AI is rewriting how software gets built. The governance has not caught up.
Korext is closing that gap with two things: a governance platform for enterprises and a set of open standards for the entire industry.
Korext enforces regulatory, security, and engineering standards on AI generated code at the moment it is written. Every scan produces a cryptographically signed proof bundle that attests where the code was processed, where the data was stored, and who signed it.
Runs inside every major IDE, in CI/CD, from the terminal, and directly inside AI coding tools via MCP.
| Surface | Install |
|---|---|
| VS Code, Cursor, Windsurf | Extension marketplace |
| JetBrains | Plugin marketplace |
| CLI | npm install -g korext |
| GitHub Actions | korext/enforce-action@v3 |
| Chrome | Chrome Web Store |
| MCP | Built in |
Three data sovereignty regions. Customer managed signing keys. 72 governance packs. 532 rules. 13 language grammars.
We believe AI code governance requires open standards that no single vendor controls. Every specification below is CC0 public domain. Every tool is Apache 2.0. Every dataset is CC BY 4.0.
|
ai-attestation Track AI generated code in your repository. Detects 19 AI coding tools from git history. One command install. npx @korext/ai-attestation init |
ai-license Declare AI provenance in any open source project. Standardized notice that attaches to any existing license. npx @korext/ai-license generate |
|
supply-chain-attestation AI provenance across your entire dependency tree. 14 ecosystems. CycloneDX and SPDX integration. npx @korext/supply-check scan |
ai-incident-registry The public registry for AI code failures. AICI identifiers. Detection rule mapping. Vendor notification. npx @korext/incident-report draft |
|
ai-code-radar The real-time pulse of AI code adoption. Live data, embeddable charts, public API for journalists and researchers. |
ai-regression-database Patterns AI coding tools consistently get wrong. Reproducible. Version tracked. Detection linked. npx @korext/regression-submit detect |
|
commit-carbon Carbon footprint of AI assisted commits. CSRD, SEC, and CDP compatible disclosure. Peer reviewed methodology. npx @korext/commit-carbon scan |
enforce-action GitHub Action for AI code governance in CI/CD. Scan every pull request. Block violations before merge. - uses: korext/enforce-action@v3 |
Developer writes code with AI tools
│
▼
ai-attestation ← Tracks which AI tools, how many commits
│
┌────┼────┐
│ │ │
▼ ▼ ▼
ai-license commit-carbon supply-chain-attestation
Declare Measure Scan dependencies
provenance emissions for AI provenance
│ │ │
└────┼────┘
│
▼
KOREXT PLATFORM ← Govern, scan, sign proof bundles
│
▼
enforce-action ← Gate CI/CD on governance policy
│
▼
ai-code-radar ← Aggregate live adoption statistics
│
┌────┴────┐
▼ ▼
ai-incident ai-regression
-registry -database
Document Document
failures patterns
The open standards track, declare, and measure. The platform governs and signs. Together they form the complete AI code governance stack.
| Layer | License | Why |
|---|---|---|
| Specifications and schemas | CC0 1.0 (public domain) | Maximum adoption. No friction. |
| Code and tools | Apache 2.0 | Standard permissive license. |
| Data and datasets | CC BY 4.0 | Open with attribution. |
We welcome contributors across every project.
Browse open issues across all repositories. Read the CONTRIBUTING.md in any project. Reach out at [email protected] to discuss maintainer roles.
korext.com · oss.korext.com · Team
AI code governance for the enterprise. Open standards for the industry.
