Skip to main content
KRAIT

Analysis Plane

The evolution pipeline that transforms code proposals into validated, reviewable pull requests.

The Evolution Pipeline

The analysis plane sits between the mutable periphery and the immutable core. Its job is to take raw code proposals from the Brain and transform them into changes that are safe, tested, and ready for human review. No proposal reaches production without passing through every stage of this pipeline.

Proposal Intake

When the Brain emits an evolution proposal, it arrives as a structured Elixir term containing the proposed module source, a natural-language rationale, and metadata about the conversation that triggered it. The Evolution supervisor receives this term and spawns a dedicated pipeline process to shepherd it through validation.

Each pipeline process is isolated. If one proposal crashes during analysis, it does not affect other proposals in flight. OTP supervision ensures that transient failures are retried automatically.

Polyglot NIF Validation

The core of the analysis plane is the Rust NIF, which includes dedicated tree-sitter parsers for 6 languages: Elixir, Python, JavaScript, TypeScript, Go, and Rust. Each language has its own LanguageRules implementation that adapts the 7 KRAIT rules to that language's AST structure and dangerous patterns.

For example, KRAIT-001 (No Code Eval) checks Code.eval_string in Elixir, eval()/exec() in Python, eval()/new Function() in JavaScript, and reflect usage in Go. KRAIT-002 (No Shell Execution) catches System.cmd in Elixir, subprocess in Python, child_process in JavaScript, and os/exec in Go.

Running validation in a Rust NIF gives KRAIT two advantages: performance (AST analysis completes in microseconds, not milliseconds) and memory safety (the NIF cannot corrupt the BEAM VM even if it encounters malformed input). The NIF returns a structured result containing either a clean bill of health or a list of rule violations with line numbers and explanations.

Test Generation and Execution

Proposals that pass Narsil validation enter the test stage. KRAIT generates property-based tests using StreamData and runs them inside a FLAME-spawned Docker container. The tests exercise both the happy path and edge cases derived from the module's type specifications.

GitHub PR Gate

Validated and tested proposals are packaged into a Git branch and pushed as a GitHub pull request. The PR includes the proposed code, generated tests, Narsil's analysis report, and the original rationale from the Brain. CI runs independently, and a human reviewer makes the final merge decision. Only merged code is hot-reloaded into the running agent.