Saturnday
Govern AI-built software from scan to build to repair — all from the terminal. Saturnday runs 48+ deterministic governance checks on Python projects (with additional checks for TypeScript, DevOps files, and project metadata), builds projects from a brief with ticketed execution and per-commit governance, produces governed documents, inspects release artefacts, and auto-fixes findings with evidence.
Requires: pip install saturnday (Python 3.10+)
Verify installation:
�CODEBLOCK0
If saturnday is not installed, run:
pip install saturnday
Three Modes
Saturnday has three core modes plus document and release modes. Choose based on the task:
| Mode | When to use | Command |
|---|
| Scan | Check a skill or repo for issues | INLINECODE1 |
| Guard |
Full governance on a git repo |
python scripts/guard.py <path> |
|
Run | Build a project from a brief |
python scripts/run.py <path> --brief "..." |
|
Document | Produce a governed document |
saturnday start --document --doc-spec spec.yaml |
|
Release | Inspect artefacts before publishing |
saturnday release-preflight --repo <path> |
Mode 1: Scan
Use when: checking an OpenClaw skill for security risks, hallucinated imports, fake tests, or quality issues before installing or publishing.
CODEBLOCK2
Or directly:
�CODEBLOCK3
What it checks
- - 19 Python security checks (SQL injection, auth bypass, CSRF, XSS, hardcoded secrets)
- 19 TypeScript security checks
- Hallucinated import detection (packages that don't exist)
- No-assert and fake test detection
- Dead code (cross-file analysis)
- Dependency declaration verification
- Project hygiene (README, LICENSE)
- Dockerfile checks (unpinned images, root user, secrets in build, missing dockerignore)
- GitHub Actions (SHA pinning, broad permissions, pullrequesttarget, plaintext secrets)
- GitLab CI (secrets in YAML, docker-in-docker patterns)
- Jenkins (hardcoded credentials)
- Terraform (hardcoded credentials, public CIDR)
- Kubernetes (privileged containers, unpinned images, secrets in manifests)
- Optional Trivy integration for deep IaC analysis
Output
Disposition: PASS or FAIL
Findings: list with check name, severity, file, line, description
Evidence: timestamped directory with full results
Mode 2: Guard
Use when: running full governance on any git repository — before merging, before deploying, or for audit.
CODEBLOCK5
For staged changes only (pre-commit):
�CODEBLOCK6
Or directly:
�CODEBLOCK7
What it checks
48+ deterministic checks for Python projects: security (SQL injection, XSS, CSRF, auth bypass, hardcoded secrets, WebSocket security, OAuth, token handling, rate limiting, IDOR, user enumeration, cookie security), AI-specific (hallucinated imports, fake tests, dead code, placeholders), quality (syntax, dependencies, Python version compat, code quality, blast radius, project hygiene, typosquat detection). Additional checks activate for DevOps files (Dockerfile, GitHub Actions, GitLab CI, Jenkins, Terraform, Kubernetes, config security) and TypeScript/JavaScript code.
Ratchet baselines
Prevent regressions:
�CODEBLOCK8
Policy exemptions
Create
.saturnday-policy.yaml:
expected_findings:
- declared_not_installed
- package_not_importable
Mode 3: Run
Use when: building a project from a description. This is the full governed execution pipeline.
CODEBLOCK10
Or interactively:
�CODEBLOCK11
Backends
| Backend | Value | Auth |
|---|
| Claude Code CLI | INLINECODE7 | Claude Pro subscription |
| Codex CLI |
codex-cli | OpenAI subscription |
| OpenClaude |
openclaude | OpenClaude CLI |
| Cursor CLI |
cursor-cli | Cursor |
| OpenAI API |
openai | OPENAI
APIKEY |
| Anthropic API |
anthropic | ANTHROPIC
APIKEY |
What happens during a run
- 1. Security triage — LLM-powered data flow analysis filters false positives from security findings so you only review what matters
- Brief enrichment — vague briefs are auto-enriched with technical detail before planning
- Planning — 3-stage planner generates tickets with acceptance criteria and scope constraints
- Execution — each ticket executed sequentially, governance checks after every commit
- Auto-install — dependencies are automatically installed between tickets when pyproject.toml or package.json changes
- Retry — if governance fails, revert, feed findings back, retry (up to 3 attempts)
- Ungoverned commit — if a ticket still fails after retries and auto-repair, the code is committed with a
[GOVERNANCE: review required] tag so the project stays complete - Auto-repair — after all tickets, ungoverned and failed tickets go through the repair pipeline again
- Definition of done — evaluates whether plan goals are met
- Review report — for ungoverned tickets:
review-required.md with findings, remediation tips, and copy-paste fix prompts for each ticket - Progress log — live
saturnday-progress.log with ticket outcomes, governance results, and counterfactual messages showing what ungoverned AI coders would have done wrong - Evidence — timestamped directory with per-ticket results, governance evidence, analytics
Resume interrupted runs
Saturnday auto-detects prior runs. If you restart saturnday run on a project that already has a ledger, tickets that already passed are skipped automatically. You can also resume explicitly:
CODEBLOCK12�
Document Mode
Use when: producing governed documents (specs, reports, audits) with section-level checks and cross-section consistency validation.
