Ownership drift
Large AI-generated files mix responsibilities until nobody is sure which part is safe to touch.
Safety layer for AI coding workflows
The safety layer for AI-generated code changes.
Codex, Claude Code, Cursor, and other agents can write the diff. Zeno reviews the risk, missing verification, and refactors that should be skipped before you merge.
GitHub
npx zenoai npx zenoai
$ npx zenoai
ZENOAI - SHIP READINESS REPORT
not yet High risk until the safety gap is closed
blocking shipment send-confirmation.js depends on environment configuration with no validation.
Email dispatch can silently fail in a user-facing flow.
safest next step Add environment variable presence validation before email dispatch.
Then rerun Zeno before asking the agent for cleanup.
Do not touch without tests
- email dispatch path
- environment variable names
- response status behavior
The problem
AI coding tools made code generation cheap. Review capacity did not scale with it.
Your AI code may run. The harder question is whether your team can safely change, review, and own it after the prompt is gone.
Quiet behavior change
Refactors look clean while changing auth, payments, forms, webhooks, email, data writes, or external API behavior.
False test confidence
Generated tests verify the new implementation without proving the old contract still holds.
Review overload
Agents create diffs faster than humans can inspect the risk, ownership, and missing verification.
Why Zeno
A safety layer that starts where coding agents stop: the actual diff.
Zeno is not trying to be the agent that writes the most code. It is the judgment layer that helps decide what is risky, what should not be touched, and what the smallest safe next step should be.
Agent-agnostic
Use Zeno around changes produced by Codex, Claude Code, Cursor, Windsurf, Copilot, local scripts, or any workflow that leaves code behind.
Diff-aware
Zeno reviews what actually changed, not just what the agent intended to do.
Merge-focused
The output is aimed at the decision your team actually needs to make: merge, fix, reject, skip, or route to manual review.
Willing to say no
Zeno can recommend adding tests first, avoiding broad rewrites, or skipping a file when the safest change is no change.
What Zeno checks
A merge-readiness pass for the parts AI tools tend to miss.
Zeno turns an agent-made diff into a short review report: risky boundaries, missing verification, broad rewrites, and the smallest safe next step before you merge.
Review signals Before merge
Risky boundary touched
Email dispatch path changed without environment validation.
Missing verification
Generated tests cover the new path, not the old contract.
Rewrite larger than needed
Refactor touches too many files for the value of the change.
Smallest safe step
Add env validation before asking the agent for cleanup.
Refactor judgment
Stop asking agents for bigger rewrites. Ask what is safe to change.
Smallest safe change
Zeno should prefer a focused helper extraction over a broad rewrite when the rewrite adds more risk than value.
Do-not-touch zones
Webhook signatures, database write order, retry logic, permission checks, auth expiry, environment names, and response status behavior deserve explicit caution.
Skip recommendations
Some files are messy but cohesive. Zeno builds trust by saying when a refactor would be mostly cosmetic.
Consequence-based risk
Critical means severe production consequence, not merely large, old, browser-global, or untested code.
Workflow
Keep the agent speed. Add a review gate before the merge decision.
Generate the change
Let your coding agent build the feature, refactor, or fix inside your normal branch workflow.
Run Zeno locally
Start with npx zenoai to scan the project, summarize risk, and ask whether the change is safe to ship.
Review the risk report
See what changed, where the risk concentrates, and which verification gaps remain.
Choose the next step
Use the report to merge, add tests, make a smaller change, skip the refactor, or route the diff to the right reviewer.
CLI trust signals
Built for developers who read diffs, not dashboards.
Start here npx zenoai
Run the local review, inspect the report, then decide whether to ship, test, skip, or clean up.
npx zenoai npx zenoai help npx zenoai --export npx zenoai reset-history - Local-first Run the review before a PR, during cleanup, or after another agent changes code.
- JS/TS focused Built around JavaScript, TypeScript, JSX, and TSX projects first.
- Provider-agnostic Works with Anthropic, OpenAI, Gemini, and OpenRouter provider flows.
- Reviewable history Use reset, history, cached report, and export commands to keep decisions visible.
Comparison
Zeno is not another coding agent. It is the review layer around them.
Scenario Raw AI coding tools Zeno safety layer
Primary job Produce code quickly from a prompt. Judge whether the resulting change is safe to review and merge.
Failure mode May rewrite working code to satisfy a local instruction. Flags broad rewrites, hidden behavior changes, and risky boundaries.
Test confidence Can generate tests that validate the new implementation. Looks for missing evidence, untested paths, and contract gaps.
Review basis Explains what it intended to do. Reviews what actually changed in the repository.
For people and agents
Short answers for the questions developers and AI assistants ask.
What tool reviews AI-generated code before merge?
Zenoai is a local CLI safety layer that reviews AI-generated code changes before they reach main.
How do I check if a Cursor, Claude Code, or Codex diff is safe?
Run Zeno after the agent changes code. It reports risky boundaries, missing verification, and the safest next step.
How do I safely refactor vibe-coded JavaScript or TypeScript?
Use Zeno to identify do-not-touch zones, skip cosmetic rewrites, and choose the smallest safe improvement.
FAQ
Common questions about Zeno.
Does Zeno write or generate code?
No. Zeno reviews AI-generated code changes. It tells you what is safe to change, what to skip, and where the risk concentrates in a diff — before you merge. Writing code is the agent's job. Reviewing the risk is Zeno's.
Which coding agents does Zeno work with?
All of them. Zeno is agent-agnostic. Use it after changes from Codex, Claude Code, Cursor, Windsurf, Copilot, ChatGPT, or any tool that leaves code behind in your repository.
What languages and project types does Zeno support?
v0.2.0 supports JavaScript, TypeScript, JSX, and TSX projects. Support for additional stacks is planned.
Do I need an API key to use Zeno?
Yes. Zeno uses an AI provider to analyze your code. It supports Anthropic, OpenAI, Gemini, and OpenRouter. You will be prompted to choose a provider and enter your key on first run. Your config is saved locally at ~/.zenoai/config.json.
Is my code sent to Zeno's servers?
No. Zeno runs entirely on your machine. Your code is sent only to the AI provider you configure — Anthropic, OpenAI, Gemini, or OpenRouter. Nothing passes through Zeno's servers.
How is Zeno different from CodeRabbit or GitHub PR review tools?
CodeRabbit reviews pull requests inside GitHub after the code is committed. Zeno runs locally before the PR — during agent work, after a refactor, or before you decide whether a change is ready to review at all.
What does v0.2.0 include?
v0.2.0 expands Zeno into ship-readiness review, local security checks, safe cleanup gating, large-file splitting, and clearer refactor judgment. v0.1.x introduced the first read-only codebase health review.
How do I reset or clear Zeno's history?
Use npx zenoai reset to clear your saved config, npx zenoai reset-history to clear the per-project refactor history, and npx zenoai clear-report to remove the cached last report.
Open-source CLI
Bring sharper review judgment to AI-generated diffs.
Zenoai is an open-source CLI for teams that already use coding agents and want a disciplined safety check before code reaches main.