Skip to main content

Kraimind by Kraionyx AI — AI-native dependency intelligence for developers

Project description

Kraimind

by Kraionyx AI

AI-native dependency intelligence for developers. Understand. Optimize. Trust.

Kraimind helps you audit, understand, and optimize your Python project's dependencies using rule-based intelligence, real CVE data, and optional AI insights.

Existing tools ask: "Is this package vulnerable?"
Kraimind asks:
  • Should I use this package?
  • Is there a better alternative?
  • Which dependencies are unused?
  • Which packages might be abandoned?
  • What CVEs affect this version?

What Kraimind Does (v0.2.0)

Feature Description
🧹 Unused dependency detection AST-scans your code, compares to declared deps, finds dead weight
🛡️ Trust scoring (0-100) Transparent, rule-based score from GitHub + PyPI + CVE signals
🚨 Real CVE scanning Live OSV.dev queries — actual vulnerabilities, not hand-curated lists
💡 Migration alternatives Curated database of better/modern replacements (e.g. requestshttpx)
⚖️ Side-by-side comparison kraimind compare requests httpx
📦 Lockfile support poetry.lock, Pipfile.lock, uv.lock for accurate analysis
Async parallel fetching 5-10x faster than sequential — 10 concurrent connections
📊 JSON output --format json for CI/CD pipelines
🤖 Optional AI insights OpenAI / Groq / Gemini / local Ollama — graceful fallback
💾 24h local cache Network-friendly, instant repeat runs

Installation

pip install kraimind

With optional AI support

pip install "kraimind[ai]"

Quick Start

# Verify installation
kraimind hello

# Analyze your project
kraimind analyze

# Inspect a specific package (with CVEs + alternatives)
kraimind explain requests

# Compare two packages side-by-side
kraimind compare requests httpx

# Full health report
kraimind doctor

# Cache management
kraimind cache info
kraimind cache clear

Commands

kraimind analyze [PATH]

Detects unused deps, fetches real CVE data, suggests migrations.

kraimind analyze                            # current dir
kraimind analyze ./my-project               # specific path
kraimind analyze --format json              # CI-friendly output
kraimind analyze --concurrency 20           # parallel API calls
kraimind analyze --no-ai                    # skip AI insights

kraimind explain <PACKAGE>

Detailed package report — trust score, GitHub stats, CVEs, alternatives, AI insight.

kraimind explain requests
kraimind explain nose                  # shows ⛔ deprecated warning
kraimind explain tensorflow --no-ai

kraimind compare <PKG_A> <PKG_B>

Side-by-side comparison: trust, stars, license, size, CVE counts.

kraimind compare requests httpx
kraimind compare flask fastapi
kraimind compare a b --format json

kraimind doctor [PATH]

Aggregate health summary: total deps, unused count, average trust score, risk distribution.

kraimind doctor
kraimind doctor ./another-project --format json

kraimind cache <SUBCOMMAND>

kraimind cache info          # show entries, size, location
kraimind cache clear         # delete all cached responses
kraimind cache clear --yes   # skip confirmation

kraimind share [PATH]

Out of Claude Code credits mid-task? Bundle your codebase into a single link any browsing-capable web AI can read — Claude.ai, ChatGPT (with browsing), Gemini, Perplexity. Paste the URL, then keep iterating without re-explaining the whole project.

kraimind share                   # → public URL, expires in 24h
kraimind share --full            # include lockfiles, larger bundle
kraimind share --file            # write kraimind-bundle.md locally instead
kraimind share --ttl 1           # link expires in 1 hour

Smart mode (default) packs the README, manifests, entry points, and the most recently-modified source files into a ~150 KB markdown bundle that fits in any AI's fetch limits.

Always excluded: .env* (except .env.example), *.key, *.pem, id_rsa*, anything matching *secret*/*credential*, plus the usual .venv/, node_modules/, build artifacts. Add a .kraimindignore (gitignore syntax) to exclude more.

If the share endpoint is unreachable or rate-limited, the CLI auto-falls back to writing the bundle locally so you always get something.


