Mault
Ship fast. Without the chaos.
End-to-end governance for AI-assisted development — works out of the box, no configuration required.
3-Panel Custom Pane:
- Agent Workflows — orchestrate AI agents with 7 specialized roles, worktree isolation, and runtime enforcement
- Production Readiness — 9-step journey from "runs locally" to production-ready
- Findings — optional technical debt detection across your codebase (add
docs/mault.yaml to activate)
Physics, not policy. Hooks that block, not prompts that suggest.
Install Free | Upgrade to Pro ($99 + $7.99/mo)
Requires VS Code + Claude Code for multi-agent workflows. Detectors and Production Readiness Kit work with any AI assistant.
The Problem
You can ship a fleet of AI agents at your codebase. But without guardrails, they:
- Collide — two agents edit the same file, one overwrites the other
- Drift — agents ignore architectural conventions the moment context expires
- Escalate — an agent merges its own PR, ships untested code, and moves on
The fix isn't better prompts. Agents ignore documentation. The fix is enforcement at the tool level: hooks that block file writes outside declared zones, gates that prevent merging without CI, and budgets that cap how much any single agent can change.
Mault solves this with physics: errors agents cannot bypass, not guidelines they can ignore.
Multi-Agent Flows [Pro]
Guided multi-agent workflows with role separation, worktree isolation, and pull-based task scheduling. Each role has minimum-permission allowlists enforced by Claude Code's hooks system — agents can only do what their role permits.
Polyglot support: Fully tested with TypeScript/JavaScript and Python. Hook enforcement and role isolation work with any language. Requires VS Code + Claude Code with bypass permissions enabled.
Who this is for:
- Vibe coders who want AI to do the heavy lifting but don't trust fully autonomous flows
- Teams that require senior-level code reviews before anything hits main
- Non-technical founders who need guided testing and verification they can follow
- Solo developers who want to ship faster without sacrificing quality
The 7-Role Handoff Chain
PLANNER ──► ORCHESTRATOR ──► WORKER(s) ──► REVIEW ──► TESTER ──► COMPLIANCE
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6
│ │ │ │ │ │
plan.md issues + PRs with merged quality audit
delegation-map mault-ready to main report report
SUPERVISOR — Escape hatch. Unrestricted access for blocked workflows (mault-escalation).
Click a role in the Mault Panel. Settings are written, a Claude Code tab opens with the prompt auto-submitted. Zero friction — no manual config, no copy-pasting prompts, no remembering which agent does what.
| Role |
What It Does |
Cannot Do |
| Planner |
Builds a plan WITH you — you approve every decision |
Write code, create issues, modify files outside .mault/ |
| Orchestrator |
Creates atomic GitHub issues with zones, budgets, and dependency ordering |
Write code, create PRs, push branches |
| Worker |
Picks up issues, writes code via TDD, creates PRs labeled mault-ready |
Merge PRs, push to main, exceed zone/budget |
| Review Agent |
Merges PRs when all CI passes, routes failures back to Worker |
Create PRs, write code |
| Tester |
Runs tests, generates manual test plans, verifies merged work |
Modify source code, install packages |
| Compliance |
Audits the completed cycle for policy adherence and retention |
Modify code or merge PRs |
| Supervisor |
Escalation handler — unrestricted access for blocked workflows |
N/A (escape hatch) |
Isolation — How Agents Can't Interfere
The hardest problem in multi-agent development isn't generating code — it's preventing agents from stepping on each other. Mault solves this with five layers of physical isolation:
Five layers prevent agent collision:
| Layer |
Mechanism |
What It Prevents |
| Atomic Tasking |
One issue = one branch = one PR |
Scope creep, tangled changes |
| Worktree Sharding |
Each worker gets its own git worktree |
File-level collisions between agents |
| PID Identity |
.mault/sessions/{pid}.json per agent |
State corruption between concurrent sessions |
| Preauth Sessions |
Sessions created before tabs open |
Race conditions during agent startup |
| Pull-Based Queue |
Workers self-select from shared issue pool |
Static assignment bottlenecks |
Worker Isolation (Worktree Sharding)
MAIN WORKSPACE WORKTREE SLOTS
┌─────────────────┐
│ main branch │ ┌──────────────────────────────┐
│ .mault/ │ │ ../mault-worker-a/ │
│ .claude/ │ │ feat/101-sprint-state │
│ │ │ (Worker 1's branch) │
│ NOT for coding │ └──────────────────────────────┘
│ Orchestrator & │ ┌──────────────────────────────┐
│ Review Agent │ │ ../mault-worker-b/ │
│ work here │ │ feat/102-toggle-ux │
└─────────────────┘ │ (Worker 2's branch) │
└──────────────────────────────┘
Workers CANNOT interfere. Each has its own git working tree.
