Fair Source Framework
cognitive-core logo

cognitive-core

AI does the work. Humans stay in control.

The portable framework that turns any AI coding assistant into an intelligent development platform. Hooks, agents, skills, and security — installed in one command.

View on GitHub Quick Start
~/my-project
$ bash install.sh
cognitive-core v1.0.0
AI-native development framework
✓ 10 hooks installed (security guard active)
✓ 10 agents registered
✓ 47 skill packs active
✓ 12 rules loaded
✓ Integrity checksums verified
$ Ready. Start a session to begin.

Why cognitive-core

Framework vs. SaaS -- what makes this different

Not an IDE, not a SaaS

A portable framework that installs into any existing project. No vendor lock-in, no subscriptions, no cloud dependency.

Multi-adapter

Claude Code, Aider + Ollama (fully local), IntelliJ. One framework, multiple runtimes -- choose what fits your workflow.

Multilingual

Works in any language the model supports. 11 first-class language packs included, from Perl to Rust to Angular.

Self-evolving

Grows with every prompt, every issue, every session. Skills capture team knowledge. Updates propagate across all connected projects.

Fair Source

Source code publicly accessible, auditable, and transparent. Not open source, not proprietary -- the best of both worlds.

Your rules

Create custom skills, agents, and hooks for any specialized technology. The framework adapts to your team, not the other way around.

Everything you need for intelligent development

One framework. Every Claude Code project. Automatic security, quality, and consistency.

Security Guard

Multi-tool security enforcement with PreToolUse hooks. Blocks exfiltration, pipe-to-shell attacks, secret leaks, and unauthorized file access. Three security levels: minimal, standard, strict.

Agent Teams

Hub-and-spoke agent architecture with a coordinator, 9 specialist agents, and smart delegation. Each agent has least-privilege tool restrictions.

Skills System

47 composable skill packs for code review, testing, smoke tests, lint debt tracking, session management, project boards, and CTF/pentesting. Language and database-specific skills included.

Hooks Framework

SessionStart, PreToolUse, and PostToolUse hooks for environment setup, safety validation, integrity checking, and auto-linting. Fully configurable per project.

Language Packs

First-class support for Perl, Python, Node.js, Java, Go, Rust, C#, React, Angular, and Spring Boot. Each pack includes language-specific lint rules, test patterns, and coding skills.

CI/CD Pipeline

5-gate evolutionary CI/CD with fitness scoring, Playwright smoke tests, Docker, Kubernetes, and monitoring (Prometheus + Grafana). Self-hosted or GitHub-hosted runners.

Hub-and-Spoke Architecture

The coordinator delegates to specialist agents. Every project inherits the same secure foundation.

project-coordinator
Hub / Orchestrator
solution-architect
Architecture & Design
code-standards-reviewer
Code Quality
test-specialist
Testing & QA
research-analyst
Research & Analysis
database-specialist
Database & SQL
security-analyst
Security & Pentesting
skill-updater
Framework Sync
angular-specialist
Angular & Frontend
spring-boot-specialist
Spring Boot & Java
Security Guard (all tool calls)
validate-bash
Blocks dangerous commands
validate-read
Protects sensitive files
validate-write
Catches hardcoded secrets
validate-fetch
Audits external URLs
setup-env
Integrity verification
compact-reminder
Survives compaction
post-edit-lint
Lint after every edit
angular-version-guard
Angular version safety
spring-boot-version-guard
Spring Boot version safety
10
Specialist Agents
47
Composable Skills
12
Language Packs
12
Rules
10
Security Hooks

Framework Health

Live test results from the latest cognitive-core build

839/839 tests passed
| 16/16 suites | Mar 23, 2026 | 8d2e0e5
ShellCheck
42/42 passed
Skill Frontmatter
64/64 passed
Hook Protocol
25/25 passed
Install Dry-Run
44/44 passed
Update Flow
6/6 passed
Security Hooks
49/49 passed
Agent Permissions
24/24 passed
Workspace Monitor
57/57 passed
Adapter Interface
29/29 passed
Aider Adapter
38/38 passed
IntelliJ Adapter
49/49 passed
MCP Server
18/18 passed
Plugin Structure
94/94 passed
Project Board Providers
140/140 passed
Gitignore Policy
138/138 passed
Recursive Epic Structure
22/22 passed
10
Agents
47
Skills
12
Rules
10
Security Hooks
12
Language Packs
3
Database Packs
4
Adapters