Trust Score Algorithm

Every package gets a transparent, auditable 0-100 trust score:

Signal Impact
Stars > 10k +15
Stars 1k-10k +15
Stars 100-1k +10
Stars < 50 -10
Last commit < 90 days +15
Last commit < 365 days +5
Last commit > 365 days -20
Forks > 1k +5
Open issues < 50 +5
Open issues > 500 -15
Security policy enabled +10
Repository archived -25
Critical CVE -25
High-severity CVE -15
Medium-severity CVE -8
Low-severity CVE -3
5+ CVEs extra -5
Published on PyPI +5

Score labels

Score Label
90-100 Excellent
75-89 Good
60-74 Acceptable
40-59 Caution
0-39 High Risk

Migration Alternatives

Kraimind ships with a curated alternatives database. Examples:

Package Suggestion Effort
nose pytest low
requests httpx (sync + async) low
simplejson stdlib json or orjson low
mock stdlib unittest.mock low
tensorflow pytorch / jax high
marshmallow pydantic v2 medium
argparse typer / click medium

Run kraimind explain <pkg> to see full migration guidance.


AI Insights (Optional)

Kraimind works great without any API key. AI is a progressive enhancement.

Local AI (private, offline after setup)

ollama pull llama3.2
export KRAIMIND_LOCAL_AI=1
kraimind explain requests

Cloud AI (any of these)

export OPENAI_API_KEY=sk-proj-...
export GROQ_API_KEY=gsk_...
export GEMINI_API_KEY=...

Kraimind tries them in order: local Ollama → OpenAI → Groq → Gemini → rule-based fallback.


JSON Output (CI/CD)

kraimind analyze --format json | jq '.summary'
# {
#   "total_dependencies": 42,
#   "unused_count": 3,
#   "average_trust_score": 84.7
# }

kraimind doctor --format json | jq '.health.total_vulnerabilities'
# 0

Perfect for failing CI builds when CVE counts spike or trust drops.


Caching

Kraimind caches GitHub, PyPI, and OSV.dev responses in ~/.kraimind/cache/:

  • 24h TTL for GitHub/PyPI
  • 12h TTL for OSV (security data refreshes faster)
  • Inspect via kraimind cache info
  • Clear via kraimind cache clear

Development

git clone https://github.com/kraimind/kraimind
cd kraimind

python -m venv .venv
.venv\Scripts\activate    # Windows
# source .venv/bin/activate   # macOS/Linux

pip install -e ".[ai,dev]"

pytest tests/ -v          # 84 tests
kraimind hello
kraimind analyze examples/sample-python-project

Architecture

src/kraimind/
├── cli.py                 # Typer entrypoint (hello/analyze/explain/compare/doctor/cache)
├── async_clients.py       # asyncio.gather parallel API fetcher
├── github.py              # sync GitHub client + URL slug extractor
├── pypi.py                # sync PyPI client
├── vulnerability.py       # OSV.dev CVE scanner
├── alternatives.py        # curated migration database
├── trust.py               # 0-100 rule-based scorer
├── parser/
│   ├── requirements.py    # requirements.txt
│   ├── pyproject.py       # PEP 621 + Poetry
│   ├── package_json.py    # Node.js
│   ├── lockfile.py        # poetry.lock, Pipfile.lock, uv.lock
│   └── ast_scanner.py     # AST import scanner
├── ai/
│   ├── explainer.py       # provider orchestrator
│   ├── local_llm.py       # Ollama
│   └── cloud_llm.py       # OpenAI / Groq / Gemini
└── utils/
    ├── cache.py           # filesystem cache
    ├── formatting.py      # Rich panels, tables, score bars
    └── mappings.py        # import → package canonical names

License

MIT — see LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

kraimind-0.2.1.tar.gz (99.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

kraimind-0.2.1-py3-none-any.whl (93.0 kB view details)

Uploaded Python 3

File details

Details for the file kraimind-0.2.1.tar.gz.

File metadata

  • Download URL: kraimind-0.2.1.tar.gz
  • Upload date:
  • Size: 99.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.4

File hashes

Hashes for kraimind-0.2.1.tar.gz
Algorithm Hash digest
SHA256 3f13d47fec95b43562bdd050d60bc57ccd949824f62af25cded70c3337af8a15
MD5 670a45d31d087e88d5dc4e3cbb79d8e5
BLAKE2b-256 b68f10e03c4ad6cdf12445bb8ad01b40be3e9943392cf2a46146b3b07f52043f

See more details on using hashes here.

File details

Details for the file kraimind-0.2.1-py3-none-any.whl.

File metadata

  • Download URL: kraimind-0.2.1-py3-none-any.whl
  • Upload date:
  • Size: 93.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.4

File hashes

Hashes for kraimind-0.2.1-py3-none-any.whl
Algorithm Hash digest
SHA256 97cf75f6b005154396f18a8e7388a1af8729c0d8b979e573e1962a760194b264
MD5 802ecd1bd514156e28cb1b09d2c2191e
BLAKE2b-256 1c7533dc3b7da951dfcbb958723060264294cec84fb39bf0d6ab8d7f6dd9898c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page