Drift-failing validators
Overlay-drift, contract-manifest, task-shape, and hook-guardrail checks that exit non-zero the moment policy drifts. Wire them into CI and the build breaks on violation.
Open source · MIT · Node 20+
Make every agent session
deterministic and consistent.
Structor generates a versioned, enforceable policy layer that governs every repo in your workspace — so Codex and Claude Code produce the same shape of work across sessions, models, and contributors. Mechanical validators fail the build the moment that policy drifts.
A generator, not a runtime — no agents run, no sessions polled, no telemetry, and no network calls while it works.
$ node scripts/check-overlay-drift.mjs
checking model overlays against canonical policy…
✓ ai/model-overlays/openai/AGENTS.md
✗ ai/model-overlays/anthropic/CLAUDE.md
expected hash a91f…7c20
found hash e4d2…11bf
overlay edited by hand — policy drifted
FAIL overlay drift detected
$ echo $?
1▋The wedge
Most tools stop at organizing prompts.
Structor enforces them.
Reliable agentic engineering needs context architecture plus mechanical enforcement. The generated harness ships with checks that fail the build when the rules and the code fall out of sync.
Self-verifying generated code
Every generated validator carries a hash of its own rendered source. The harness refuses to run a check that has been hand-edited — no silently trusting drifted policy.
Hard safety boundaries
Symlink-resolving path safety, traversal and .git rejection, and injection-as-data rendering — a hostile project.name is escaped, never executed. All backed by adversarial tests.
Harness ≠ runner, enforced
Codex hooks are scanned for banned mutation tokens before they are imported. The boundary between shaping work and executing it is mechanical, not a promise in a README.
What it generates
Not files in your repo — a harness repo beside it.
structor init doesn't touch your code. It generates a dedicated harness
repo next to your repos in the workspace, then bootstraps each one with a thin pointer
into it. One enforceable policy layer, shared by every repo — all plain files you can
read, diff, and review in a normal PR.
-
<repo>-structor/A dedicated harness repo generated beside your code. It owns policy and validation, never product behavior. -
ai/HUB.mdA routing hub so an agent started in any repo can discover the whole product. -
ai/contracts/*Versioned cross-repo contracts for products that span multiple repositories. -
ai/model-overlays/*Thin Codex and Claude Code overlays that route back to one canonical policy. -
scripts/*.mjsDrift-failing validators — governance, overlay-drift, contract-manifest, workspace. -
AGENTS.md · CLAUDE.mdThin pointer files bootstrapped into the workspace and each consumer repo. Your code stays untouched.
See it run
One product, two repos, one harness.
Watch Structor generate a harness across separate frontend and backend repos — then watch an agent started in one repo discover the whole product through the hub.
Demo video coming soon Loom embed goes here
What's working
npm
Published
@structor-dev/cli ships on npm, MIT-licensed, Node 20+.
3
Commands
init, generate, and doctor — all implemented and tested.
3×
Smoke suite
Generates disposable harnesses for OpenAI-only, Anthropic-only, and combined setups, then bootstraps and validates each.
⚔
Adversarial tests
Exploit-shaped regression tests for symlinks, traversal, and template injection.
Try it
One command. No account, no daemon, no telemetry.
npx @structor-dev/cli initImportant: Run it from the workspace folder that contains your repos.
The honest gaps
- Pre-1.0, single-maintainer, experimental.
- No external users on real codebases yet. The next milestone is real world exposure.
- Documentation is a work in progress. The next milestone is a comprehensive guide.
- The wizard needs more polish. The next milestone is a more user-friendly experience.
Kick the tires and tell me what breaks.