Safety-first guardian layer that controls LLM code-fixing agents.
OpenCode writes fixes. CT analyzes, reviews, blocks danger, requires human approval, and learns from every run.
OpenCode, Codex, and Claude Code are brilliant at generating code. But they have zero safety guarantees. They can output DROP TABLE, eval(user_input), or rm -rf / β and nothing stops them.
Coding Tentacle sits in front of any LLM fix engine and acts as a guardian.
| π‘οΈ Safety VETO | Blocks dangerous patterns (SQL injection, eval, shell commands) β before execution. Base64 and HTML-encoded payloads are decoded and caught. |
| π SkepticBrain | Adversarial review of every fix. "Why could this be wrong?" Risk score, objections, recommendation. |
| π§ Self-Learning | BLM stores every bug experience. EngineLearning calibrates trust per engine + bug type. Later runs get better context. |
| π Engine Router | Routes bugs to the best engine. OpenCode primary. Ollama fallback. Codex (API key needed). Bug-type-specific trust routing. |
| π€ Human Approval | Every fix requires human APPROVE/REJECT/REQUEST_CHANGES. Safety VETO can NEVER be overridden β even by humans. |
| π Impact Analysis | Predicts which files, tests, skills, and procedures are affected by a change. Risk score before approval. |
βββββββββββββββββββββββββββ
β Coding Tentacle β
β βββββββββββββββββββββ β
Bug Report βββββββΊβ β Safety VETO π‘οΈ β β
β β SkepticBrain π β β
β β Engine Router π β β
β β Trust Calibration β β
β β Learning Loop π§ β β
β βββββββββ¬ββββββββββββ β
β β β
β APPROVE / REJECT β
β / REQUEST_CHANGES β
ββββββββββββββ¬βββββββββββββ
β
ββββββββββββββΌβββββββββββββ
β Fix Engines β
β ββββββββ ββββββββββββ β
β βOpenCodeβ β Ollama β β
β ββββββββ ββββββββββββ β
βββββββββββββββββββββββββββ
git clone https://github.com/nessos666/coding-tentacle.git
cd coding-tentacle
# Verify everything works
python3 scripts/full_regression.py
# β β
RC2 ALL TESTS PASSED
# Analyze a bug with full pipeline
python3 -c "
from coding_tentacle.orchestrator.shadow_mode import ShadowModeRunner, GitHubIssueRun
from coding_tentacle.orchestrator.metabrain import MetaBrain, SafetyBrain
from coding_tentacle.safety.inhibitory_control import InhibitoryControl
from coding_tentacle.knowledge.security_store import create_seed_security_store
from coding_tentacle.orchestrator.engine_router import EngineRouter
from coding_tentacle.orchestrator.skeptic_brain import SkepticBrain
from coding_tentacle.safety.approval_gate import ApprovalGate
sec = create_seed_security_store()
ic = InhibitoryControl(security_store=sec)
safety = SafetyBrain(ic=ic, security_store=sec)
mb = MetaBrain(safety=safety)
er = EngineRouter(); er.check_health()
sb = SkepticBrain(); ag = ApprovalGate()
runner = ShadowModeRunner(meta_brain=mb, engine_router=er,
approval_gate=ag, skeptic_brain=sb,
safety_brain=safety)
r = runner.analyze_issue(GitHubIssueRun(
'https://github.com/user/repo', '#1',
'NullPointer in views.py',
'NoneType has no attribute at line 42'))
print(f'Bug Type: {r.detected_bug_type}')
print(f'Engine: {r.engine_used}')
print(f'Safety: {\"BLOCKED\" if r.safety_events else \"OK\"}')
print(f'Skeptic: risk={r.skeptic_risk:.2f} {r.skeptic_recommendation}')
print(f'Approval: {r.approval_status}')
print(f'BLM: {\"Learned\" if r.blm_written else \"Error: \" + r.blm_error}')
"| CT mit | Ergebnis |
|---|---|
| CT + OpenCode | β Empfohlen. OpenCode (deepseek-v4-pro) erzeugt Fix. CT prΓΌft + lernt. |
| CT + Claude Code | β Top-tier. Claude Code (2.1.86) β alternativ zu OpenCode. |
| CT + Ollama | π΅ Fallback. granite3.2-vision lokal. Langsamer, offline-fΓ€hig. |
| CT + Codex | |
| CT alleine | β Klassifiziert Bugs, erzeugt Template-Fixes (keine echte Reparatur). |
