Getting Started

What is SyntaxValid?

SyntaxValid is the Trust Layer for AI-Generated Code. It validates AI-generated code before it ships to production, combining static analysis, LLM reasoning, and supply chain checks into a single TrustScore (0-100).

With Policy-as-Code, automated PR gates, and multi-engine analysis, SyntaxValid stops insecure or low-quality AI code from reaching production.

Install CLI

npm install -g @syntaxvalid/cli

Or use npx to run without installation: npx @syntaxvalid/cli check

Run your first check

1. Authenticate

syntaxvalid login

This will open your browser to authenticate with SyntaxValid. You can also get an API token from your dashboard.

2. Initialize a project

syntaxvalid init

This creates a .syntaxvalid/ directory with a default policy.yaml file.

3. Run analysis

syntaxvalid check

Analyzes your codebase and outputs a TrustScore. Results are saved to .syntaxvalid/report.json and .syntaxvalid/report.sarif.

Read the TrustScore output

TrustScore is a composite score (0-100) that combines:

Static Analysis (0-100): Security and quality rules from Semgrep, ESLint, Bandit
LLM Reasoning (0-100): AI-powered analysis of code context and intent
Supply Chain (0-100): Dependency vulnerabilities and license compliance

A TrustScore of 80+ typically means the code is safe to merge. Scores below 60 indicate significant issues that should be addressed before production.

Local vs cloud analyses

Local Analysis

Runs entirely on your machine. Fast (3-5 seconds), private, and works offline. Perfect for IDE plugins and pre-commit hooks.

Use when: Quick feedback during development, sensitive codebases, or offline workflows.

Cloud Analysis

Runs on SyntaxValid servers with full LLM reasoning and historical trend analysis. Results are stored and accessible via dashboard.

Use when: CI/CD pipelines, PR gates, team collaboration, or when you need deep AI analysis.