Checks Manager
The Checks Manager enforces compliance rules in real time as developers write code. Violations appear directly in the editor before code is committed - the same way a compiler surfaces syntax errors. Every violation is logged to the audit trail.
How It Works
Analysis runs in two layers simultaneously:
Static analysis - rules evaluated against AST and language server data on every file save. Runs offline, no LLM involved, sub-100ms latency.
AI reasoning - two-phase analysis for violations that require semantic understanding. Phase 1 comprehends the framework rules. Phase 2 evaluates the file against those contracts. Runs asynchronously in the background.
Both layers write to the same violation feed. Developers see a unified view in the editor gutter and in the Checks panel.
Built-in Compliance Frameworks
| Framework | Domain |
|---|---|
| MISRA C:2012 / 2023 | Embedded C safety |
| MISRA C++ | Embedded C++ safety |
| CERT C | C secure coding |
| IEC 62304 | Medical device software |
| ISO 26262 | Automotive functional safety |
| IEC 61508 | Industrial safety-critical |
| DO-178C | Aerospace software |
| SOC 2 Trust Services Criteria v2.0 | Cloud service security |
| AUTOSAR | Automotive software architecture |
| Neural Inverse Enterprise Security Standard | NI proprietary baseline |
Custom Frameworks
Organisations can define their own compliance frameworks in .inverse/frameworks/. Each framework is a JSON document following the framework schema:
{
"id": "acme-security-v1",
"name": "ACME Internal Security Standard v1",
"version": "1.0.0",
"rules": [
{
"id": "ACME-001",
"domain": "security",
"severity": "error",
"description": "API keys must not appear in source files",
"pattern": "hardcoded-secret",
"mustPreserve": true
}
]
}Custom frameworks appear in the Checks Manager alongside built-in frameworks. Rules from custom frameworks are evaluated by the same static and AI analysis pipeline.
Violation Severity
| Severity | Behavior |
|---|---|
| Error | Shown in editor gutter as error. Can be configured as blocking. |
| Warning | Shown in editor gutter as warning. Non-blocking by default. |
| Info | Informational note. Never blocking. |
Blocking Violations
A violation marked as blocking prevents the code from being committed until it is resolved or explicitly overridden with a documented justification. Override requires a compliance officer role or explicit IAM permission.
Configure blocking in the Console under Manage > Checks > Blocking Rules.
Domains
Violations are categorised by domain:
- Security - authentication, authorisation, cryptography, injection
- Compliance - regulatory rule violations specific to the active framework
- Confidentiality - data handling, PII exposure, access control
- Policy - org-level policy violations
- Architecture - structural and dependency violations
- Reliability - error handling, resource management
Cross-File Impact
For each violation, the Checks panel shows which downstream files are affected via the import dependency graph. This is built from the _importedBy map maintained by the language server.
A violation in a shared utility function can cascade - the impact chain shows every file that transitively imports the affected module.
Project Configuration
Assign frameworks to projects in the Console or via .inverse/config.json:
{
"checks": {
"frameworks": ["misra-c-2023", "iec-62304", "acme-security-v1"],
"blocking": ["misra-c-2023/error", "iec-62304/error"],
"ignorePatterns": []
}
}Ignore Rules
Violations can be suppressed at two levels:
Fully ignore - violation is not shown and not logged.
Context-only - violation is excluded from blocking and from the violation feed, but is included as context in AI analysis. The AI agent is aware the pattern exists without surfacing it to the developer.
Suppressions require a justification and are logged in the audit trail with the approving user's identity and timestamp.
External Tool Integration
The Checks Manager can incorporate results from external scanners into the same violation feed:
- ESLint / Pylint
- SonarQube
- CodeQL
- Semgrep
- Polyspace
- MATLAB Static Analysis
Configure integrations in the Console under Manage > Checks > External Tools. External findings appear alongside native violations in the editor gutter and in the Checks panel. All findings - native and external - are written to the audit trail.
Checks Agent
The Checks Agent is a terminal-style interface for querying violation data programmatically. Open it with Cmd+Shift+C.
Available tools: get_violations, get_domain_summary, get_rule_details, get_blocking_violations, get_impact_chain, explain_violation, get_framework_rules, get_external_tool_status, run_workspace_scan, draft_rule.
AI coding agents can also call the Checks Agent programmatically via @IChecksAgentService to query violations and domain summaries during autonomous development tasks.
Last edited