Please check the build logs for more information.
See Builds for ideas on how to fix a failed build, or Metadata for how to configure docs.rs builds.
If you believe this is docs.rs' fault, open an issue.
$ yana-ai
╭────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ │
│ ██╗ ██╗ █████╗ ███╗ ██╗ █████╗ █████╗ ██╗ │
│ ╚██╗ ██╔╝██╔══██╗████╗ ██║██╔══██╗ ██╔══██╗██║ │
│ ╚████╔╝ ███████║██╔██╗ ██║███████║ ███████║██║ │
│ ╚██╔╝ ██╔══██║██║╚██╗██║██╔══██║ ██╔══██║██║ │
│ ██║ ██║ ██║██║ ╚████║██║ ██║ ██║ ██║██║ │
│ ╚═╝ ╚═╝ ╚═╝╚═╝ ╚═══╝╚═╝ ╚═╝ ╚═╝ ╚═╝╚═╝ │
│ │
│ v0.42.2 · Personal Agent OS │ Tips for getting started │
│ 162 agents · 1,983 skills │ yana-ai doctor │
│ 66 rules · 49 hooks · 101 scripts │ yana-ai init │
│ 826 checks · 9 gate layers │ │
│ │ What's new │
│ │ v0.42.2 — WASM guard + automated publish pipeline │
╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
Yana AI is a personal agent operating system for AI coding tools — runtime safety hooks, memory tiers, 162 specialist agents, 1,983 skills, and a Rust runtime that intercepts dangerous AI actions before they execute.
Works with Claude Code, Cursor, Windsurf, Antigravity, Kiro, OpenCode, Zed, Gemini, GitHub Copilot, Aider, and more.
New in v0.42.2: yana-rt now runs in the browser — WebAssembly build via wasm-bindgen ships destructive-command guard to browser extensions, VS Code, and Node.js (
npm install yana-rt). Publish pipeline fully automated — npm, PyPI, and crates.io all publish on tag push. Agent count reconciled to 162. Rule 70 added: context-faithfulness law enforcing provided data over training data.
→ VISION.md · ARCHITECTURE.md · ROADMAP.md
What are the 162 agents? They are not 162 AI models running at the same time — they're predefined specialist roles (security, frontend, backend, testing, learning, daily assistant…) used for routing and task organization. In normal usage, only the agent required for the current task is activated; most requests use a single model and a single agent route. Generated from repository metrics Last updated: 2026-06-21
🤝 An invitation — try it yourself
Don't take this README's word for any of it. Install the engine, then ask your AI assistant to do something it shouldn't — and watch the gates catch it first:
&& Then try: ask your agent to git push --force, pipe a script from the internet into bash, or read a .env file — every attempt is intercepted, explained, and logged. That moment is the whole pitch.
Built by one 17-year-old in Vietnam — which means real-world feedback is the most valuable thing you can give this project. If something blocks too much, too little, or confuses you: open an issue. Every report makes the gates sharper.
Installation
Requirements
- Node.js 18+ (for npm package)
- Git
- Any AI coding tool: Claude Code, Cursor, Windsurf, Aider, etc.
Method 1 — npm (recommended, 60 seconds)
Method 2 — clone from source
Method 3 — GitHub App (no CLI needed)
Install via npm and wire into your project in 60 seconds — see Method 1 above.
Verify
After install, try asking your AI agent to run git push --force, pipe a remote script to bash, or access a .env file — every attempt is intercepted, explained, and logged.
Yana AI at a Glance
┌──────────────────────────────────────────────────────────────────┐
│ Yana AI v0.42.2 │
│ "The orchestration layer between humans and AI — │
│ routing, safety, and context for every domain." │
│ │
│ Built by Vũ Văn Tâm · 17 · Vietnam │
└──────────────────────────────────────────────────────────────────┘
graph TB
%% ── Mission ──────────────────────────────────────────────────────────
subgraph MISSION["🎯 Mission — AI coding agent safety layer"]
direction LR
AGENT["Agent wants\nto run a command"]
GATE["9-layer gate\nintercepts every call"]
OUT["Execute ✅\nor BLOCK + log 🚫"]
AGENT --> GATE --> OUT
end
%% ── Gate layers ──────────────────────────────────────────────────────
subgraph GATES["🔒 9-Layer Gate System (L1 → L9)"]
direction LR
G1["L1\nAnti-evasion\nbase64, pipe-to-shell"]
G2["L2\nShell sanitize\nquoting, metacharacters"]
G3["L3\nEgress / SSRF\nprivate IPs blocked"]
G4["L4\nSupply chain\ntyposquatting, CVEs"]
G5["L5\nBlast radius\ndestructive scope cap"]
G6["L6\nPermission tier\nagent authority check"]
G7["L7\nCode signing\nECDSA-P256"]
G8["L8\nMerkle audit\nhash-chain, tamper-proof"]
G9["L9\nSovereign overlord\nhuman veto / freeze swarm"]
G1 --> G2 --> G3 --> G4 --> G5 --> G6 --> G7 --> G8 --> G9
end
%% ── Core engine ──────────────────────────────────────────────────────
subgraph CORE["⚙️ Core Engine"]
direction TB
SKILLS["📚 1,983 skills\nSKILL.md workflow defs\n(frontend, backend, AI, K8s, sec...)"]
