Security News
Frontier AI Is Now Critical Infrastructure
The Fable shutdown shows how quickly model access can become a business continuity risk for AI-dependent engineering teams.
By Sarah Gooding - Jun 24, 2026
🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more →
aidlc-en
AI-driven Software Development Life Cycle framework — model-agnostic, quality-gate enforced
AIDLC Engine
AI-driven Software Development Life Cycle framework. Model-agnostic, quality-gate enforced, works with any team.
Quick Start
# New project
npx @aidlc/engine init
# Existing repo (first time)
npx @aidlc/engine setup
# Start working on a task
aidlc start "describe what you are building"
# Invoke an agent
aidlc agent dev
aidlc agent qa
# Run quality gates
aidlc gate run all
# Generate tests for your changes
aidlc test make
Installation
# As a project dev dependency (recommended)
npm install --save-dev @aidlc/engine
# Or run directly with npx (no install needed)
npx @aidlc/engine init
How It Works
- Run
aidlc initonce per project — scaffolds.aidlc/config and optionally a boilerplate - Every developer runs
aidlc setupafter cloning — registers their name, role, and API key locally - Developers invoke agents (
aidlc agent dev) for AI-assisted coding or work manually - Quality gates run at checkpoints — pre-commit, pre-push, and in CI
- When a gate fails, AI can fix or suggest — developer chooses
Agent Fleet
| Agent | Role |
|---|---|
architect | Design decisions, pattern compliance, ADRs |
dev | Feature implementation, code generation |
qa | Test case generation, coverage analysis |
security | Threat modeling, vulnerability analysis |
reviewer | Code review, acceptance criteria check |
docs | Documentation generation and maintenance |
Quality Gates
| Gate | What It Checks | How |
|---|---|---|
code-standards | ESLint, naming, complexity | Tool + AI |
test-coverage | Coverage ≥ threshold, test presence | Tool (Jest) |
build | Compilation succeeds | Tool |
security-scan | Vulnerabilities, secrets, SAST | Tool + AI |
code-quality | SonarQube analysis | Tool |
commit-format | Conventional commits | Tool (commitlint) |
api-standards | REST principles, OpenAPI spec | AI |
Configuration
All project settings live in .aidlc/aisdlc.config.yaml — committed to git, shared by the team.
Developer identity and API keys live in .aidlc/.local/ — gitignored, never committed.
Supported AI Providers
- Claude (Anthropic) — default
- OpenAI (GPT-4o, etc.)
- Google Gemini
- Ollama (local models — air-gapped environments)
Switch provider with one line in aisdlc.config.yaml.
License
MIT
FAQs
AI-driven Software Development Life Cycle framework — model-agnostic, quality-gate enforced
We found that aidlc-en demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 08 Jun 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
The Code You Didn't Write Is Still Yours to Defend
AI agents are pulling packages into environments no scanner is watching, creating exposure before security teams can see it.
By Brad Arkin - Jun 23, 2026
Security News
GitHub Actions Checkout Now Blocks Risky pull_request_target Checkouts
GitHub Actions checkout now blocks risky pull_request_target checkouts by default to help prevent pwn request supply chain attacks.
By Sarah Gooding - Jun 20, 2026