npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@collivity/aglang

v0.3.0

Published

Architecture Ground Language — verifiable specifications for agents, humans, and CI

Readme

aglang · Architecture Ground Language

aglang is a verifiable specification language for agents and humans. Describe topology, components, invariants, workflow policies, state machines, value policies, operation protocols, event protocols, and API contracts in a .ag spec file. aglc compiles that specification into machine-checkable artifacts so humans, agents, and CI can work from the same architecture truth.

Install first:

npm install -g @collivity/aglang
aglc install-agent-skill

If you're an AI coding agent (or setting this up for one), read docs/agents.md for the workflow and why it exists, or docs/llms.md for a condensed quickstart.

Create or refresh the architecture interface for a repo:

aglc add .
aglc generate . --out architecture.ag
aglc compile architecture.ag --out architecture.o
aglc emit-context --arch architecture.o --out AGENTS.md
aglc emit-skill --arch architecture.o --out skill.json

Agents are a primary workflow: they read AGENTS.md, validate focused edits with aglc check-file --json, validate their change with aglc check --diff <ref> --json (or --all for a full-repo baseline check, which is the right choice less often than it looks — --all can't catch change_policy violations since it marks every file "touched"), and ask before changing .ag or .agq.yml architecture source. Engineers can inspect the same evidence locally with aglc ui. Under the hood, hard rules are compiled into solver-backed constraints and deterministic policy gates so violations come with source evidence, stable ids, query provenance, and proof details instead of vague warnings. See docs/agents.md for the full agent workflow, or docs/llms.md for a condensed agent quickstart.

Readable require invariants compile to deny-counterexample enforcement. For example, require auth on flow Client -> Api blocks only when deterministic extractors or reviewed .agq.yml files emit definite unauthenticated evidence; teams can also author the explicit deny unauthenticated flow Client -> Api form. The same model applies to dataflow-via, encryption, dependency-interface, and operation-placement rules.

aglang is also an anti-drift layer for multi-repo systems: once architecture intent is encoded in reviewed .ag and .agq.yml artifacts, engineers, CI, parent agents, and subagents can check the same boundaries without relying on prompt memory or stale documentation.


How it works

[Developer / Agent edits code]
         │
         ▼
  aglc check-file --json
         │
         ▼
  aglc check --all --json
         │
         ▼
  local check / CI gate
         │
         ▼
  aglc check              ← file/project/diff → extracts flow facts
         │
         ▼
  solver-backed gate      ← evaluates spec constraints against delta facts
         │
    ┌────┴────┐
   SAT      UNSAT
    │          │
  Allow      Reject + structured JSON proof
  1. Architecture buildaglc compile spec.ag parses/typechecks the .ag file and produces architecture.o (SMT-LIB2 constraints + component→path glob mappings).
  2. Component resolutionaglc check expands each component's path globs, groups matched files by component, and picks an extractor per file extension (.ts, .cs, .py, .go, .rs, .java, .kt, .swift, ...).
  3. Fact extraction — extractors emit flow, reachability, dataflow, trust-boundary, DI, workflow, and contract facts using AST/tree-sitter where available and regex fallback where needed, then normalize them through graph projection.
  4. Solver check — facts are fed alongside the compiled constraints to Z3; the check fails if any hard rule is violated.
  5. Agent-assisted discoveryaglc request-scan and aglc request-review emit task packets so agents can propose and review architecture artifacts while aglc remains the deterministic verifier.

If you edit architecture.ag, run npm run arch:compile before npm run arch:check.


Requirements

  • Node.js ≥ 18 (WASM-based Z3 solver requires async/WASM support)
  • Git (for diff-aware aglc check)
  • Native tree-sitter bindings require tree-sitter@^0.22.1 (bumped from ^0.21.x to add tree-sitter-swift); all wired language grammars (TypeScript/JavaScript/Python/C#/Go/Rust/Java/Swift) are verified compatible with this core version.

Installation details

# Global install from npm registry
npm install -g @collivity/aglang

# Install directly from GitHub (public repo, no registry needed)
npm install github:collivity/aglang

# Run without installing
npx @collivity/aglang --help

Install the generic Codex skill interface for local agents:

aglc install-agent-skill

This copies the packaged aglang skill into ${CODEX_HOME:-~/.codex}/skills. Project-specific rules still come from AGENTS.md and skill.json, generated by aglc add or aglc emit-context / aglc emit-skill.