AGENTS["🤖 162 specialist agents\n(planner, security-auditor,\nhoc-tap, daily-assistant...)"]
RULES["📜 65 enforced rules\n(security, git, UI, TypeScript,\nAPI security, core-lock...)"]
HOOKS["🪝 46 hooks\nPreToolUse · PostToolUse · Stop\n(guard-destructive, truth-gate...)"]
CMDS["⚡ 164 slash commands\n/audit · /scan · /route\n/tdd-cycle · /simplify..."]
BUS["🚌 Agent message bus\nJSON + ECDSA sig\nreplay-protected, BFT consensus"]
MEM["🧠 Memory tiers\nL1 permanent · L2 session\nMerkle-chained, AES-256-GCM"]
end
%% ── Rust runtime ─────────────────────────────────────────────────────
subgraph RT["⚡ Rust Runtime — yana-rt"]
direction LR
SCAN["scan · hunt · fix\nVulnerabilities, OWASP,\nsupply chain — 1256× faster"]
ROUTE["route · mission\nTask classifier → simple/\ncomplex/external dispatch"]
VAULT["graph · vault · doctor\nKnowledge graph,\nskill search, health check"]
end
%% ── Tools ────────────────────────────────────────────────────────────
subgraph TOOLS["🛠️ Tools — sub-projects"]
direction LR
YANA["yana-ai ✅\nZero-dep Node.js web UI\nAnthropic · Groq · Gemini · OpenAI\nSkill routing · SSE streaming"]
CODEXMATE["codexmate\nOpenAI Codex integration\nVietnamese patch"]
MOSS["moss-tts-nano\nTTS engine"]
FINETUNE["finetune-vi\nVietnamese LLM fine-tuning"]
end
%% ── Harness adapters ─────────────────────────────────────────────────
subgraph HARNESS["🔌 Harness Adapters (15)"]
direction LR
H1["Claude Code\nCursor · Zed"]
H2["Gemini · Copilot\nAider · OpenCode"]
H3["Cloudflare Workers\nGitHub Actions"]
end
%% ── Active branches ──────────────────────────────────────────────────
subgraph BRANCHES["🌿 Active Branches"]
direction LR
BMAIN["main ✅\nv0.42.0 — stable"]
BVDEV["v1.8.0-dev\nnext release (in progress)"]
BCF["cloudflare/workers-autoconfig\nWorkers zero-config setup"]
BCX["codex/fix-hello-bug-in-bn\nCodex compatibility"]
end
%% ── Product funnel ───────────────────────────────────────────────────
subgraph FUNNEL["📣 Product Funnel — 'Scan first. Guard later.'"]
direction LR
F1["① yana-ai audit .\n30s · no learning needed\nScan any repo for AI agent risks"]
F2["② Policy Kit\nAdopt safe configs piece by piece\n(CLAUDE.md · .mcp.json · CI gates)"]
F3["③ Full Control Layer\nAll 9 gates · 162 agents\nMerkle log · Sovereign veto"]
F1 --> F2 --> F3
end
%% ── Connections ──────────────────────────────────────────────────────
MISSION --> GATES
GATES --> CORE
CORE --> RT
CORE --> TOOLS
CORE --> HARNESS
Reading the diagram: every AI tool call flows
MISSION → GATES → CORE. The Rust runtime (yana-rt) accelerates the scanner. Sub-project tools (yana-web etc.) use the same gate system. Branches show active development fronts.
The problem
AI coding agents make mistakes. They rm -rf the wrong directory. They push force to main. They hallucinate test results. They commit secrets. By the time you notice, the damage is done.
Yana AI sits between the agent and your system — every tool call passes through a 9-layer safety gate before execution.
