Evaluate AI Tooling Posture. Prove It Deterministically.
Wrkr evaluates your AI dev tool configurations across your GitHub repo/org against policy. Posture-scored, compliance-ready.
Scan, rank, regress, verify, and export evidence with stable `--json` outputs and fail-closed safety defaults.
# Initialize with deterministic defaults
wrkr init --non-interactive --path ./scenarios/wrkr/scan-mixed-org/repos --json
# Run scan and posture outputs
wrkr scan --path ./scenarios/wrkr/scan-mixed-org/repos --profile standard --json
wrkr report --top 5 --json
wrkr score --json
# Generate and verify compliance evidence
wrkr evidence --frameworks eu-ai-act,soc2 --output ./.tmp/evidence --json
wrkr verify --chain --json
# Gate on drift
wrkr regress init --baseline ./.wrkr/last-scan.json --output ./.tmp/wrkr-regress-baseline.json --json
wrkr regress run --baseline ./.tmp/wrkr-regress-baseline.json --jsonOrg and Repo Discovery
Discover AI tooling declarations across repo/org/path sources with deterministic output contracts.
Headless Risk Ranking
Surface high-impact CI/autonomous execution risks with ranked, explainable findings.
Compliance Evidence
Generate framework-mapped evidence bundles and verify proof chain integrity.
Deterministic Regressions
Create baseline posture gates and fail CI with stable drift reasons.
Open Manifest Contract
Use `wrkr-manifest.yaml` as a portable policy and lifecycle posture contract.
Agent-Readable Context
LLM-oriented docs resources, AI sitemap, and crawler policy for reliable assistant grounding.
Why Teams Use Wrkr
| Without Wrkr | With Wrkr | |
|---|---|---|
| AI tool inventory | manual surveys, stale answers | deterministic repo/org inventory |
| Headless risk visibility | ad-hoc grep and assumptions | ranked findings with posture context |
| Compliance evidence | manual artifact assembly | command-generated evidence bundle |
| Regression gating | no baseline contract | stable drift reasons and exit code 5 |
Frequently Asked Questions
What is Wrkr in one sentence?
Wrkr evaluates your AI dev tool configurations across your GitHub repo/org against policy. Posture-scored, compliance-ready.
Does Wrkr require a hosted control plane?
No. Wrkr is deterministic and file-based by default, with local scan state and local evidence generation.
What makes Wrkr outputs audit-friendly?
Wrkr emits deterministic JSON contracts, stable exit codes, and proof-chain verifiable evidence paths.
Can Wrkr enforce runtime side effects?
Wrkr is a discovery and posture layer. Runtime side-effect enforcement belongs to control-plane runtimes like Gait.
How do I fail CI on posture drift?
Use `wrkr regress init` to create a baseline and `wrkr regress run` in CI. Exit code `5` indicates drift.
How do I generate compliance evidence?
Run `wrkr evidence --frameworks ... --json` and validate integrity with `wrkr verify --chain --json`.
Use command-first docs that agents can quote and operators can verify.
Start with intent guides, then validate with deterministic CLI outputs.
Open DocumentationFor assistant and crawler discovery resources, use LLM Context.