Component Catalog

Browse all agents and skills — click any card to view the source on GitHub

Agents (10)
Agent
angular-specialist

Angular migration, patterns, and architecture specialist (v18-21).
Agent
code-standards-reviewer

Reviews code against project conventions and CLAUDE.md guidelines.
Agent
database-specialist

Oracle/PostgreSQL optimization, query tuning, and bulk operations.
Agent Featured
project-coordinator

Hub orchestrator that delegates to specialist agents and manages cross-project workflows.
Agent
research-analyst

External research — libraries, best practices, and API documentation.
Agent Featured
security-analyst

Offensive security specialist for pen-testing, vulnerability analysis, and CTF challenges.
Agent
skill-updater

Framework sync via /skill-sync — keeps components up to date.
Agent Featured
solution-architect

Strategic architect for feature design, technical feasibility, and governance analysis.
Agent
spring-boot-specialist

Spring Boot migration, patterns, and architecture specialist (v2-4).
Agent
test-specialist

Unit and integration testing, coverage analysis, and QA.
Skills (20)
Skill
acceptance-verification

Verify GitHub issue acceptance criteria against codebase evidence.
Skill
batch-review

Batch processing — agent swarms, API batches, and sequential chains.
Skill
code-review

Language-agnostic code review with project-aware convention checks.
Skill
ctf-pentesting

Structured pen-testing and CTF methodology for security learning.
Skill
e2e-visual-regression

"Visual regression — baselines, tolerance, debugging, cross-platform."
Skill
fitness

Quality fitness checks with configurable thresholds and gates.
Skill
lint-debt

Track, audit, and create GitHub issues for lint suppression comments across your codebase. Ensures every lint bypass has
Skill
pre-commit

Lint and syntax checks on staged files before committing.
Skill
project-board

Project board — issues, sprints, releases, and triage. Supports GitHub, Jira, YouTrack.
Skill
project-status

Project status reports from git history, sessions, and WIP state.
Skill Featured
secrets-setup

1Password-based secrets management — zero plaintext secrets across all machines and CI/CD.
Skill Featured
security-baseline

OWASP-aware security rules that adapt to your project's language and framework.
Skill
session-resume

Auto-loads session context — git activity, WIP state, and continuity.
Skill
session-sync

Cross-machine sync — verifies agents, skills, and config match remote.
Skill Featured
skill-sync

Checksum-based framework updater that preserves your customizations.
Skill Featured
smoke-test

Smoke test all endpoints and auto-create GitHub issues for failures.
Skill
tech-intel

Dependency updates, security advisories, and ecosystem intelligence.
Skill
test-scaffold

Generate test file scaffolds — language-agnostic with config support.
Skill
workflow-analysis

Business workflow analysis — stakeholder maps, flows, and risk assessments.
Skill Featured
workspace-monitor

Proactive log and build monitoring that detects issues before you report them.
Industry First

AI-Governed Development Lifecycle

The only framework that governs the entire AI-augmented workflow — from research quality to production deployment. Four features no other tool has.

Source Authority Model

Novel

5-tier classification (T1-T5) for research sources. AI agents weight findings by authority — official docs (T1) outweigh blog posts (T4). AI-generated slop (T5) is automatically discarded. Decisions require T1-T2 backing.

No equivalent in any AI coding framework

Research paper

Team-Aware Estimation

Novel

Every task tagged with its executor: human, AI, or human+AI. Parallel AI work is free — the human review bottleneck is the real critical path. No more fictional "developer-days" estimates.

Scrum.org identifies the problem — no tool solves it

Research paper

Graduated Fitness Gates

Novel

Quality thresholds that increase as code moves toward production: lint 60% → commit 80% → test 85% → merge 90% → deploy 95%. One unified scoring model across the entire pipeline.

SonarQube has 1 gate — we have 5 graduated

Research paper

Recursive Epic Verification

Novel

Verify an epic and it automatically verifies every sub-issue. Evidence gathered from code, tests, and git history. PASS / PARTIAL / FAIL per criterion. Epic blocked until all children pass.

Jira checks open/closed — we verify acceptance criteria

Research paper

Board Workflow with Transition Matrix

Strict forward flow. Controlled backward transitions. No skipping columns.