Worker and review tabs automatically route to their worktree CWD.
Pull-Queue Model (Self-Balancing)
No static task assignment. Workers pull from a shared issue pool on GitHub, gated by dependency ordering:
SHARED ISSUE POOL (GitHub)
seq-0: [#101](https://github.com/nootan-ai/mault-memory-layer/issues/101) [open] [#102](https://github.com/nootan-ai/mault-memory-layer/issues/102) [open] [#105](https://github.com/nootan-ai/mault-memory-layer/issues/105) [open]
seq-1: [#103](https://github.com/nootan-ai/mault-memory-layer/issues/103) [open] (blocked until seq-0 closed)
seq-2: [#104](https://github.com/nootan-ai/mault-memory-layer/issues/104) [open] (blocked until seq-1 closed)
│ │
WORKER A WORKER B
pulls [#101](https://github.com/nootan-ai/mault-memory-layer/issues/101) pulls [#102](https://github.com/nootan-ai/mault-memory-layer/issues/102)
FINISHES → FINISHES →
pulls [#105](https://github.com/nootan-ai/mault-memory-layer/issues/105) pulls [#103](https://github.com/nootan-ai/mault-memory-layer/issues/103) (seq-1 unlocked)
SELF-BALANCING: Fastest worker gets next task. No static assignment.
The orchestrator assigns sequence numbers (mault-seq-N) for dependency ordering. Workers scan seq-0 first, then seq-1 when all seq-0 tasks close, and so on. Race conditions are handled by post-claim verification.
Runtime Enforcement — 47 Hooks
47 governance hooks run automatically during managed agent sessions. They are the "physics" layer — agents cannot bypass them, ignore them, or reason their way around them.
Core hooks (ship with scaffold):
| Hook |
Trigger |
What It Enforces |
| Agent Bootstrap |
SessionStart |
Injects task boundaries, fix-first warnings, preauth claim flow |
| Zone Boundary |
PreToolUse |
Blocks file writes outside declared zone |
| Budget Gate |
PostToolUse |
Warns at 80%, blocks at 100% of file/LOC budget |
| Role Permission |
PreToolUse |
Workers can't merge, orchestrators can't push, planners can't write code |
| Receipt Gate |
Stop |
Blocks session end without structured completion receipt |
| Review Merge Gate |
PreToolUse |
Blocks merge without bot-triage-complete and CI green |
| Sprint Gates |
PreToolUse |
Capacity, scope, label, activation, and completion enforcement |
| Step Complete Gate |
PreToolUse |
Per-role completion validation (plan exists, receipt posted, etc.) |
| Worktree Guards |
SessionStart |
CWD ownership, occupancy check, cleanup on exit |
| Cross-Workstation |
PreToolUse |
Prevents agents on different machines from merging each other's PRs |
All hooks fail-open outside managed sessions — safe to use alongside normal development. Hooks auto-deploy when you click "Turn On Multi-Agent Workflows" — no manual scaffold needed.
Completion Chime
Switch focus while agents work on 10-20 minute tasks. When a step completes, you hear a system beep and see a VS Code notification with:
- Which role just finished
- A brief summary of what was accomplished
- Which step to click next
Works on Windows (PowerShell), macOS (osascript), and Linux (paplay/spd-say). Disable with mault.sound.enabled in VS Code settings.