How it works
Agent wants to run a command
↓
[L1] Anti-evasion scan — blocks base64 decode+exec, pipe-to-shell
[L2] Shell sanitization — quotes all variables, strips metacharacters
[L3] Egress check — blocks SSRF, private IP ranges, metadata endpoints
[L4] Supply chain gate — vets every package install (typosquatting, CVEs)
[L5] Blast radius check — caps destructive scope
[L6] Permission tier check — verifies agent authority level
[L7] Signature verification — ECDSA-P256 on generated code
[L8] Merkle audit log — append-only, tamper-detected hash chain
[L9] Sovereign overlord gate — human veto, freeze swarm, full rollback
↓
Execute (or block + log)
Numbers
| 🧩 Skills | 1,983 workflow skill definitions |
| 🤖 Agents | 162 specialist agents |
| 📜 Safety rules | 65 enforced rules |
| 🪝 Hooks | 46 pre/post-execution hooks |
| ⚡ Slash commands | 164 |
| 🔌 Harness adapters | 15 (Claude Code, Cursor, Windsurf, Antigravity, Kiro, OpenCode, Zed, Gemini, Copilot, Aider...) |
| 🦀 Rust subcommands | 23 (scan, graph, vault, route, mission, hunt, fix, doctor...) |
| ✅ Rule checks in CI | 826 |
| 📦 Total codebase | 10,331 files |
Quick Install
→ npm install — npm install -g yana-ai
# Claude Code plugin — npx yana-ai-install wires the hooks
# (required: npm v12+ no longer runs postinstall scripts by default)
&&
# Python CLI
# Rust runtime (1256x faster scanner)
# Verify everything is wired
Multi-harness support
Yana AI adapts to whichever tool you use:
GitHub Action
Scan any repo's AI agent configuration on every PR — secrets, permissions, hook injection, MCP vulnerabilities.
# .github/workflows/yana-ai-scan.yml
- uses: yanacuti1121/yana-ai/.github/actions/scan@main
with:
fail-on: 'high' # fail CI on HIGH or CRITICAL findings
diff-only: 'true' # scan only changed files on PRs
comment-on-pr: 'true' # post findings summary as PR comment
Posts a comment on every PR:
🟠 Yana AI Security Scan — HIGH
| Metric | Value |
|---------|--------|
| Risk | HIGH |
| Score | 58/100 |
| Findings| 3 |
Rust runtime — yana-rt
23 subcommands. Zero Python dependency.
Benchmark: yana-ai scan on a 10k-file repo: 1256x faster than the Python equivalent.
Safety architecture
core/
├── hooks/ # 46 PreToolUse / PostToolUse / Stop hooks
├── rules/ # 65 enforced rules (security, correctness, UI, git)
├── scripts/ # safe-run.sh, verify-core-lock.sh, secure-logger.sh
├── gates/ # truth_gate.md, action_gate.md
├── agents/ # 162 specialist agent definitions
├── skills/ # 1,983 SKILL.md files
├── config/
│ ├── core-lock.json # SHA-256 manifest — 220 core files pinned
│ └── skills-lock.json # skill content hashes
└── memory/
├── L1_atomic/ # permanent facts — persist across sessions
└── L2_session/ # session state — auto-expires
Key properties:
- Merkle audit chain — every action logged, tamper-detected
- Core-lock integrity — SHA-256 manifest detects drift, deletion, and rule injection in core/
- BFT consensus — 3-of-N vote required for core infrastructure writes
- Sovereign overlord — human can freeze all 162 agents instantly
- Honeypot layer — decoy files/env vars catch compromised agents
What it looks like in practice
# Agent tries: git push --force origin main
# Agent tries: curl http://169.254.169.254/latest/meta-data/
# Agent tries to install unvetted package
)
Yana AI
Yana is the first interface built on Yana AI core — a web UI that lets anyone chat with AI, switch providers, and use skill routing without knowing anything about the infrastructure underneath.
