mustel

The Core Problem

AI coding agents (Claude, Gemini, etc.) spend tokens fixing lint errors, security warnings, and dependency issues that local tools can catch instantly. Every bad-style fix or insecure-import correction burns context window space that should go toward actual reasoning.

mustel runs those local tools first — Ruff, Bandit, pip-audit, and 21 custom rules — then hands the agent a clean, structured report. The agent starts with fewer problems and a smaller input. In practice this cuts token usage by ~45%.

How It Works

mustel is a Python CLI that runs multiple static analysis tools in one pass and merges their output into a single JSON report:

• Ruff — linting and style checks (fast, Rust-based).
• Bandit — scans Python source for known security issues (SQL injection, weak hashes, etc.).
• pip-audit — checks installed dependencies against the OSV vulnerability database.
• 21 custom YAML rules — regex patterns that flag hardcoded credentials, prompt leaks, and context-bloating patterns.

All tools run concurrently. Their separate outputs are normalized into one JSON schema so agents get structured data instead of raw terminal logs. mustel also exposes an MCP server so agents can call it directly as a tool.