The npm package also attempts that skill installation during postinstall. Set AGLANG_SKIP_AGENT_SKILL_INSTALL=1 to opt out.


How agents should use aglang

  1. Read AGENTS.md before changing implementation code.
  2. Run aglc check-file --arch architecture.o --file <path> --json during focused edits.
  3. Run aglc check --arch architecture.o --project . --diff <ref> --json before finishing (diff-aware against the base branch/commit — use --all only for a full-repo baseline, not as the default per-change check).
  4. Ask before creating, editing, regenerating, or compiling .ag architecture specs or generated architecture artifacts.
  5. Use planning/design sessions for architecture authoring so engineers can review intended spec changes.

When extractor behavior needs investigation, run aglc check-file --json --debug-extractors. The JSON verdict includes extractor_debug[] with parser availability, AST query counts, and regex fallback reasons. Add --require-ast to fail immediately when an AST-capable extractor drops to regex for a detected fact.

To inspect the new canonical system graph directly, run aglc graph --arch architecture.o --file <path> --json --ir. This emits Ag-IR nodes[] and typed edges[] from generic tree-sitter extraction plus compatibility adapters for existing graph facts. Edge kinds include imports, calls, assigns, handles_route, depends_on, and accesses_resource, each with source provenance when available.

For broad query health against a real repo, run npx tsx scripts/tree-sitter-corpus-probe.ts C:\Users\pante\Codespaces\collivity. The report summarizes files scanned, files with captures, total captures, sample files, and up to three query errors per language/query pair without making that external checkout a CI dependency.


Quick start

Option A — Agent bootstrap (recommended for existing codebases)

# 1. Ask an agent to perform semantic architecture discovery
npx @collivity/aglang request-scan --project ./my-project

# The task packet tells the agent what to inspect and what proposals to produce.
# Humans approve architecture intent before aglc compiles or checks it:
aglc compile my-project/architecture.ag

Option B — Write a spec by hand

// myapp.ag
node web : edge_desktop { trust: untrusted }
node api : server       { trust: trusted   }
node db  : postgres     { trust: trusted   }

component Frontend {
  runs_on: web
  paths:   "src/frontend/**/*.ts"
}

component Api {
  runs_on: api
  paths:   "src/api/**/*.ts"
}

component Data {
  runs_on: api
  paths:   "src/data/**/*.ts"
}

invariant Layered {
  deny flow Frontend -> db   // frontend must never touch DB directly
  deny flow Api -> db        // API layer must go through Data layer
}
aglc compile myapp.ag
# ✔ Compiled → architecture.o
#   Components: 3  Invariants: 1  Contracts: 0

aglc check --arch architecture.o --project . --diff <ref>
# or: aglc check --arch architecture.o --project . --all   (full-repo baseline)

Run aglc check locally or in CI. Violations are reported with evidence:

Arch Compilation Error (Rule: Layered)
  deny flow Api -> db

  Detected: Api → db (definite)
  Evidence: ApplicationDbContext injected via constructor
  File:     src/api/UserService.cs

Commit aborted.

Features

| Feature | Status | Description | |---|---|---| | Topology nodes | ✅ | Model edge clients, servers, clusters, databases, caches, queues, object stores | | Components | ✅ | Map source-code globs to topology nodes | | Flow invariants | ✅ | Deny illegal data flows — checked by Z3 at every commit | | Contracts | ✅ | Declare REST/GraphQL API endpoint shapes; enforce implements + consumes at commit time | | GitHub Actions policies | ✅ | Model workflows as components and block unsafe publish/deploy/release permissions | | Change policies | ✅ | Require related components, docs, skills, or package metadata to change together | | Dependency injection policies | ✅ | Block illegal constructor injection, singleton-to-scoped dependencies, and service-locator usage with Z3 | | State machines | ✅ | Model entity lifecycle states and allowed transitions | | Rich policies | ✅ | Check value invariants, operation pre/postconditions, and event precedence from reviewed facts | | Permissions | ✅ | Declare role-based access rules per state | | Data & enums | ✅ | Define domain types for documentation | | Multi-file specs | ✅ | Split large specs with import "other.ag" — shared DAG imports are deduplicated | | aglc request-scan | ✅ | Emit an agent task packet for semantic architecture discovery and proposal work | | aglc generate | ✅ | Legacy deterministic draft generator; review output before use | | Import OpenAPI | ✅ | aglc import-openapi swagger.json.ag contract blocks | | Import Terraform | ✅ | aglc import-tf main.tf.ag node declarations | | Plugin protocol | ✅ | Extend extraction via npm packages implementing the aglc-plugin protocol | | Agent context | ✅ | aglc emit-context produces AGENTS.md — machine-verified architectural brief | | Skill manifest | ✅ | aglc emit-skill produces skill.json for agent tool registries | | Packaged agent skill | ✅ | aglc install-agent-skill installs a generic Codex skill interface from the npm package | | Work-in-progress validation | ✅ | Agents run check-file --json during focused edits and check --all --json before finishing | | JSON verdicts | ✅ | All check commands emit structured JSON with Z3 proofs (--json) | | Extraction cache | ✅ | SHA-256 keyed file cache in .aglang-cache/ — skips re-analysing unchanged files | | Parallel extraction | ✅ | All extractors run concurrently (CPU-capped pool) | | Ag-IR graph output | ✅ | aglc graph --json --ir emits canonical nodes and typed edges from tree-sitter and graph adapters |