CODEBLOCK13
The pipeline: parse spec, plan sections, generate each section, run section-level checks (structure, placeholders, citations, evidence coverage), retry failures, run cross-section consistency checks, and produce a signed-off evidence pack.
Release Preflight
Use when: inspecting built artefacts (wheels, sdists, npm tarballs, OCI images) before publishing.
CODEBLOCK14
Runs 5 release-security checks: source map blocking, secrets in artefact, internal file blocking, allowlist manifest validation, and release diff comparison. Separate from code governance.
When to Use Each Mode
- - "Scan this skill before I install it" → Scan
- "Check this repo for security issues" → Guard
- "Build me a project from this description" → Run
- "Audit this codebase" → Guard
- "Produce a governed document" → Document mode
- "Check this wheel before publishing" → Release preflight
- "Fix the findings" → use
saturnday repair --repo <path> directly
Prerequisites
- -
pip install saturnday (Python 3.10+) - Node.js 18+ (for TypeScript checks)
- Git (for Guard and Run modes)
- At least one AI coder backend for Run mode
Saturnday
从扫描到构建再到修复,全程在终端中治理AI构建的软件。Saturnday对Python项目执行48项以上的确定性治理检查(并对TypeScript、DevOps文件和项目元数据进行额外检查),根据简要说明通过票据化执行和每次提交的治理来构建项目,生成受治理的文档,检查发布产物,并自动修复带有证据的发现结果。
要求: pip install saturnday (Python 3.10+)
验证安装:
bash
saturnday version
如果未安装saturnday,请运行:
bash
pip install saturnday
三种模式
Saturnday有三种核心模式,外加文档和发布模式。根据任务选择:
| 模式 | 使用时机 | 命令 |
|---|
| 扫描 | 检查技能或仓库是否存在问题 | python scripts/scan.py <路径> |
| 守护 |
对git仓库进行全面治理 | python scripts/guard.py <路径> |
|
运行 | 根据简要说明构建项目 | python scripts/run.py <路径> --brief ... |
|
文档 | 生成受治理的文档 | saturnday start --document --doc-spec spec.yaml |
|
发布 | 在发布前检查产物 | saturnday release-preflight --repo <路径> |
模式1:扫描
使用时机: 在安装或发布之前,检查OpenClaw技能是否存在安全风险、幻觉导入、虚假测试或质量问题。
bash
python scripts/scan.py <技能目录路径>
或直接使用:
bash
saturnday scan --skill <技能目录路径> --output /tmp/scan-results --format both
检查内容
- - 19项Python安全检查(SQL注入、认证绕过、CSRF、XSS、硬编码密钥)
- 19项TypeScript安全检查
- 幻觉导入检测(不存在的包)
- 无断言和虚假测试检测
- 死代码(跨文件分析)
- 依赖声明验证
- 项目规范性(README、LICENSE)
- Dockerfile检查(未固定版本的镜像、root用户、构建中的密钥、缺少dockerignore)
- GitHub Actions(SHA固定、权限过宽、pullrequesttarget、明文密钥)
- GitLab CI(YAML中的密钥、docker-in-docker模式)
- Jenkins(硬编码凭据)
- Terraform(硬编码凭据、公共CIDR)
- Kubernetes(特权容器、未固定版本的镜像、清单中的密钥)
- 可选的Trivy集成,用于深度IaC分析
输出
判定:通过 或 失败
发现结果:包含检查名称、严重级别、文件、行号、描述的列表
证据:带有完整结果的时间戳目录
模式2:守护
使用时机: 在任何git仓库上运行全面治理——在合并前、部署前或审计时。
