Language-agnostic software intelligence and architecture review CLI
Project description
SKTR
System Knowledge & Technical Review
Understand your software before you change it.
Release candidate:
1.0.0rc1is the first public preview of the v1 interface and artifact contract. Please report reproducible feedback through the issue tracker.
SKTR is a language-agnostic software intelligence CLI. It turns Git changes into a structured knowledge model, enriches that model with deterministic engineering metrics, applies architecture rules, and produces review artifacts for people and automation. Optional AI features explain the evidence; they do not replace it.
What is SKTR?
Run sktr review inside a configured Git repository to answer practical review
questions:
- Which modules and public symbols changed?
- Did this change introduce new internal dependencies or dependency cycles?
- Which files and functions deserve attention first?
- Does the change violate a configured architecture boundary?
- What structured artifact can CI, reports, and future tooling consume?
The core is language-agnostic. Python, JavaScript/TypeScript, and Java analyzers, rule packs, outputs, and AI providers are discovered as plugins through Python entry points.
Why SKTR?
Code review tools often begin with raw source and ask a model to discover what matters. SKTR begins with deterministic facts. Git scope, symbols, dependencies, metrics, rules, risk, and review priority are computed first. AI features receive that structured context instead of the whole repository.
SKTR remains useful with AI disabled, produces stable output, and stores the result as a versioned JSON artifact rather than only printing prose.
Features
- Working-tree, branch, explicit-base, and commit review scopes
- Python analysis using the standard
astmodule - JavaScript, JSX, TypeScript, TSX, and Java analysis using Tree-sitter
- Deterministic architecture and maintainability rules
- Configurable forbidden module dependencies and thresholds
- Knowledge enrichment with file, symbol, dependency, module, risk, and priority metrics
- Terminal, Markdown, JSON, and Mermaid output
- Plugin discovery and diagnostics
- CI severity gates, path exclusions, and parse diagnostics
- Optional OpenAI-powered explanations and recommendations
Quickstart
SKTR requires Python 3.13 or newer and a Git repository. Install RC1 explicitly:
python -m pip install --pre sktr==1.0.0rc1
sktr --version
sktr --help
cd your-project
sktr init --yes
sktr review
Common next steps:
sktr review --ai
sktr review --ai --model gpt-5.6-terra
sktr review --format markdown --output REVIEW.md
sktr review --format json --output sktr-review.json
sktr graph --format mermaid --output architecture.mmd
sktr graph --scope repository --focus orders
See the quickstart for review scopes and a complete first run. See architecture graphs for repository and focused views. See analyzer semantics for visibility, modules, and metrics. See the CLI reference for every command and exit status.
Example output
SKTR Review
Summary
Risk: Medium
Score: 76/100
Changed files: 3
Issues: 2
Findings
High
! Forbidden dependency
controllers/order_controller.py imports repositories/order_repository.py
Reason: Controllers should access repositories through services.
Medium
! Large function detected
create_order has 114 lines.
AI Review
Overview
The change crosses the controller-to-repository boundary and concentrates new
order behavior in one large function.
AI output appears only when enabled. Deterministic findings and scoring are the same with or without AI.
Configuration
sktr init creates sktr.yml. Use interactive setup to choose plugins, rules,
outputs, and optional AI features, or use sktr init --yes for safe defaults.
project:
name: sample-app
default_base: main
review:
default_scope: working_tree
fail_on: null
exclude:
- node_modules/
- .venv/
- dist/
- build/
- target/
plugins:
analyzers:
- sktr-python
- sktr-javascript-typescript
- sktr-java
rules:
- sktr-rules-default
outputs:
- terminal
- markdown
- json
- mermaid
rules:
enabled:
- new_dependency
- large_file
- large_function
- forbidden_dependency
large_file:
max_changed_lines: 300
large_function:
max_lines: 80
forbidden_dependencies:
- source: controllers
target: repositories
reason: Controllers should access repositories through services.
ai:
enabled: false
API keys never belong in this file. See the complete configuration reference.
Risk score
The score starts at 100. Deterministic findings subtract severity-weighted penalties, with caps for repeated findings and categories. A separate bounded review-breadth penalty accounts for production files, changed modules, public API changes, and unusually large diffs. Documentation and test files are reported but do not count as production files. Informational findings do not lower the score.
