See what your AI agents built —
before it breaks.

Governance-as-code for AI-generated infrastructure. Scan your repo, declare intent in a Compositfile, surface every drift. Open-source CLI for platform teams.

▶ See it run Star on GitHub Try in Codespaces → Quick start →

How it works

Init, edit, diff. IS-state vs. SHOULD-state. No SaaS required.

1

Init

25 built-in scanners cover containers, Terraform, ingress, observability, CI workflows, cron, env files, MCP, Cargo and Go manifests, agent specs (SKILL.md / AGENTS.md / CLAUDE.md) — and more. Zero setup; scaffolds a Compositfile from scan results.

composit init
2

Declare

Review the scaffold and lock in the SHOULD-state: approved providers, budgets, resource constraints, policy references. Manual edit, no command.

3

Diff

Compare reality against intent. Errors and warnings with severity and rule IDs. Terminal, JSON, YAML, or HTML output.

composit diff

Quick start

The CLI is free and open source (MIT). Point it at any repo — it reads; it never writes.

Browser · no install · GitHub account required
Use 
# composit is pre-built — start scanning immediately.
composit init    # scaffold a Compositfile from scan results
composit diff    # compare intent vs. reality
Opens a cloud dev environment with composit on PATH. Launch Codespaces →
macOS · Linux
Install 
# Add the tap once, then install.
brew tap nuetzliches/tap
brew install composit
Formula tracked at nuetzliches/homebrew-tap; auto-bumped by the release workflow.
Zero-install · CI-friendly
Use 
# No install step — npx downloads on first use.
npx @nutz/composit init
npx @nutz/composit diff --output json
Meta-package @nutz/composit selects a platform binary via optional dependencies (biome / esbuild pattern).
Rust toolchain required
Install 
# Compiles from source — takes ~30 s on first run.
cargo install --git https://github.com/nuetzliches/composit
No Rust? rustup.rs sets it up in 60 seconds, or use the docker tab to skip the toolchain entirely.
macOS · Linux
Install 
# Downloads the pre-built binary for your platform.
curl -fsSL https://nuetzliches.github.io/composit/install.sh | sh
Installs to ~/.local/bin by default. Override with COMPOSIT_INSTALL_DIR=/usr/local/bin. Script at install/install.sh.
No toolchain required · CI-ready
Use 
# Mount your repo and run — builds from source on first pull.
docker run --rm -v "$PWD:/repo" ghcr.io/nuetzliches/composit init
docker run --rm -v "$PWD:/repo" ghcr.io/nuetzliches/composit diff --output json
Dockerfile at Dockerfile. Build locally: docker build -t composit .
Scan any repo — IS-state 
# Writes composit-report.yaml with everything detected.
composit scan
Declare intent — SHOULD-state 
# Compositfile
workspace "my-stack" {
  resources {
    allow "docker_service" { max = 20 }
    require "workflow"      { min = 1  }
  }
}
Diff — catch drift 
# Terminal, JSON, YAML, or a standalone HTML report.
composit diff --output html

See the examples directory for a full Compositfile and matching report.

Who it's for

Teams where 3+ developers use AI coding agents (Claude Code, Cursor, Devin) and nobody owns the inventory of what agents touched.

Platform engineers Running drift audits by hand. Need cross-agent visibility.
CTOs at AI-native teams Compliance pressure coming. Need auditable governance.
Solo devs Free CLI, same value. You help prove the spec.

See it run

From empty repo to governed workspace in two commands — no config to write.


    

  






  

    
Which direction should composit take?

    
The CLI stays free and open. Several capabilities could sit on top — which ones are worth building? Click to open a GitHub Discussion and leave a 👍.

    
    
Opens GitHub Discussions — 👍 reactions are the signal. No accounts needed beyond GitHub.