-security-v1",
  "name": "ACME Internal Security Standard v1",
  "version": "1.0.0",
  "rules": [
    {
      "id": "ACME-001",
      "domain": "security",
      "severity": "error",
      "description": "API keys must not appear in source files",
      "pattern": "hardcoded-secret",
      "mustPreserve": true
    }
  ]
}

Custom frameworks appear in the Checks Manager alongside built-in frameworks. Rules from custom frameworks are evaluated by the same static and AI analysis pipeline.

Violation Severity

SeverityBehavior
ErrorShown in editor gutter as error. Can be configured as blocking.
WarningShown in editor gutter as warning. Non-blocking by default.
InfoInformational note. Never blocking.

Blocking Violations

A violation marked as blocking prevents the code from being committed until it is resolved or explicitly overridden with a documented justification. Override requires a compliance officer role or explicit IAM permission.

Configure blocking in the Console under Manage > Checks > Blocking Rules.

Domains

Violations are categorised by domain:

  • Security - authentication, authorisation, cryptography, injection
  • Compliance - regulatory rule violations specific to the active framework
  • Confidentiality - data handling, PII exposure, access control
  • Policy - org-level policy violations
  • Architecture - structural and dependency violations
  • Reliability - error handling, resource management

Cross-File Impact

For each violation, the Checks panel shows which downstream files are affected via the import dependency graph. This is built from the _importedBy map maintained by the language server.

A violation in a shared utility function can cascade - the impact chain shows every file that transitively imports the affected module.

Project Configuration

Assign frameworks to projects in the Console or via .inverse/config.json:

{
  "checks": {
    "frameworks": ["misra-c-2023", "iec-62304", "acme-security-v1"],
    "blocking": ["misra-c-2023/error", "iec-62304/error"],
    "ignorePatterns": []
  }
}

Ignore Rules

Violations can be suppressed at two levels:

Fully ignore - violation is not shown and not logged.

Context-only - violation is excluded from blocking and from the violation feed, but is included as context in AI analysis. The AI agent is aware the pattern exists without surfacing it to the developer.

Suppressions require a justification and are logged in the audit trail with the approving user's identity and timestamp.

External Tool Integration

The Checks Manager can incorporate results from external scanners into the same violation feed:

  • ESLint / Pylint
  • SonarQube
  • CodeQL
  • Semgrep
  • Polyspace
  • MATLAB Static Analysis

Configure integrations in the Console under Manage > Checks > External Tools. External findings appear alongside native violations in the editor gutter and in the Checks panel. All findings - native and external - are written to the audit trail.

Checks Agent

The Checks Agent is a terminal-style interface for querying violation data programmatically. Open it with Cmd+Shift+C.

Available tools: get_violations, get_domain_summary, get_rule_details, get_blocking_violations, get_impact_chain, explain_violation, get_framework_rules, get_external_tool_status, run_workspace_scan, draft_rule.

AI coding agents can also call the Checks Agent programmatically via @IChecksAgentService to query violations and domain summaries during autonomous development tasks.


Was this page helpful?

Last edited