Enforcement semantics

Not every declaration is enforced the same way:

| Level | Declarations | Behavior | |---|---|---| | formal_z3 | invariant deny flow, invariant deny reach, invariant deny dataflow, data_policy, trust_policy, di_policy, permission, change_policy, machine, value_policy, operation_policy, event_policy | Facts are asserted into SMT and checked by Z3 when extractors produce definite evidence. | | deterministic_policy | contract, workflow_policy | Extracted route/workflow facts are checked by deterministic gates. | | formal_z3 | require encryption / deny unencrypted flow | Blocks only when deterministic extractors or reviewed .agq.yml files emit definite unencrypted-flow evidence. |

This taxonomy is emitted into architecture.o, AGENTS.md, and skill.json so agents know which rules are proof-backed, policy-backed, or guidance-only.


API contracts

Enforce that your backend routes match your frontend expectations:

contract UsersApi {
  GET  "/api/users"       -> User[]
  POST "/api/users"       -> User
  GET  "/api/users/{id}"  -> User
  PUT  "/api/users/{id}"  -> User
}

component Backend {
  runs_on: api
  paths:   "src/api/controllers/**/*.cs"
  implements: UsersApi
}

component Frontend {
  runs_on: web
  paths:   "src/frontend/**/*.ts"
  consumes: UsersApi
}

The contract gate checks:

  • implements — every declared route must be exposed by the component (missing routes = error)
  • consumes — the client may only call declared routes (undeclared fetch calls = warning)

GitHub Actions workflow policies

Model CI/CD targets as nodes and workflows as components, then enforce release safety directly from .github/workflows/*.yml:

node github_actions : ci_runner { trust: trusted }
node npm_registry : package_registry { trust: trusted auth: api_key }
node github_pages : static_host { trust: trusted auth: oauth2 }

component ReleaseWorkflow {
  runs_on: github_actions
  paths: ".github/workflows/release.yml"
}

workflow_policy ReleaseSafety {
  allow publish ReleaseWorkflow -> npm_registry when tag "v*.*.*"
  deny publish * -> npm_registry when pull_request
  require before ReleaseWorkflow "npm test" -> "npm publish"
  deny permission * contents: write when pull_request
}

aglc check reports workflow violations in workflow_violations[]; --workflow-z3 and --dump-workflow-smt add optional SMT debug output for proof-oriented CI runs.


Change policies

Require important surfaces to change together. For example, CLI changes can formally require README and CLI reference updates in the same checked diff:

component CliCompiler {
  runs_on: node_runtime
  paths: "src/index.ts"
}

component CliReferenceDocs {
  runs_on: node_runtime
  paths: "docs/cli/reference.md"
}

component ReadmeDocs {
  runs_on: node_runtime
  paths: "README.md"
}

change_policy DocsFreshness {
  require touched CliReferenceDocs when touched CliCompiler
  require touched ReadmeDocs when touched CliCompiler
}

The gate emits Z3-backed change_violations[] when the trigger component changed but the required companion component did not. This proves declared surfaces changed together; it does not prove prose quality.