1. Bug β CT klassifiziert (18 Typen)
2. Safety check: DROP TABLE? eval()? β BLOCK
3. EngineRouter wΓ€hlt OpenCode/Ollama
4. Engine erzeugt echten Code-Diff
5. CT scannt Diff auf Gefahren (Base64/HTML-decodiert)
6. SkepticBrain: "Warum kΓΆnnte das falsch sein?"
7. Sandbox testet isoliert (Originale UNVERΓNDERT)
8. HumanApprovalGate: APPROVE/REJECT/REQUEST_CHANGES
9. BLM speichert, EngineLearning kalibriert Vertrauen
10. NΓ€chster Bug bekommt Γ€hnliche Erfahrungen im Prompt
GitHub Issue
β
βΌ
βββββββββββββββ
β Classifier β 18 bug types, 100% accuracy
ββββββββ¬βββββββ
βΌ
βββββββββββββββ
β SafetyBrain β VETO: DROP TABLE, eval(), system() β BLOCKED
ββββββββ¬βββββββ
βΌ
βββββββββββββββ
β EngineRouter β OpenCode primary, Ollama fallback
ββββββββ¬βββββββ
βΌ
βββββββββββββββ
β Fix Engine β Generates real code diff
ββββββββ¬βββββββ
βΌ
βββββββββββββββ
β Safety scan β Scans engine output for dangerous patterns
ββββββββ¬βββββββ
βΌ
βββββββββββββββ
β SkepticBrain β "Why could this fix be WRONG?"
ββββββββ¬βββββββ
βΌ
βββββββββββββββ
β Sandbox β Isolated test. Original files NEVER touched.
ββββββββ¬βββββββ
βΌ
βββββββββββββββ
β ApprovalGate β APPROVE / REJECT / REQUEST_CHANGES
ββββββββ¬βββββββ
βΌ
βββββββββββββββ
β BLM + Trust β Store experience + update engine trust
βββββββββββββββ
| Feature | CT | Codex | Devin | Claude Code | OpenHands |
|---|---|---|---|---|---|
| Safety VETO | β | β | β | β | β |
| SkepticBrain | β | β | β | β | β |
| Bayesian Trust | β | β | β | β | β |
| Human Approval | β | β | |||
| Self-Learning | β | β | β | β | β |
| Bug Classification | β | β | β | β | β |
| Engine Router | β | β | β | β | |
| Impact Analysis | β | β | β | β | β |
| Open Source | β | β | β | β | β |
| Cost/Task | $0 | $12 | $500/mo | $20 | $0 |
| SWE-bench | N/A | 88.7% | 87% | 95.5% | 65% |
CT is not a competitor. CT is the safety layer that controls them.
- β Not a replacement for Codex, Devin, or Claude Code
- β Not an autonomous bug fixer (requires OpenCode/Ollama for code generation)
- β Not production-ready (Research / Shadow Release)
- β Safety-first guardian that controls LLM fix engines
- β Self-learning bug analysis system
- β The only agent with Safety VETO + SkepticBrain + Bayesian Trust
- β 100% open source, zero API costs
- Python 3.10+
- OpenCode CLI (
opencode) β for actual code fixing - Ollama + granite3.2-vision β for local fallback
- No API keys required
- Found a bug? Open an issue
- Want to contribute? CONTRIBUTING.md
- Security concern? SECURITY.md
MIT β free, open source, no restrictions.
Built by David + Hermes. June 2026. π¦