The Full Flow
Click "Step 1: Planner" in Mault Panel
│
▼
PLANNER ── builds plan with you ── writes .mault/plan.md
│ 🔔 Chime → "Next: Step 2 Orchestrator"
▼
ORCHESTRATOR ── creates GitHub issues from plan
│ 🔔 Chime → "Next: Step 3 Worker"
▼
WORKER ── picks up issues, writes code, creates PRs
│ 🔔 Chime → "Next: Step 4 Review Agent"
▼
REVIEW AGENT ── merges PRs when CI is green
│
├── Open tasks remain? → "Go back to Step 3: Worker"
└── All done? → "Next: Step 5 Tester"
│
▼
TESTER ── runs tests, verifies everything works
│
├── Tests pass? → COMPLIANCE ── audits the cycle → 🎉 Done!
└── Tests fail? → Loop: Worker → Review → Tester
Fully-Autonomous Mode [Coming Soon]
Same roles, same isolation, same enforcement. Agents hand off automatically without human clicks — including chain staleness detection (15-min timeout), failure notifications, and supervisor escalation. CLI-driven pipeline with orchestrate.mjs generation and parallel worker execution.
Semi-autonomous (click-to-advance) is production-ready today. Fully-autonomous CLI pipeline is in final testing.
Production Readiness Kit [Pro]
A structured 9-step journey that takes your project from "runs locally" to production-ready. AI reads the spec and generates language-specific scripts for your stack.
Production Readiness Levels
| Level |
Name |
What It Means |
| 0 |
Runs locally |
Just code — works on your machine |
| 1 |
Reproducible |
Someone else can run it (requirements.txt, .env.example) |
| 2 |
Portable |
Runs in a container (Dockerfile, docker-compose.yml) |
| 3 |
Deployed |
Runs in the cloud (CI/CD pipeline, cloud config) |
| 4 |
Reliable |
Stays running (health checks, logging, rollback) |
The Kit takes you from Level 0 → Level 4.
The 9 Steps
| Step |
Category |
What It Creates |
| 1 |
Infrastructure |
Git repository, .gitignore, branch conventions |
| 2 |
Infrastructure |
.env.example, secrets management |
| 3 |
Infrastructure |
Dockerfile, docker-compose.yml |
| 4 |
Infrastructure |
CI/CD pipeline (GitHub Actions) |
| 5 |
Testing |
TDD framework (Jest/pytest/go test/JUnit) |
| 6 |
Hooks |
Pre-commit hooks (up to 9 layers) |
| 7 |
Enforcement |
Mault polyglot detectors + drift detection |
| 8 |
Governance |
AI-generated governance scripts + baselines |
| 9 |
Testing Rules |
AI coder testing rules (.cursorrules, copilot-instructions) |
Getting started:
- Purchase Pro via the extension or mault.ai/billing
- Run command "Mault: Open Production Readiness Kit (Pro)"
- Copy the setup prompt into your AI coding assistant (Claude Code, Cursor, Copilot, ChatGPT)
- Watch progress in the Problems Panel (
Ctrl+Shift+M) — each step clears as it completes
- Use Quick Fix actions (lightbulb /
Ctrl+.) on each step for AI-ready prompts
Steps 1-3 and Step 9 are available FREE in Core. Steps 4-8 require Pro.
Language support: Fully tested with TypeScript/JavaScript and Python. Pro step templates available for Go, Rust, Java, .NET, C++, Swift, and Julia (AI-generated, not yet fully tested).
Philosophy Guides (14 included)
The Kit includes battle-tested philosophy guides that explain the why behind enforcement. AI coders read these and generate language-specific governance scripts:
- Rising Tide — tests >2x source size = mock tax, convert to integration test
- Iron Dome — type-safety holes (
any, type: ignore) can only decrease, never increase
- TDD — red-green-refactor with Pure Core pattern for testable business logic
- Ratchet Strategy — count violations, set baseline, block increases. Quality only improves.
Every rule is enforced as physics: error blocks the commit, warn is just a suggestion.
For Existing Projects
Same setup process, but AI detects what already exists. Has Git? Skip Step 1. Has Dockerfile? Skip Step 3. Has pre-commit? Skip Step 6. The Rising Tide model grandfathers existing issues while blocking new ones.
