Zero Trust security verification for AI-generated code. Learn more at https://acutis.dev.
When you write or edit files with security-relevant extensions (.py, .js, .ts, .jsx, .tsx, .html), you must verify the code using the `scan_code` MCP tool before finishing.
Call `mcp__acutis__scan_code` with:
- `code`: the source code as a string
- `language`: "python" or "javascript"
- `contract`: a PCST contract declaring sources, sinks, and transforms
If the result is BLOCK_VIOLATION, fix the code. If BLOCK_INCOMPLETE, adjust the contract (add missing sinks as SafeOutput for non-security functions). Only proceed when the result is ALLOW.
Use the scan skill for guidance on building contracts.