bash
python scripts/guard.py <仓库路径>
仅针对暂存更改(预提交):
bash
python scripts/guard.py <仓库路径> --staged
或直接使用:
bash
saturnday governance --repo <路径> --full
检查内容
针对Python项目的48项以上确定性检查:安全性(SQL注入、XSS、CSRF、认证绕过、硬编码密钥、WebSocket安全、OAuth、令牌处理、速率限制、IDOR、用户枚举、Cookie安全)、AI特定(幻觉导入、虚假测试、死代码、占位符)、质量(语法、依赖项、Python版本兼容性、代码质量、影响范围、项目规范性、域名抢注检测)。针对DevOps文件(Dockerfile、GitHub Actions、GitLab CI、Jenkins、Terraform、Kubernetes、配置安全)和TypeScript/JavaScript代码会激活额外检查。
棘轮基线
防止回归:
bash
saturnday baseline generate --repo <路径>
策略豁免
创建.saturnday-policy.yaml:
yaml
expected_findings:
- declared
notinstalled
- package
notimportable
模式3:运行
使用时机: 根据描述构建项目。这是完整的受治理执行流水线。
bash
python scripts/run.py <项目目录> --brief 构建一个带有认证和测试的REST API --backend anthropic
或交互式运行:
bash
cd <项目目录>
saturnday start
后端
| 后端 | 值 | 认证 |
|---|
| Claude Code CLI | claude-cli | Claude Pro订阅 |
| Codex CLI |
codex-cli | OpenAI订阅 |
| OpenClaude | openclaude | OpenClaude CLI |
| Cursor CLI | cursor-cli | Cursor |
| OpenAI API | openai | OPENAI
APIKEY |
| Anthropic API | anthropic | ANTHROPIC
APIKEY |
运行过程中的操作
- 1. 安全分类 — 基于LLM的数据流分析过滤安全发现中的误报,让您只审查重要内容
- 简要说明增强 — 模糊的简要说明在规划前会自动补充技术细节
- 规划 — 3阶段规划器生成带有验收标准和范围约束的票据
- 执行 — 每个票据按顺序执行,每次提交后执行治理检查
- 自动安装 — 当pyproject.toml或package.json发生变化时,在票据之间自动安装依赖项
- 重试 — 如果治理失败,则回滚、反馈发现结果、重试(最多3次尝试)
- 未治理提交 — 如果票据在重试和自动修复后仍然失败,则使用[GOVERNANCE: review required]标签提交代码,以保持项目完整性
- 自动修复 — 在所有票据完成后,未治理和失败的票据再次进入修复流水线
- 完成定义 — 评估计划目标是否达成
- 审查报告 — 针对未治理的票据:review-required.md,包含发现结果、修复建议以及每个票据的可复制粘贴修复提示
- 进度日志 — 实时的saturnday-progress.log,包含票据结果、治理结果以及反事实消息,显示未治理的AI编码器本会犯的错误
- 证据 — 带有每个票据结果、治理证据、分析数据的时间戳目录
恢复中断的运行
Saturnday自动检测之前的运行。如果您在已有账本的项目上重新启动saturnday run,已通过的票据会自动跳过。您也可以显式恢复:
bash
saturnday resume --repo <路径> --backend anthropic
文档模式
使用时机: 生成受治理的文档(规范、报告、审计),包含章节级检查和跨章节一致性验证。
bash
saturnday start --document --doc-spec doc-spec.yaml --backend claude-cli
流水线:解析规范、规划章节、生成每个章节、运行章节级检查(结构、占位符、引用、证据覆盖)、重试失败项、运行跨章节一致性检查,并生成签核的证据包。
发布预检
使用时机: 在发布前检查构建产物(wheel包、源码分发包、npm压缩包、OCI镜像)。
bash
saturnday release-preflight --repo <路径> --type python
saturnday release-preflight --wheel dist/mypackage-1.0-py3-none-any.whl
运行5项发布安全检查:源映射阻止、产物中的密钥、内部文件阻止、白名单清单验证以及发布差异比较。与代码治理分开。
何时使用每种模式
- - 在安装前扫描这个技能 → 扫描
- 检查这个仓库的安全问题 → 守护
- 根据这个描述为我构建一个项目 → 运行
- 审计这个代码库 → 守护
- 生成一份受治理的文档 → 文档模式
- 在发布前检查这个wheel包 → 发布预检
- 修复发现结果 → 直接使用saturnday repair --repo <路径>
前提条件
- - pip install saturnday (Python 3.10+)
- Node.js 18+(用于TypeScript检查)
- Git(用于守护和运行模式)
- 至少一个AI编码器后端用于运行模式