- Low: 85-100
- Medium: 65-84
- High: 40-64
- Critical: 0-39
AI features
AI is optional. SKTR can ask a configured provider to explain deterministic findings and recommend focused next steps using structured SKTR context.
export SKTR_OPENAI_API_KEY="your-api-key"
sktr ai doctor
sktr review --ai
OpenAI key resolution is SKTR_OPENAI_API_KEY first, then OPENAI_API_KEY.
SKTR never stores or prints the key. See AI setup.
Plugins
SKTR discovers analyzers, rule packs, outputs, and AI providers from these entry point groups:
sktr.analyzerssktr.rulessktr.outputssktr.ai_providers
sktr plugins list
sktr plugins doctor
See the plugin guide to build or distribute a plugin.
Roadmap
SKTR 1.0 packages the deterministic review, three bundled analyzers, stable JSON artifact, architecture graphing, CI gates, and optional AI Review developed through v0.20. Post-v1 work remains tracked in the canonical roadmap.
The v0.16-v0.18 roadmap delivered bundled JavaScript/TypeScript and Java analyzers, followed by CI severity gates, exclusions, parse diagnostics, and a frozen artifact schema. v0.19 added repository-context graphs, and v0.20 added evidence-based API exposure, logical application modules, alias resolution, and more precise React and Java signals. See the canonical roadmap for milestone deliverables and deferred post-v1 work.
Contributing
Development uses uv:
uv sync
uv run pytest
uv run sktr review
Read CONTRIBUTING.md and development.md before adding an analyzer, rule, output, or provider. Release work is tracked in the v1.0.0rc1 checklist.
For help, see troubleshooting and the known limitations. Report sensitive vulnerabilities privately according to SECURITY.md. Release history is recorded in the changelog.
License
SKTR is available under the MIT License.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sktr-1.0.0rc1.tar.gz.
File metadata
- Download URL: sktr-1.0.0rc1.tar.gz
- Upload date:
- Size: 1.3 MB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4c74766135acf9a3a78a46328a0d2ab4168ffcb71ccc10df2b13d155710e1225
|
|
| MD5 |
6dc91344011341ef1bf16c8af5f21c80
|
|
| BLAKE2b-256 |
ddfb99ccb2aa65b67499972b13bad0b1d7b3c81b34dd693a65435a7e7e5867fd
|
Provenance
The following attestation bundles were made for sktr-1.0.0rc1.tar.gz:
Publisher:
release.yml on prubianes/sktr
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
sktr-1.0.0rc1.tar.gz -
Subject digest:
4c74766135acf9a3a78a46328a0d2ab4168ffcb71ccc10df2b13d155710e1225 - Sigstore transparency entry: 2171536420
- Sigstore integration time:
-
Permalink:
prubianes/sktr@8cd5d1b8b468879a6027e5956f9e5afe5a0044c0 -
Branch / Tag:
refs/tags/v1.0.0rc1 - Owner: https://github.com/prubianes
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@8cd5d1b8b468879a6027e5956f9e5afe5a0044c0 -
Trigger Event:
push
-
Statement type:
File details
Details for the file sktr-1.0.0rc1-py3-none-any.whl.
File metadata
- Download URL: sktr-1.0.0rc1-py3-none-any.whl
- Upload date:
- Size: 73.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
985a9fc1cac16d411d5fdc4eec1f249d0887abc8820180a6296f87cd78070359
|
|
| MD5 |
bc1d6249caf1d0f68cc7189ece3595ab
|
|
| BLAKE2b-256 |
3299fc3e517347d3be4a677e2bbcd5cec944f87a98f5c6275da7746b0588150d
|
Provenance
The following attestation bundles were made for sktr-1.0.0rc1-py3-none-any.whl:
Publisher:
release.yml on prubianes/sktr
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
sktr-1.0.0rc1-py3-none-any.whl -
Subject digest:
985a9fc1cac16d411d5fdc4eec1f249d0887abc8820180a6296f87cd78070359 - Sigstore transparency entry: 2171536425
- Sigstore integration time:
-
Permalink:
prubianes/sktr@8cd5d1b8b468879a6027e5956f9e5afe5a0044c0 -
Branch / Tag:
refs/tags/v1.0.0rc1 - Owner: https://github.com/prubianes
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@8cd5d1b8b468879a6027e5956f9e5afe5a0044c0 -
Trigger Event:
push
-
Statement type: