cejel

/ "SEH-jel" /
Free AGPL-3.0 Offline No signup Deterministic — no model call

A trust certificate for your codebase.

A free, offline CLI that scores the engineering signals that tell you whether to trust a repo — tests, secrets, isolation, claim-vs-reality, CI and audit discipline — and prints a portable certificate. Especially useful when AI wrote a lot of the code: that's exactly when you can't eyeball trust.

$npx cejel .

No install, no signup, fully offline. Also: pnpm dlx cejel . · bunx cejel .

It sits on top of your scanners

Cejel isn't another point scanner competing with the one you already run — it's the open, portable certificate that aggregates them. Pipe in SARIF from Snyk, Semgrep, CodeQL, or any SAST tool, plus OpenSSF Scorecard, and get one shareable, rubric-scored certificate over all of them, with every contributing tool attributed.

# fold your existing scanner output into one score
npx cejel . --ingest semgrep.sarif --ingest scorecard.json

What it scores

Code trust

Tests, secret hygiene, isolation, dependency posture, and whether the code matches its claims.

Process trust

PR traceability, CI and QA discipline, audit completeness — the signals of a repo that's actually run well.

Honest by design

Deterministic and conservative. It catches the expensive mistakes; it doesn't pretend to certify what it can't prove.

Portable output

Writes report.json, a self-contained certificate.html, and a shareable badge.svg.

Dogfooded in production

Cejel runs continuously on Barg Labs' own multi-product monorepo — the studio it was built inside — which it currently scores 3.1/4.0. We score ourselves before asking you to score yourself.

What "offline" means