Dependency injection policies

Model implementation-level DI hazards as formal architecture rules:

component Views {
  runs_on: app_runtime
  paths: "src/**/Views/**/*.xaml.cs"
}

component BleManager {
  runs_on: app_runtime
  paths: "src/**/Infrastructure/Bluetooth/**/*.cs"
}

component Application {
  runs_on: app_runtime
  paths: "src/**/Application/**/*.cs"
}

di_policy DependencyInjection {
  deny inject Views -> BleManager
  deny lifetime singleton -> scoped
  deny resolve IServiceProvider from Application
}

The C# extractor turns constructor dependencies, AddSingleton / AddScoped / AddTransient registrations, and IServiceProvider usage into SMT assertions such as (assert (Injects Views BleManager)). Matching di_policy rules return di_violation entries with Z3 proof details.


.ag language reference

Node types (stdlib)

| Category | Types | |---|---| | Client | edge_desktop, edge_mobile, edge_mobile(android), edge_mobile(ios) | | Server | server, cluster(k8s), cluster(ecs), serverless | | Database | postgres, mysql, sqlite, relational_db, mongodb, dynamodb | | Cache | redis, memcached, cache | | Queue | rabbitmq, kafka, sqs, queue | | Storage | s3, blob_storage, object_store | | Network | load_balancer, cdn, api_gateway |

Blocks

// Node
node <name> : <type> {
  trust:        trusted | untrusted | semi_trusted
  connectivity: always_on | intermittent | offline_first   // optional
  protocol:     https | grpc | ws | mqtt                   // optional
}

// Component
component <name> {
  runs_on:    <node>
  paths:      "<glob>"
  implements: <ContractName>   // optional
  consumes:   <ContractName>   // optional
}

// Invariant
invariant <name> {
  deny flow <ComponentOrNode> -> <ComponentOrNode>
  deny reach <ComponentOrNode> -> <ComponentOrNode>
  deny dataflow <DataType> -> <ComponentOrNode>
  require encryption on flow <ComponentOrNode> -> <ComponentOrNode>
}

// Change policy
change_policy <name> {
  require touched <RequiredComponent> when touched <TriggerComponent>
}

// Dependency injection policy
di_policy <name> {
  deny inject <Component> -> <Component>
  deny inject_reach <Component> -> <Component>
  deny lifetime singleton -> scoped
  deny lifetime_reach singleton -> scoped
  deny resolve IServiceProvider from <Component>
}

// Data and trust policies
data_policy <name> {
  deny classification pii -> untrusted
  deny jurisdiction eu -> <ComponentOrNode>
}

trust_policy <name> {
  require auth untrusted -> trusted
  deny flow trusted -> untrusted when data pii
}

// API contract
contract <name> {
  GET    "/api/path/{param}"  -> ResponseType
  POST   "/api/path"          -> ResponseType
  PUT    "/api/path/{id}"     -> ResponseType
  DELETE "/api/path/{id}"     -> ResponseType
  PATCH  "/api/path/{id}"     -> ResponseType
}

// State machine
enum OrderStatus { Draft | Active | Archived }

data Order {
  status: OrderStatus
}

machine OrderLifecycle on Order.status {
  allow transition Draft -> Active
  deny transition Active -> Draft
}

// Permissions
permission <name> {
  <Role> can <action> <Entity> when state = <State>
}

// Data types
data <Name> {
  classification: pii
  jurisdiction: eu
  field: Type
}

enum <Name> { Variant | Variant }

// Multi-file
import "relative/path/other.ag"

CLI commands

| Command | Description | |---|---| | aglc compile <file.ag> | Compile spec → architecture.o | | aglc request-scan [--project <dir>] [--out <task.json>] | Ask an agent to discover architecture evidence and propose artifacts | | aglc request-review [--project <dir>] [--out <task.json>] | Ask an agent to review proposed .ag / .agq.yml artifacts | | aglc generate [dir] [--out <file.ag>] [--name <n>] [--max-depth <n>] [--single-file] | Legacy deterministic draft generator | | aglc check --arch <arch.o> --project <dir> | Check staged git diff | | aglc check --arch <arch.o> --project <dir> --diff <ref> | Check files changed in <ref>...HEAD | | aglc check-file --arch <arch.o> --file <path> | Check a single file (dev/debug) | | aglc explain --arch <arch.o> --project <dir> --violation <id> | Explain a stable violation ID with evidence and suggested fix class | | aglc debug --arch <arch.o> --project <dir> [--file <path>] [--out <dir>] | Write graph/verdict/rule evidence plus an engineer-readable debug report | | aglc ui --arch <arch.o> --project <dir> [--all\|--diff <ref>\|--file <path>] [--port <n>] [--no-open] | Launch the local read-only UI workbench on 127.0.0.1 | | aglc emit-context --arch <arch.o> [--out <path>] | Write AGENTS.md (agent context brief) | | aglc emit-skill --arch <arch.o> [--out <path>] | Write skill.json (agent skill manifest) | | aglc install-agent-skill [--path <skills-dir>] | Install the packaged generic Codex skill | | aglc install-extractors [--project <dir>] [--force] | Scaffold starter .agq.yml templates into .aglang/extractors/ | | aglc import-openapi <swagger.json> [--out <f.ag>] | Import OpenAPI 3.x → .ag contracts | | aglc import-tf <main.tf> [--out <f.ag>] | Import Terraform → .ag node declarations |