User → Yana AI → Yana AI Core (Router · Safety · Context) → Model
- Zero signup — bring your own API key
- 🔐 Encrypted key vault — keys stored AES-256-GCM, master key non-extractable (WebCrypto + IndexedDB), never plaintext
- Multi-provider: Anthropic · Groq · Gemini · OpenAI · DeepSeek · OpenRouter · 9Router · Ollama
Provider setup — bring your own key, keys encrypted locally (never sent to Yana AI):
| Provider | Type | Setup |
|---|---|---|
| Claude | Cloud | API key → console.anthropic.com/settings/keys |
| OpenAI | Cloud | API key → platform.openai.com/api-keys |
| Gemini | Cloud | API key → aistudio.google.com/app/apikey |
| Groq | Cloud | API key → console.groq.com/keys |
| DeepSeek | Cloud | API key → platform.deepseek.com/api_keys |
| OpenRouter | Cloud | API key → openrouter.ai/settings/keys |
| 9Router | Local | npm install -g 9router → 9router (runs on localhost:20128) |
| Ollama | Local | ollama.com/download → ollama serve → ollama pull llama3.2 |
- 📊 100% real data — live provider stats, L1 memory garden, audit-log health panel; zero demo numbers
- Skill routing built in — type naturally, Yana AI dispatches the right agent
- Non-coding use cases: learning (Socratic learning assistant), daily work (summarize / plan / draft)
- SSE streaming, mobile-friendly · Electron desktop shell (
tools/yana-desktop)
If Yana AI is the power grid, Yana is the first building plugged into it.
Built by one person
One person. No team. No funding.
- Hook architecture, safety gates, Python CLI
- Rust runtime (
yana-rt), 162 agents, 1,983 skills, multi-harness support - 15 harness adapters (Claude Code, Cursor, Windsurf, Antigravity, Kiro, Zed, Gemini, Copilot, Aider…)
The 1,983 skills cover: frontend, backend, AI/LLM, security, Kubernetes, WebAssembly, DevOps, databases, testing, and more. Two new agent personas cover non-coding use cases: learning (hoc-tap) and daily productivity (daily-assistant).
Add Yana AI to your repo
Static badge — paste into your README:
[](https://github.com/yanacuti1121/yana-ai)
Dynamic audit badge — shows live security score:
GitHub Action — scan every PR automatically:
- uses: yanacuti1121/yana-ai/.github/actions/scan@main
with:
fail-on: 'high'
Yana task router
Every task is classified before execution — no more guessing whether to handle it inline or dispatch an agent.
# → { "route": "complex", "gate": "harness", "confidence": 0.36,
# "suggested_agents": ["security-engineer", "backend-developer"] }
# → { "route": "simple", "gate": "auto", "confidence": 0.43 }
# → { "route": "external", "gate": "confirm", "confidence": 0.30 }
Five routes:
- simple → Yana handles directly (read-only, no agents needed)
- skill → matched against 1,983-entry index, dispatches exact skill agent
- learn → routes to
hoc-tap— Socratic learning assistant (triggers on "learn", "explain", "why" — English and Vietnamese) - daily → routes to
daily-assistant— summarize / plan / draft (triggers on "summarize", "write an email", "make a plan" — English and Vietnamese) - complex → dispatch specialist agent(s) with scoped brief
- external → stop, confirm with human before proceeding
Domain-aware agent selection: auth tasks → security-engineer, database → database-expert, UI → frontend-developer + ui-ux-designer.
Mission dispatcher
Wave-based parallel orchestration with dependency resolution — built in Rust, zero Python.
# 1. Create mission
MID=
# 2. Declare tasks with dependencies
# 3. Dispatch wave 1 — only tasks whose dependencies are satisfied
# → JSON briefs for each ready agent
# 4. Mark complete, dispatch next wave
# Cancel / retry stuck tasks
Tasks marked Running on dispatch — re-running dispatch never double-dispatches the same task.
Multi-agent launcher
Launch multiple agents in parallel with hard limits and a kill switch:
# Launch 3 agents, at most 3 running in parallel
# Real-time status
# Stop one specific agent
# Kill switch — stop everything immediately
# Tail an agent's log
Or drive it from a task-list file:
# tasks.txt — one line per task: agent_name:task description
Sample output:
═══ Yana AI Multi-Agent Launcher ═══
Agents : 3
Concurrency: 3 (max running in parallel)
Kill switch: bash multi-agent-launch.sh kill all
[LAUNCH] scanner → scan the whole repo PID 12341
[LAUNCH] auditor → check the hooks PID 12342
[LAUNCH] qa-team → run the test suite PID 12343
[OK] Launched 3/3 agents
162 specialist roles defined in repo config 1,983 skill definitions discovered by repository scan 10,331 files, measured on 2026-06-21
Contact
Vũ Văn Tâm · Vietnam · 17
| phamlongh230@gmail.com | |
| Website | yanacuti1121.github.io/Yana-AI |
| GitHub | yanacuti1121/Yana-AI |
| Yana AI | yanai-production.up.railway.app |
🇻🇳 Tiếng Việt · 🇰🇷 한국어 · 🇨🇳 中文
Full translations of this document: README.vi.md (Tiếng Việt) · README.ko.md (한국어) · README.zh.md (中文)