Governance Gate CI [Pro]
A GitHub Actions workflow that enforces Mault governance rules in CI. It runs automatically on pull requests and blocks merges that introduce architectural violations.
- Detects your project's language stack (9 stacks supported: Node, Python, Go, Java, Rust, C#/.NET, C++, Swift, Julia)
- Runs Mault detectors as CI checks
- Blocks PRs that introduce new violations (rising-tide model)
- Integrates with branch protection rules
The Governance Gate is configured automatically during Step 8 of the Production Readiness Kit.
Technical Debt Detection [Optional Add-On]
Add a docs/mault.yaml rulebook to your workspace to activate real-time architectural detection. Without it, Agent Workflows and Production Readiness still work — detectors are a separate layer you opt into when ready.
Findings surface in the VS Code Problems panel and the Mault Findings pane. Each finding includes a context-rich AI prompt you can copy into any assistant. Detectors work with any AI coding assistant — Cursor, Copilot, Claude, ChatGPT, Windsurf.
Detectors are polyglot by default (file/folder pattern matching). Advanced detectors use import analysis (JS/TS) or AST analysis (JS/TS, Python) for deeper inspection.
14 detectors across 3 levels (Gentle → Balanced → Full):
| Detector |
What It Catches |
| Directory Reinforcement |
Files placed in wrong directories |
| Legacy Path Prevention |
Deprecated libraries or APIs still in use |
| Convention Reinforcement |
Inconsistent naming (camelCase vs snake_case in same folder) |
| Environment Reinforcement |
OS-specific paths that break cross-platform |
| Flat Architecture |
Too many files in source root without layers |
| Configuration Chaos |
Missing or misplaced config files |
| File Proliferation |
Versioned duplicates (_v1, _backup, _old) |
| Overcrowded Folders |
Directories with too many files |
| Temporary Files |
Scratch/temp files cluttering workspace |
| Scattered Utilities |
Utility files not centralized |
| Monolith Detection |
Files/functions exceeding LOC thresholds |
| Test Pyramid Enforcement |
Source files without tests in correct layer |
| Dependency Health [Pro] |
Vulnerable or outdated npm packages |
| Structural Governance [Pro] |
AST-based pattern enforcement |
Detectors are polyglot (file/folder pattern matching). Advanced detectors use import analysis (JS/TS) or AST analysis (JS/TS, Python). See DETECTORS.md for technical flow charts.
Runtime Hooks: Core vs Pro
Core hooks use simple pattern matching — effective for basic TDD enforcement. Pro hooks understand your project's testing architecture: adapters need adapter-verification tests, detectors need behavioral tests, commands need gold-standard tests.
| Feature |
Core (Free) |
Pro |
| Implementation |
3 bash one-liners |
5 Node.js scripts with layer awareness |
| Test Gate |
Blocks edits if no test file exists (glob match) |
Routes to correct pyramid layer (pure-core, adapter, behavioral, gold-standard, event-flow) |
| Size Gate |
Blocks files >600 LOC |
Warn >300, fail >600, functions >75, files >20KB |
| Stop Gate |
Runs test suite at session end |
Parses transcript, verifies every modified file has correct test type |
| Session Context |
— |
Injects full testing pyramid convention table |
| Hard-Coded Values |
— |
Scans for hard-coded URLs, IPs, ports, semver |
Works with any AI assistant. Claude Code gets hook enforcement. Cursor, Copilot, Windsurf, and ChatGPT get equivalent enforcement through the Problems Panel via Monolith Detection and Missing Test Detection.
For agents without Claude Code hooks: The Monolith Detection and Missing Test Detection detectors provide equivalent enforcement through the Problems Panel, ensuring that testing rules Mault helps you write (Steps 5 and 9) are enforced regardless of which AI coding assistant you use.
