Commands How It Works Pricing Docs Case Study GitHub Sandbox
$ security scanner for ai-generated code

ratchet_

Detect. Fix. Ship. The local-first code quality CLI that finds AI-generated security and quality issues, then auto-resolves the ones it can safely prove.

StyleSecurityPerformanceArchitectureComplexityAI review
Try sandbox →
your code stays local · AI features are opt-in BYOK · no telemetry
~/acme-app — zsh
dev@~/acme-app $ ratchet scan --deep
scanning 847 files across 12 directories
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✓ CRITICAL: 0
✓ HIGH: 2 auto-resolved during scan
⚡ MEDIUM: 3 suggestions
  UserProfile.tsx:32 ┆ Add memoization
  data-service.ts:67 ┆ Batch API calls
  utils/logger.ts:12 ┆ Use structured logging
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⏱ completed in 2.3s · 847 files analyzed
★ QUALITY SCORE: 94/100 — EXCELLENT
dev@~/acme-app $
$ core commands
ratchet scan

Deep Analysis

Multi-pass scan — style, security, performance, architecture. Catches issues before prod.

ratchet improve

Auto-Fix

Not just detection — Ratchet applies fixes. One command resolves dozens of issues.

ratchet torque

Complexity Metrics

Measure cyclomatic complexity, coupling depth, cohesion. Track architectural drift.

ratchet vision

AI Review

Contextual suggestions powered by LLMs. Understands your architecture, not just syntax.

ratchet badge

Quality Badge

Embeddable score badges for your README. Show your team ships clean code.

ratchet ci

CI/CD Gates

Quality thresholds on every PR. Block merges that drop scores. Auto-approve when clean.

$ how it works
01

Install & Init

npm install -g ratchet-run then ratchet init. Zero config.

02

Scan & Review

ratchet scan analyzes your codebase in seconds. Severity-ranked issues.

03

Fix & Ship

ratchet improve auto-resolves. You handle the rest. Ship confident.

$ by the numbers
0
GitHub stars
9
weekly npm installs
6
scan dimensions
$ fully open source & private

MIT Licensed

Fully open source core. Fork it, extend it, ship it.

Founder-built by kcemate

Built in public as a focused developer tool, not a borrowed wrapper pitch.

Zero Telemetry

Runs 100% locally. No phone-home, no analytics, no tracking.

Your Code Stays Local

Normal scans run locally. AI-powered deep scans are opt-in and send scoped snippets only to the model provider you configure.

Self-Hosted Enterprise

Run it on your own infrastructure. Full control, full audit trail.

BYOK AI Review

Bring your own API key for deep analysis and fixes. No Ratchet server sees your repository.

View full source on GitHub → Security model →
$ quickstart
~/new-project — zsh
you@~/new-project $ npm install -g ratchet-run
you@~/new-project $ ratchet init
  ✓ detected: TypeScript, React, Node.js
  ✓ created .ratchet.yml
you@~/new-project $ ratchet scan
  ★ score: 72/100 — 14 issues found
you@~/new-project $ ratchet improve
  ✓ fixed 11/14 · score: 91/100
you@~/new-project $
Works with TypeScript, JavaScript, Python, Go, Rust, and more.
$ pricing
$0
Free
  • All 6 scan dimensions
  • Deterministic AST auto-fixes
  • Local-first, zero telemetry
  • CI/CD quality gates
  • MIT licensed forever
Get Started
Pro
Teams & power users
  • AI-powered fixes with BYOK
  • Deep security analysis
  • Scan + fix GitHub Action
  • Private rule packs
  • Slack/GitHub integration, SSO, audit log
Try Sandbox →
$ visual proof

GitHub PR comment

Ratchet: 91/100 (+14)
✓ security: no criticals
✓ fixed 7 safe issues
→ 3 suggestions left

README badge

ratchet score: 91/100

Security clean · complexity trending down · no telemetry.

Score trend

72 → 84 → 91

$ ship safer AI code

Security scanner for AI-generated code. Local by default, BYOK when you want AI help.

Try sandbox →
no signup · no config · works out of the box
Built by kcemate · MIT core · 0 GitHub stars · 9 npm installs last week