LibCST-powered Python cleaner: security scanning, structural refactors, auto-fix, and PYNAGENT markers for AI editors (not just a formatter).
Project description
PyNEAT — Clean AI-Generated Python Code
The anti-spaghetti code cleaner — PyNEAT goes beyond black/ruff-style formatting: it runs AST + LibCST rules in a single pipeline to fix security issues, AI/legacy smell, and unsafe structure (nested if/else, bad except, mutable defaults, and more).
AI generates code fast. PyNEAT cleans what AI generates.
| Install | One-liner |
|---|---|
| PyPI | pip install pyneat-cli |
| CLI | pyneat check file.py · pyneat clean file.py · pyneat clean-dir ./src |
The Problem
AI coding assistants (Cursor, Copilot, Claude Code) generate code at incredible speed. But AI-generated code has predictable patterns that introduce security vulnerabilities and code quality issues:
- SQL injections in f-strings:
f"SELECT * FROM users WHERE id = {user_id}" - Hardcoded secrets:
api_key = "sk_live_abc123..." - Magic numbers:
timeout = 300 # What does this mean? - Empty except blocks:
except: pass # Silent failures - Resource leaks:
open()without context manager
The Solution
PyNEAT = AI-Generated Code Preprocessor
AI generates code → PyNEAT cleans it → Clean code continues
↑ ↓
└────────── PYNAGENT Markers ────────┘
Quick Demo
Before PyNEAT
# SQL Injection vulnerability
query = f"SELECT * FROM users WHERE id = {user_id}"
cursor.execute(query)
# Hardcoded secret
api_key = "sk_live_abc123xyz789secret"
# Magic number
timeout = 300 # What is 300?
# Empty except
try:
risky_operation()
except:
pass
After PyNEAT
# Parameterized query
query = "SELECT * FROM users WHERE id = ?"
cursor.execute(query, (user_id,))
# Environment variable
api_key = os.environ.get("API_KEY")
# Named constant
REQUEST_TIMEOUT_SECONDS = 300 # 5 minutes
timeout = REQUEST_TIMEOUT_SECONDS
# Proper error handling
try:
risky_operation()
except Exception as e:
logger.error(f"Operation failed: {e}")
raise
Features
| Feature | Description |
|---|---|
| 50+ Security Rules | Catch SQL injection, command injection, secrets, weak crypto |
| AI Bug Patterns | Magic numbers, empty excepts, resource leaks, naming inconsistencies |
| LibCST structural surgery | Deep refactors (not whitespace-only): flatten arrow anti-pattern if/else, eval() handling, except: pass, mutable defaults, == None → is None, bad is on literals, type(x) == T → isinstance |
| Auto-fix | One command to clean entire codebase |
| Agent-to-Agent Handoff | PYNAGENT markers for AI editors (Cursor, Copilot, Claude) |
| LSP Integration | Real-time diagnostics in VS Code, Neovim, JetBrains |
| 7-Layer Protection | Semantic guard, type shield, scope protection |
Security Rules
| Severity | Count | Examples |
|---|---|---|
| CRITICAL | 9 | SQL injection, command injection, RCE |
| HIGH | 10 | Hardcoded secrets, weak crypto |
| MEDIUM | 20 | SSRF, XSS, open redirect |
| LOW | 10 | Information disclosure |
| INFO | 10 | Best practice hints |
Installation
pip install pyneat-cli
Optional: where a platform wheel ships the native scanner, installs can use the compiled extension for faster scans; otherwise the pure-Python + LibCST path still works.
pip install pyneat-cli
Quick Start
CLI
# Scan for security vulnerabilities
pyneat check file.py
# Auto-fix all issues
pyneat clean file.py
# Export manifest for AI editors
pyneat manifest file.py --format sarif
# Clean entire directory
pyneat clean-dir ./src
IDE Plugins
VS Code
- Open VS Code → Extensions (
Ctrl+Shift+X) - Search "PyNEAT"
- Install
Neovim
-- init.lua
use 'pyneat/pyneat-vim'
JetBrains
- Settings → Plugins → Marketplace
- Search "PyNEAT"
- Install
LSP Server
pip install pyneat-cli[server]
python -m pyneat.lsp
Agent-to-Agent Handoff
PyNEAT generates PYNAGENT markers that AI editors can read:
import os # PYNAGENT: {"id":"PYN-001","type":"unused_import","severity":"medium","fix":"Remove"}
def main():
pass
AI editors (Cursor, Copilot, Claude Code) read these markers and:
- Understand what issues exist
- Ask the user about intent
- Fix code correctly
Architecture
┌─────────────────────────────────────────────────────────────┐
│ IDE Layer │
│ VS Code │ Neovim │ Vim │ JetBrains │ CLI │
└───────────┴──────────┴───────┴────────────┴───────────────┘
│
▼
┌─────────────────────────────────────────────────────────────┐
│ PyNEAT Plugin Interface Layer │
│ LSP Server │ CLI Commands │ Manifest Export │
└───────────────────────────┬───────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────┐
│ PyNEAT Core Engine │
│ RuleEngine │ AgentMarker │ ManifestExporter │
└─────────────────────────────────────────────────────────────┘
Ecosystem
| Integration | Status |
|---|---|
| VS Code Extension | Complete |
| Neovim Plugin | Complete |
| JetBrains Plugin | Beta |
| LSP Server | Complete |
| GitHub Actions | Complete |
| GitLab CI | Complete |
| Pre-commit Hook | Complete |
License
GNU Affero General Public License v3 (AGPLv3+)
Commercial licensing: n.khanhnam@gmail.com
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pyneat_cli-2.2.1b0-py3-none-any.whl.
File metadata
- Download URL: pyneat_cli-2.2.1b0-py3-none-any.whl
- Upload date:
- Size: 252.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ab88cf78dc51a35f76d23dcecba9b90fc1daf0ffec50edbb0a0e794a8ffa00cf
|
|
| MD5 |
1517a9818b891ae82442220a9845ceaf
|
|
| BLAKE2b-256 |
0a1213af7eba6435ab6e44b6f87c9256a49d04c886709039b6a7d4beb742905e
|