Enforcement Spectrum
Mault escalates enforcement from gentle nudges to hard blocks:
LEVEL 1 LEVEL 2 LEVEL 3 LEVEL 4
┌──────────┐ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ warn │ → │ error │ → │ CI block │ → │ hook deny │
│(Problems │ │(blocks save) │ │(blocks merge)│ │(blocks agent)│
│ Panel) │ │ │ │ │ │ │
└──────────┘ └──────────────┘ └──────────────┘ └──────────────┘
suggestion cannot ignore cannot merge cannot proceed
Choose your detection level: Gentle (3 detectors), Balanced (10 detectors), or Full (14 detectors). Ratchets ensure quality only improves — existing issues are grandfathered, new issues are blocked.
Pricing
| Tier |
Price |
Includes |
| Core |
FREE forever |
Architectural detectors, AI prompts, quick fixes, basic runtime hooks |
| Pro |
$99 + $7.99/mo |
All Core + Multi-Agent Flows, Production Readiness Kit, advanced hooks, Governance Gate CI |
Pro Pricing Model:
- $99 one-time activation unlocks Pro features
- 30-day grace period included
- $7.99/month subscription required after grace period
- If subscription lapses, you return to Core FREE — no lock-in
Purchase Pro ($99) | Manage Billing
Getting Started
- Install Mault from the VS Code Marketplace
- Open a workspace — Mault activates automatically. All three panels are available immediately. No configuration required.
- Choose your path:
- Multi-Agent Workflows — click "Turn On" in the Agent Workflows panel. Hooks deploy automatically. Click a role to start.
- Production Readiness — run "Mault: Open Production Readiness Kit (Pro)" for the 9-step journey
- Technical Debt Detection — add
docs/mault.yaml (version: 1) to activate detectors in the Findings panel
Requirements & Commands
Requirements:
- VS Code 1.96+
- Trusted workspace for full functionality
- Claude Code required for multi-agent workflows and runtime hooks
docs/mault.yaml (version: 1) required only for technical debt detection
Key Commands (Command Palette: Ctrl+Shift+P / Cmd+Shift+P):
| Command |
Description |
Mault: Initialize |
Initialize Mault in the workspace |
Mault: Set Detection Level |
Choose Gentle (1), Balanced (2), or Full (3) |
Mault: Copy Prompt to Fix |
Copy AI-ready prompt for selected finding |
Mault: Refresh Mault Panel |
Re-run all detectors and refresh findings |
Mault: Open Production Readiness Kit (Pro) |
Open the 9-step production-ready journey |
Mault: Create Test File (Testing Pyramid) |
Create test file with correct layer routing |
Mault: Generate Architecture Diagram (Pro) |
Visualize dependency graph |
Mault: Analyze dependency health |
Check for vulnerable packages |
Mault: Audit Configuration |
Validate mault.yaml |
Mault: Open AI Coder Guide |
Setup guide for AI assistants |
See CHANGELOG.md for detailed release notes.
Data & Privacy Disclosure
Mault performs core governance and integrity analysis locally within VS Code. Certain features, such as dependency health checks, may perform network requests to retrieve external metadata.
What connects to the internet:
- Authentication: Email/OAuth for account creation
- Payments: Processed securely via Stripe (we never store card details)
- Entitlement checks: Subscription validation
- Error reporting: Crash diagnostics, no code content
- Usage analytics: Feature metrics, opt-out via
mault.usage.enabled setting
AI-powered features (optional, user-invoked only):
- Code snippets may be processed to generate semantic embeddings
- Embeddings are stored for search functionality
- Raw code is not stored; embeddings cannot reconstruct source code
What we don't do:
- No user code is stored on external servers
- No data is used for AI model training
- No payment card details are stored by Mault (handled entirely by Stripe)
For full details, see our Privacy Policy.
Important Disclosures
- Backend Connection: This extension connects to Mault's backend service for authentication and Pro license management.
- Account Required: A Mault account is created automatically on first use.
- Mault Core: Technical debt detection (with rulebook) and basic runtime hooks are FREE forever. Multi-agent enforcement and Production Readiness Kit require Pro.
- Mault Pro: $99 activation + $7.99/month for Production Readiness Kit, advanced hooks, and multi-agent enforcement.
- Links: Privacy Policy | Terms of Service | Billing
License
The Mault VS Code extension is licensed under the Apache License, Version 2.0.
Use of Mault's cloud services is governed separately by Mault's Terms of Service.
Legal & Support
