NEXUS sits between AI coding agents (Claude Code and others) and your codebase — it routes tasks to the right model, scores every change for security and architecture risk before it's written, runs parallel "universes" of implementations, and learns from every real session.
UCB1-based router picks the right local model per task type from real benchmark history — not guesses.
integration/nexus_decisions/router.py
Encodes your project's layering rules and dependency policies, then scores every new file against them.
integration/nexus_governance/genome.py
Every Edit/Write/MultiEdit is scanned for OWASP-class issues (injection, hardcoded secrets, weak crypto) before it lands.
nexus_governance/execution_gate.py
Spawns parallel implementations with different strategies, benchmarks them, and selects a winner via real test + governance scores.
integration/nexus_universe/
A live JSON model of your project — architecture, dependencies, risks, history and predictions — regenerated on demand.
.nexus/os/project_twin.json
Mines every session transcript for repeated command patterns and feeds them back as reflexes in future sessions.
integration/eos_instinct/consolidate.py
Detected on
subprocess.run(... + user_input, shell=True) —
severity CRITICAL, blocks in mode=block.
Detected on hardcoded passwords/keys in source — severity CRITICAL.
Detected on hardcoded secret keys — severity HIGH, fix suggestion included in the finding.
integration/ codebase (411 Python files) found
141 real findings — 82 CRITICAL, 54 HIGH — using the same
scanner wired into the pre-write gate above.
python3 integration/nexus_theme/banner.py . — every
number above is re-derivable from source files in this repo via
integration/nexus_theme/proof.py. No API calls, no
synthetic data.
Add to ~/.claude/settings.json → mcpServers