Show HN: LucidShark - Quality pipeline for AI coding agents

[PM_ME_YOUR_CAT]

Hi HN,

I built LucidShark: a local-first, open-source CLI tool that acts as a quality & security pipeline. It can be used to increase the confidence in AI-generated (or AI-assisted) code.

- Config lives as code in version-controlled lucidshark.yml

- 100% local; no cloud, no SaaS

- Runs 10 quality domains automatically: linting, formatting, type checking, SAST/security scanning, SCA/dependency checks, IaC validation, container scanning, unit tests, coverage thresholds, code duplication, etc.

- Produces a QUALITY.md dashboard with health scores (e.g. 9.1/10), trends, and issue lists that you can commit to git

[sabahattink]

Interesting approach. I've been working on something similar but framework-aware — for NestJS projects specifically, scanning decorators via AST to catch missing auth guards, untyped DTOs, and missing Swagger docs. The hardcoded secret detection is a must-have, agreed. What's your false positive rate on the secret scanning? I found regex-based patterns flag test fixtures pretty aggressively.

[PM_ME_YOUR_CAT]

I built LucidShark after getting burned too many times by AI-generated code that looked fine locally but failed CI with security issues or broken dependencies.

The frustrating part: the feedback loop is terrible. You write code with Claude Code or Cursor, commit, push, wait for CI to run... and only then find out you have a hardcoded secret or a vulnerable package. By that point you've already context-switched.

LucidShark runs the same checks locally; linting, SAST, SCA, dependency scanning - before anything hits your pipeline. It's a pre-commit gate that speaks the same language as your CI, just faster and offline.

Happy to answer any questions about how it works or the design decisions behind keeping it fully local with no cloud dependency.