HICS evaluates your codebase across five security dimensions. The score runs locally. The proof is mathematical. No trust required.
brew install h33/tap/hics && hics scan .
Code never leaves your machine. Results sealed with a STARK proof and Dilithium signature. Nobody trusts anybody. The math does the work.
Tree-sitter structural analysis for Rust, Python, JS, TS. Not regex. Distinguishes real code from match arms, classifiers, and test fixtures.
STARK proof (SHA3-256, hash-based). Dilithium ML-DSA-65 (FIPS 204). Attestations that outlast the software they attest.
Every weight, threshold, and deduction rule is published. Anyone can audit the math. The methodology is at hics/methodology.
Embeddable live badge. One click verifies the STARK proof, Dilithium signature, Merkle root, and certificate freshness.
Vendors define testable claims. HICS verifies each against the code. Undisclosed strengths and weaknesses surfaced automatically.
One command. The CLI scans your codebase with tree-sitter AST parsing. Nothing is transmitted. Nothing is stored. The score appears in your terminal.
Five categories. Confidence-weighted findings. Positive credits for post-quantum crypto. Shannon entropy for secret detection. No binary pass/fail.
Generate a .h33 certificate: STARK proof of correct execution + Dilithium post-quantum signature + Merkle codebase commitment + Proof ID. The score becomes a mathematical fact.
Anyone with your Proof ID can verify at h33.ai/verify. Five cryptographic checks in real time. No trust in the vendor. No trust in H33. Trust the math.