klynx-comply — AI Agent Governance Scanner
Real-time AI agent governance checks inside VS Code.
Wraps the open-source klynx-comply CLI (codename QUIET COYOTE) to surface findings as inline diagnostics every time you save.
Built by KlynxAI.
What it catches
8 governance checks specifically for AI agent codebases:
| ID |
Check |
Severity |
| SC-001 |
Hardcoded Secrets |
CRITICAL |
| AT-001 |
Audit Trail Coverage |
HIGH |
| AG-001 |
Auth Gating on Endpoints |
HIGH |
| PII-001 |
PII Handling Safety |
HIGH |
| AP-001 |
Agent Policy Envelope |
HIGH |
| HO-001 |
Human Oversight Gates |
HIGH |
| PI-001 |
Prompt Injection Vulnerability |
HIGH |
| IV-001 |
Input Validation at Boundaries |
MEDIUM |
Prerequisites
Install the underlying CLI first:
pip install klynx-comply
The extension calls the klynx-comply binary in your environment.
How it works
- On save — the extension runs
klynx-comply scan <file> --format json automatically (configurable).
- Findings appear inline — every rule violation gets a red squiggle (CRITICAL/HIGH), yellow (MEDIUM), or info (LOW) with the rule ID and remediation hint on hover.
- Status bar — shows current file's finding count. Click to re-scan.
- Workspace scan — run "klynx-comply: Scan Entire Workspace" from the command palette to scan your whole project at once.
Commands
- klynx-comply: Scan This File — manual scan of the active editor
- klynx-comply: Scan Entire Workspace — scan every file in the workspace
- klynx-comply: Clear All Findings — wipe diagnostics
- klynx-comply: Open Documentation — open the PyPI page
Settings
| Setting |
Default |
Description |
klynxcomply.cliPath |
klynx-comply |
Path to the CLI binary (default assumes on PATH) |
klynxcomply.scanOnSave |
true |
Auto-scan on file save |
klynxcomply.minSeverity |
LOW |
Minimum severity to surface (LOW/MEDIUM/HIGH/CRITICAL) |
klynxcomply.enabledLanguages |
Python, TS, JS, Go, Java, Rust, C# |
Languages where the scanner runs on save |
klynxcomply.showStatusBar |
true |
Show finding count in the VS Code status bar |
Why this matters
Most AI agent code looks correct but fails one of the 8 governance checks above — missing audit logging, no human-in-the-loop gate, weak prompt injection guards. These are the failures regulators ask about after an incident. This extension surfaces them before you commit.
Three layers, same audit chain:
- In your editor (this extension) — catch issues on save
- In your CI/CD (
klynx-comply CLI directly) — block PRs at the gate
- In production (Dragon runtime) — tamper-evident receipts on every agent action
License
Apache 2.0. Free to use, modify, and distribute.
Source: klynx-ai/klynxai-assistant (tools/klynx-comply-vscode/)
Anyone can govern AI. Only KlynxAI gives you receipts that hold up in court.
