codehere

Enterprises are replacing junior engineers with AI coding agents, but nobody is shipping the apprenticeship-upgrade path. Meanwhile, DeepMind/MIT (2025) measured 17.2× error amplification in multi-agent systems, and 45% of AI-generated code contains vulnerabilities.

codehere's wedge is not "another coding agent." It's the pre-execution audit layer that every agent will need. We own the governance step, the scanner that runs before an AI write touches disk, and bundle it with a coding agent so developers get the value without an extra tool.

Multi-provider LLM orchestration via OpenRouter so the user picks Claude, OpenAI, or a local Ollama model. Cost and token usage are tracked per generation.

A pre-execution security gate pattern-matches 60+ vulnerability classes (OWASP, SSRF, command injection, secret exfiltration) against every AI-authored diff before it runs.

Local SQLite embeddings index the repo so retrieval is fast, free, and fully offline. No context is sent to third parties without explicit opt-in.

Scoped down hard. The original PRD was a full agentic IDE. I cut it to CLI + audit layer because owning one verifiable step beats a half-working competitor to GitHub Copilot.

Wrote a 20-scenario futures analysis (World A–D) to pressure-test positioning: if hyperscalers ship first-party audit, where do we win? If they don't, where do we win? Answer: the "bring-your-own-agent" adapter surface where enterprises already have tool proliferation.

Chose Ollama + local SQLite over managed vector DBs. Cost goes to zero on the user side, and enterprises get a story for their security team on day one.

Pattern-based scanning has a false-positive ceiling. Next iteration uses an LLM-judge over flagged diffs, but that re-introduces a dependency I initially wanted to avoid.

Multi-provider is a feature for early users and a tax on me. Each provider has different streaming, tool-calling, and error shapes. A thin adapter abstraction paid for itself by v0.3 but slowed v0.1.