Every workflow on this page is backed by the same deterministic, local-first, structural retrieval engine — sub-millisecond P99, $0 per query, no LLM in the read path. Pick the service that solves your most expensive fire this week. Click in for the side-by-side math, the auditor-grade evidence pack, and the install commands you can paste into your repo today.
Type the slash command in your AI agent. Get a branded, A4-paginated PDF in 5-15 minutes. Standards-aligned (arc42 / IEEE 1016 / AICPA TSC 2017 / C4 / MADR). $0 retrieval, file:line citations, re-runnable on every release.
Type /argos-corporate-delivery in your AI agent. Get an arc42-compliant, branded PDF documenting architecture, APIs, operations, security, code map, and project closure — produced from your repo in 5-15 minutes. Standards: arc42, IEEE 1016, ISO/IEC/IEEE 26515, C4, MADR, OpenAPI 3.x.
Type /argos-soc2-prep in your AI agent. Get a 13-bucket SOC 2 evidence package mapped 1:1 to AICPA Trust Services Criteria 2017 (CC1-CC9 + A/C/PI/P) — file:line citations, structural proof of every control. Pairs with Vanta, Drata, SecureFrame.
Scroll for one-line plain-English explanations + tier + ship status. Drill into any service below for the side-by-side math, the auditor-grade evidence pack, and the install command.
| # | Service | Status | What it does for you |
|---|---|---|---|
| 1 | SAST Triage | Live | Cuts your scanner noise from 47,000 alerts to 89 actually exploitable findings. Plug-in to Snyk / Checkmarx / Semgrep — keeps your tool, removes the false positives. |
| 2 | Compliance Audit Prep | Partial | Auditor-ready evidence packs for HIPAA, SOC 2, PCI-DSS audits. Core mechanism live; per-framework export templates ship Q3 2026. |
| 3 | Agent Token Burn | Live | Cuts your AI coding agent's monthly token bill by 73%. Same agent, same model — just zero re-grep / re-read loops between turns. |
| 4 | M&A Code Due Diligence | Live | Code DD on a one-week clock. Tech debt mass, dead code, security posture, architecture clarity — all polyglot, workspace-aware, repeatable per deal. |
| 5 | Refactor Safety | Live | See every caller of any function in 47 ms across any codebase >100k LOC. Stop the "we touched chargeUser() and prod broke" cycle. |
| 6 | New-Hire Onboarding | Live | Day-zero to first PR in days, not 6 weeks. Code tour, naming conventions, hub-function map — delivered straight into the new dev's IDE. |
| 7 | Safety-Critical Certification | Partial | Reachability proofs for DO-178C, ISO 26262, IEC 62304. Core layer live; format-ready DO-178C reports + MC/DC coverage hooks ship Q4 2026. |
| 8 | Smart Contract Reachability | Live | Re-entrancy, tx.origin auth, untrusted external calls — flagged on every Solidity contract. Vyper / Move / FunC on roadmap. |
| 9 | Pen Test Triage | Live | Take your 200-page pen-test report, attach reachability proofs to every finding, drop the unreachable ones. Days, not weeks of remediation. |
| 10 | Agent Hallucinations | Live | Stops your AI agent from inventing function names. Symbol existence checked in 0.4 ms before the agent commits to a hallucinated identifier. |
| 11 | Dead Code Detection | Live | Find every symbol with zero callers across your monorepo. Workspace-aware (Nx / Turborepo / Cargo) so cross-package callers don't trip you up. |
| 12 | Monolith → Microservices | Live | See where your monolith actually has natural seams before you cut. Lists every cross-boundary call so you know exactly what becomes an API. |
| 13 | dbt Column Lineage | Roadmap | Trace every column through every dbt model. File-level lineage today; full column-level + manifest parsing ship Q4 2026. |
| 14 | OSS Backdoor Detection | Live | Catches XZ-style supply-chain attacks. Diffs your local OSS clone against the upstream tarball, classified Low / Medium / High / Critical. |
All services backed by the same engine: deterministic structural retrieval, sub-millisecond P99, $0 per query, runs locally. How it works →
Snyk and Checkmarx return 47,000 findings. Reachability proofs cut that to 89 actually exploitable. Without replacing your existing SAST tool.
HIPAA · SOC 2 · PCI-DSS · FedRAMP · SOX 404. Deterministic data-flow proofs auditors accept as-is. Complement to Drata / Vanta / SecureFrame.
~150× token reduction on grep+read+summarize loops. Sub-millisecond. MCP-native. Drop-in for Claude Code, Codex CLI, Cursor, GitHub Copilot Chat / Agent / Workspace, plus LangChain, OpenAI Agent SDK, Anthropic SDK.
processPayment is defined. You watched the token meter climb."Tech debt quantification, dead code, security posture, architecture clarity for any acquisition target. Engagement-priced, repeatable, no permanent presence required.
Find-all-callers and blast-radius proofs across any codebase >100k LOC. Local-first, deterministic, auditable. The fix for "we touched chargeUser() and three downstream services broke in prod."
chargeUser() last sprint. Three weeks later, analytics is silently dropping events — grep missed an aliased import."BillingService. Nobody knows who calls what. Tech debt compounds quarterly."Code-tour, naming conventions, architecture briefing, hub-function map — all delivered to the new engineer's IDE on day one. Cuts the typical 6-month ramp to under 6 weeks.
Avionics, automotive, medical-device firmware. Regulator-driven traceability matrices, requirement-to-code mappings, and reachability proofs that satisfy DAL-A / ASIL-D / Class C audits.
Solidity / Vyper / Move / FunC reachability proofs for audit firms, DeFi protocols, exchanges. Each prevented exploit becomes a viral case study.
Engagement-priced, recurring annually. Take a 200-page pen-test report, attach reachability proofs to every finding, drop the unreachable ones. Same workflow as Anti-SAST applied to manual pen tests.
Bundled with #3 (Token Burn). The Precision Layer (symbol_exists, resolve_member) gives the agent zero-cost facts before it commits to a hallucinated identifier. See /for-agents for the full pitch.
userService.getUserById(). Actual method is User.findById(). You merged it. CI red on next push."parseISO from a library that doesn't ship that export. Third time this week."Functions with zero callers. Configs nobody reads. Routes nobody hits. Reachability-graded so deletion is fearless. Bundles cleanly with Anti-SAST and Refactor Safety.
Community detection over the call graph proposes service boundaries. Lists every cross-boundary call so you know exactly what becomes an API. One-shot decision.
BillingService last quarter. Half-done. 47 unexpected callers across 8 other services."Trace every column through every dbt model, view, and downstream BI tool. Compete-against-the-incumbents play (Atlan / Alation / Collibra) — we win on local-first determinism and zero-cost queries.
total_amount in order_events, what breaks downstream?' Honest answer: 'Some unknown subset of 800 dbt models.'"Each link below opens an opinionated install + tooling guide written for that role. Same engine, same MCP server, same $0/query — different lead-in.
Sign in with GitHub → · How it works · Read the three papers · All 44 skills · 51 MCP tools · Talk to engineering