Flags:

  • --json — machine-readable JSON to stdout (progress logs go to stderr)
  • --diff <ref> — compare changed files against <ref>...HEAD and include diff metadata
  • --dump-smt — write the raw SMT-LIB2 script to examples/debug.smt2

JSON verdict schema (v2)

All check commands emit a JSON object when --json is passed:

{
  "schema_version": 2,
  "passed": false,
  "timestamp": "2026-05-19T09:00:00.000Z",
  "artifact": "architecture.o",
  "diff": {
    "base": "origin/main",
    "mode": "git_ref",
    "changed_files": ["src/index.ts"],
    "changed_components": ["CliCompiler"]
  },
  "violations": [
    {
      "id": "viol_98e3f0a0ce9854b1",
      "type": "reach_violation",
      "status": "new",
      "invariant": "Layered",
      "rule": { "kind": "DenyReach", "from": "UI", "to": "Db" },
      "detected": {
        "from": "UI",
        "to": "Db",
        "path": ["UI", "Service", "Db"],
        "confidence": "definite",
        "evidence": "Reachability path: UI -> Service -> Db",
        "file": "/abs/path/to/file.cs"
      },
      "message": "...",
      "z3_proof": {
        "permanent_constraint": "(assert (=> (CanReach UI Db) false))",
        "delta_assertion": "(assert (CanReach UI Db))",
        "explanation": "Z3 returned UNSAT — both assertions cannot be simultaneously true"
      }
    }
  ],
  "contract_violations": [
    {
      "type": "implements_undeclared",
      "severity": "error",
      "contract": "UsersApi",
      "component": "Backend",
      "role": "implements",
      "extracted": "DELETE /api/users/{}",
      "declared": null
    }
  ],
  "change_violations": [
    {
      "id": "viol_524d0b7f3b64ba51",
      "type": "change_violation",
      "policy": "DocsFreshness",
      "trigger": "CliCompiler",
      "required": "CliReferenceDocs",
      "message": "DocsFreshness requires CliReferenceDocs when CliCompiler changes"
    }
  ],
  "rule_coverage": [
    {
      "rule": "Layered",
      "declaration": "invariant",
      "components": ["UI", "Db"],
      "evidence": ["Reachability path: UI -> Service -> Db"]
    }
  ],
  "solver_diagnostics": [
    {
      "id": "viol_8ef9d7c21f6f2a90",
      "status": "unsat",
      "elapsed_ms": 4,
      "rule": "Layered",
      "declaration": "invariant deny reach",
      "source_file": "/abs/path/to/file.cs",
      "components": ["UI", "Service", "Db"],
      "fact_count": 2,
      "path_depth": 3,
      "fanout": 7
    }
  ],
  "warnings": [],
  "contract_warnings": [],
  "agent_context": "Human-readable summary for agent consumption"
}

Use aglc explain --violation <id> --json with the same check scope to get the rule citation, source evidence, graph fact chain when available, Z3 proof, fix class, and suggested fix text.

solver_diagnostics[] is emitted from rule-sized solver slices. If Z3 returns unknown for a slice, the check fails closed and the diagnostic includes the rule, source file, contributing components/data, path depth, fanout, and suggested refactor text so agents can reduce the problematic state/write/dependency surface.


