Anatomia, CLI harness that gives AI coding agents a verifiable pipeline and proof chain, not just prompts. MIT-licensed, works with Claude Code, Codex, and more.
What it does
Anatomia is a CLI and agent harness that scans your codebase, then runs every AI-driven change through a five-stage pipeline (Think, Plan, Build, Verify, Learn) enforced by the CLI itself. Every run produces a sealed, auditable proof chain rather than a best-effort promise.
AI coding tools promise results but rarely prove them. Anatomia enforces a verifiable pipeline instead: the CLI validates every artifact, computes content hashes, and rejects malformed output at each stage. An agent cannot skip a check by ignoring an instruction.
Run npx anatomia-cli scan to read any project in 2 to 5 seconds with zero config and nothing leaving your machine. Then run ana init, which turns the scan into a full development system: per the README, that means 5 specialized agents, 8 stack-matched skill templates, 4 project-context files, and a 37-command CLI toolbelt, all written into your repo as plain files.
The five pipeline stages separate concerns by design. Think scopes and pushes back on the approach. Plan writes a spec and a sealed contract. Build implements and tags every test. Verify fault-finds independently, reading the spec and code directly rather than Build's self-report. Learn tends quality between cycles and can promote recurring findings into skill rules.
Every pipeline run appends to a proof chain. Per the site, as of v1.2.2, the project's own proof chain shows 2,214 assertions verified, 683 findings surfaced, 41 risks caught, and 6 findings promoted to permanent rules. The ana proof health command tracks first-pass verification rate, risks per run, and hot spots across the chain.
Full pipeline enforcement today requires Claude Code or Codex as the agent runtime. Scan output works with any markdown-aware tool (Cursor, Windsurf, Copilot, Cline), but those integrations get context only, not the enforced five-stage pipeline.
Anatomia v1.2.2 is MIT-licensed and free to use. It is the rare AI dev tool that treats proof as a first-class output, not an afterthought. Teams who want to audit what an AI actually changed, and why, have a concrete answer here.
Features
Anatomia is a CLI and agent harness that installs a five-stage AI development pipeline into your repo. It scans your codebase to detect your stack, then ships specialized agents, stack-matched skill rules, and a 37-command CLI toolbelt. Every change runs through Think, Plan, Build, Verify, and Learn stages, each enforced by the CLI rather than by instructions an agent can ignore. The result is a sealed, auditable proof chain rather than a best-effort output.
Run `npx anatomia-cli scan` to scan any project instantly with no install required. To set up the full system, install globally with `npm install -g anatomia-cli` (requires Node.js 22+), then run `ana init` to generate context files and agent definitions, and optionally `ana init commit` to persist everything to git. From there, `ana run` starts the pipeline: tell Ana what to build, and it scopes, plans, implements, and independently verifies the work. The README recommends `ana run setup` for a one-time 10-minute session that enriches context with your team's knowledge.
Anatomia's core CLI and pipeline are MIT-licensed and free forever, with every line available on GitHub. A Team edition at $45 per seat per month is on a waitlist targeting Q3 2026. The Team tier adds a hosted dashboard, proof explorer, cross-project intelligence, Slack and GitHub PR integration, and a hosted build queue. The free tier includes the full five-stage pipeline, local proof chain, and stack-matched skills with no feature caps.
Anatomia is best for teams using Claude Code or Codex who want every AI-written change to be independently verified and logged in an auditable proof chain. It excels on larger codebases where recurring findings need to be promoted into permanent skill rules, and on projects where stack-specific conventions matter enough to encode as agent instructions. It is particularly strong when you need to track quality trajectory over time, not just individual changes.
Anatomia's key differentiator is CLI-enforced pipeline stages with a sealed proof chain, something prompt-library harnesses cannot provide. Per the README, most alternatives are prompt collections: they guide an agent by suggestion, meaning an agent can deviate. Anatomia's CLI validates artifact structure, computes content hashes, and rejects malformed output at each stage, making deviation detectable rather than silent. The tradeoff is setup cost: Anatomia writes files into your repo and requires Node.js 22+, while a prompt library has near-zero install friction.
Full five-stage pipeline enforcement is only available for Claude Code and Codex as of v1.2.2. Other tools (Cursor, Windsurf, Copilot, Cline) receive scan output as plain markdown context but do not get the enforced pipeline. The Team edition with hosted infrastructure and cross-project intelligence is not yet available. Node.js 22 or higher is required. Scan detects structure but cannot replace the optional `ana run setup` session for capturing team-specific knowledge and conventions.
Open-source toolkit for Spec-Driven Development with AI coding agents, structured specs, plans, and tasks instead of vibe coding.
Best for Teams using AI coding agents on projects where correctness and reliability matter more than speed of first outputNVIDIA's open-source security scanner for AI agent skills, detects prompt injection, supply chain attacks, and 66 other vulnerability patterns before you install.
Best for Teams auditing AI agent skills before installation in Claude Code, Codex CLI, or Gemini CLI environmentsOpenAI's open-source agent orchestrator that converts project tasks into autonomous, isolated coding runs, so teams manage work, not coding agents.
Best for Engineering teams with mature test and lint harnesses who want autonomous task-to-PR pipelinesOpen-source autonomous AI pentester for web apps and APIs, analyzes your source code and runs real exploits, for developers and security engineers.
Best for Teams shipping code daily who need on-demand, proof-driven pentesting between annual engagementsOpen-source AI code reviewer with bring-your-own-model, custom rule enforcement, and zero LLM markup for engineering teams.
Best for Teams with custom coding standards, domain rules, or naming conventions that generic AI reviewers missType-check TypeScript and JavaScript code fences in Markdown and MDX docs against your real project API, in editor, CLI, and CI.
Best for Teams using AI agents to write or update docs, where hallucinated API names and option keys are a real risk