Invariant
Semantic code analysis for the AI era
Invariant is a fast, multi-language code analysis tool that extracts structural facts from your codebase and connects to DataGrout for semantic analysis. It enables:
- Consequential analysis — What breaks if we merge this PR?
- Semantic time machine — Query code properties across commits
- Agent feedback loop — Real-time validation for AI-generated code
- Architectural governance — Encode and enforce team invariants
Read the paper · Library & docs · Live demo
Quick Start
# Build
# New to DataGrout? Create a free account and register automatically:
# Already have an account — initialize with your server URL:
# Analyze your codebase (extracts structural facts + uploads to Invariant)
# Query for issues (via DataGrout Invariant)
# Analyze changes against a stated goal (git-native)
# One-shot review: lens + diff + query on changed files
After the first invariant init, Invariant prefers a persisted mTLS identity in ~/.conduit/. If the gateway rejects identity bootstrap, Invariant falls back to the saved bearer token so subsequent runs still authenticate automatically.
How It Works
┌───────────────────────────────────────┐
│ Invariant (local) │
│ │
│ tree-sitter AST → structural facts │
│ file scanning, ignore patterns │
└──────────────┬────────────────────────┘
│ Conduit SDK (mTLS)
↓
┌───────────────────────────────────────┐
│ DataGrout Invariant (server) │
│ │
│ semantic enrichment (LLM) │
│ consequence queries │
│ intent analysis │
│ cross-repo aggregation │
└───────────────────────────────────────┘
Invariant performs fast, local structural extraction using tree-sitter. It understands Python, Rust, TypeScript, TSX, JavaScript, Go, Elixir, and Ruby ASTs natively. Facts are uploaded to DataGrout Invariant via the Conduit SDK for server-side semantic enrichment — LLM-powered intent classification, security analysis, and consequence reasoning.
Installation
# From source
# Or run directly
Commands
invariant onboard
Create a free DataGrout account and register an agent identity — no prior account or URL needed. Runs the full onramp flow: account creation → OAuth credentials → mTLS identity bootstrap → saves config ready for invariant lens.
When invariant init is run with no URL configured and stdin is a terminal, it will offer to run onboarding inline.
invariant init
Initialize Invariant for the current repository. Bootstraps an mTLS identity on first run when the gateway supports it, otherwise saves the bearer token for future fallback auth.
invariant lens [paths...]
Extract structural facts from code files.
invariant query <query>
Run semantic queries via DataGrout Invariant.
invariant diff
Analyze code changes for goal alignment. Supports multiple input modes:
# Git-native (default — works from any git repo)
# Patch/stdin
|
# Legacy file mode (for non-git contexts)
# Filter to specific files
invariant review
One-shot workflow: lens changed files, diff-analyze them, and run queries.
invariant status
Show connection, identity, and configuration status.
Supported Languages
| Language | Parser | Extensions |
|---|---|---|
| Python | tree-sitter | .py, .pyw |
| Rust | tree-sitter | .rs |
| TypeScript | tree-sitter | .ts |
| TSX | tree-sitter | .tsx |
| JavaScript | tree-sitter | .js, .jsx |
| Go | tree-sitter | .go |
| Elixir | tree-sitter | .ex, .exs |
| Ruby | tree-sitter | .rb, .rake, .gemspec |
Architecture
invariant/
├── invariant-core/ # Library: parser, analyzer, facts, bridge
└── invariant-cli/ # CLI binary
- invariant-core — Tree-sitter parsing, AST fact extraction, Conduit SDK bridge
- invariant-cli — Command-line interface with auto-enrollment, config persistence
Development
Powered By
DataGrout AI — Intelligence Infrastructure for Autonomous Systems