Agents & AI integration

aglang is designed as a first-class tool for AI coding agents:

  • aglc request-scan — creates a task packet for an agent to inspect the repo semantically and propose architecture artifacts for review.
  • aglc generate — legacy deterministic draft generator; useful for hints, not architecture intent.
  • AGENTS.md — generated by aglc emit-context, gives agents a precise brief: topology, component paths, allowed flows, contracts, state machines, and permission rules. Fits in any context window.
  • skill.json — a machine-readable skill descriptor agents can register as a tool.
  • Packaged Codex skillaglc install-agent-skill installs the generic aglang interface so agents know the CLI workflows after npm install.
  • Continuous validation — agents run aglc check-file --json while editing and aglc check --diff <ref> --json before finishing (--all for a full-repo baseline); engineers can add --ui to check or debug to persist a .aglang/ui run and open the local workbench.
  • Structured JSON errors — every Z3 violation includes exact file paths, component names, and the Z3 proof object so agents can locate and fix violations without hallucinating.
  • Fail-closed — git diff failures and Z3 unknown results block the commit; nothing is silently allowed.
  • Engineer-guided architecture source — agents should ask before changing .ag, architecture.o, AGENTS.md, or skill.json.

Typical agent workflow

1. Setup/design session: aglc request-scan --project .
   → engineer reviews intended architecture rules
   → authorized run: aglc compile architecture.ag
   → authorized run: aglc check --arch architecture.o --project . --all

2. Coding agents: read AGENTS.md → edit code
   → run: aglc check-file --arch architecture.o --file <path> --json
   → run: aglc check --arch architecture.o --project . --diff <ref> --json
   → agent fixes structured JSON violations in implementation code

See docs/agents.md for why this workflow exists and docs/llms.md for the condensed quickstart.


Supported extractors

| Language | Extensions | What is extracted | |---|---|---| | C# | .cs | Constructor injection (DI), EF Core DbContext, HttpClient, Redis, S3/Blob, MongoDB, Kafka, RabbitMQ, SignalR | | TypeScript / JS | .ts, .tsx, .js, .jsx | fetch() calls (method + URL), Express/Fastify route declarations | | Python | .py | SQLAlchemy, Django ORM, psycopg2, Redis, Celery, requests/httpx calls | | Go | .go | database/sql, GORM, Redis, Kafka, HTTP client calls | | Rust | .rs | sqlx, diesel, redis, reqwest, tokio | | Java / Scala | .java, .scala | Spring Data, Hibernate, JDBC, Kafka, Redis, RestTemplate | | Kotlin | .kt | Retrofit, OkHttp, Room, WorkManager, Ktor | | Swift / iOS | .swift | URLSession, Alamofire, CoreData, CloudKit, Combine network calls |

All extractors run in parallel with a CPU-capped concurrency pool. Results are cached by file SHA-256 in .aglang-cache/ — unchanged files are never re-analysed.

This table covers the route/dependency extraction baseline. Cross-file import/call resolution, state-machine transition detection, and extends/implements abstraction resolution exist for these languages too, with real per-language coverage differences (e.g. Go's interface satisfaction is a structural heuristic, never definite) — see docs/extractors.md for the accurate, current breakdown rather than a second copy of it here.

Plugin protocol

Third-party extractors can be loaded as npm packages:

// In your .ag spec file
plugin "aglc-plugin-my-extractor"

Each package is discovered by npm package name and must implement the subprocess protocol. (@collivity/aglc-roslyn in this repo's own plugins/ directory is a reference implementation of the protocol used in tests — it's a regex-based mock, not a real Roslyn/Microsoft.CodeAnalysis integration. Don't take its presence as evidence that real C# semantic analysis is wired in yet.)

<plugin> --info
<plugin> --component <ComponentName> --mappings <json> --files <file1> <file2> ...

--info returns JSON with name, extensions, and optional version. Extraction prints normalized FlowFact[] JSON. aglang preserves extractor provenance in graph output and lets higher-precedence plugin facts win when they describe the same effective edge as a local extractor.

This repository self-hosts on built-in tree-sitter/AST extractors plus reviewed .agq.yml query artifacts. External extractor plugins remain supported for projects that need custom facts, but aglang's own architecture check should not require Roslyn or any other external plugin.


Development

git clone https://github.com/collivity/aglang
cd aglang
npm install
npm run build    # tsup -> build/aglc.js
npm test         # vitest
# Try the bundled Collivity example
node build/aglc.js compile examples/collivity.ag
node build/aglc.js check-file --arch examples/architecture.o --file examples/web/api/Controllers/BadController.cs
node build/aglc.js emit-context --arch examples/architecture.o

Roadmap

The next step for aglang is not more syntax — it's turning the tool into a stable protocol that agents, subagents, editors, and CI systems can all consume the same way. The full, current milestone plan (through v1.1) lives in docs/roadmap.md rather than a second copy here.


License

Apache-2.0 — see LICENSE.