Full transition matrix, compliance mapping, and competitive analysis
Roadmap
Ideas
Backlog
Accepted
Todo
Sprint
In Progress
Active
To Be Tested
Review
Done
Verified
Human Approval Gate — no ticket reaches Done without explicit sign-off. CI automation stops at To Be Tested.
Quality increases with each gate
Lint
60%
Commit
80%
Test
85%
Merge
90%
Deploy
95%

Research-First

Adopt > Adapt > Build. Mandatory research before implementation. Authority-weighted decisions.

SOX Compliance

Different-approver enforcement, dual approval, attributed closures. CI respects the gate.

WIP Limits

Configurable per-column limits prevent context-switching overload. Blocked items tracked.

Agile Metrics

Cycle time, lead time, throughput, flow efficiency. Sprint trend analysis built in.

In Pipeline

EU AI Act Ready

No AI coding framework — commercial or open source — addresses EU AI Act compliance. We are building it: 13 issues, 3 pillars, one epic.

Art. 50

Transparency

Planned
  • AI interaction disclosure at session startup
  • AI identity markers in agent YAML frontmatter
  • Git trailers for AI provenance tracking
Art. 9-15

Risk Management

Planned
  • Structured JSON Lines audit log format
  • Per-file SHA-256 integrity checksums
  • Emergency stop mechanism via marker file
  • Minimum security level enforcement
Art. 95

Governance

Planned
  • System card — capabilities, limitations, failure modes
  • Code of Conduct for voluntary AI Act adoption
  • Audit log schema + SIEM integration guide
  • Adversarial hook bypass testing
Zero competitors address EU AI Act in their AI coding frameworks. Cursor, Windsurf, Copilot, ruflo — none have compliance on their roadmap.
Follow the 13-issue compliance epic on GitHub

Certification Alignment

Validated against Anthropic's Claude Certified Architect — Foundations exam standard. Grade A across all 5 domains.

Score: ~959 / 1000 | Passing: 720

Last verified: 2026-03-23 13:30:00

Agentic Architecture & Orchestration

27% of exam
A
  • Hub-and-spoke with 10 specialist agents
  • Deterministic hooks for enforcement
  • Smart delegation with escalation

Tool Design & MCP Integration

18% of exam
A
  • Structured error responses (errorCategory, isRetryable)
  • Scoped tool access per agent
  • Context7 MCP integration

Claude Code Configuration & Workflows

20% of exam
A
  • .claude/rules/ with path-scoped globs
  • @import modular CLAUDE.md
  • context:fork + argument-hint skills

Prompt Engineering & Structured Output

20% of exam
A
  • Few-shot examples in all 10 agents
  • Multi-pass review for large PRs
  • Explicit criteria with structured findings

Context Management & Reliability

15% of exam
A
  • compact-reminder survives 100K+ compaction
  • Graduated escalation (allow / ask / deny)
  • Structured error propagation for recovery
5 / 5 Domains at Grade A Full Report →

Ref: Claude Certified Architect — Foundations Exam Guide v0.1 (Anthropic, 2026) · 5 domains, 30+ task statements

Reference Implementation

Proven in Production

TIMS (Task Information Management System) is the flagship project built on cognitive-core. The v2 workflow maturity audit scored 4.79/5 — 63% above industry average for comparable teams.

4.8 / 5
Maturity Rating
Advanced+ (Level 4-5)
10 Agents
AI Team Members
1 human + 10 AI
95
Project Board Items
7-column Kanban
5 stages
CI/CD Fitness Gates
Lint > Build > Test > Deploy > Smoke

Workflow Maturity Audit v2

Assessment vs. industry average (sources: DORA 2025, OWASP DSOMM, ThoughtWorks, Puppet)

Full audit methodology, evidence, and sources (T1-T2)
Issue Lifecycle Management 5 / 5
Sprint/Iteration Management 4.5 / 5
Branching Strategy 4.5 / 5
CI/CD Pipeline 5 / 5
Code Quality & Standards 5 / 5
AI-Assisted Development 5 / 5
Security & Governance 4.5 / 5
TIMS (cognitive-core)
Industry average (5-10 dev team)

AI-Augmented Team Model

10 specialized AI agents operate as full team members — not passive tools

O
Project Coordinator
Opus-class
O
Solution Architect
Opus-class
O
Web Research Analyst
Opus-class
O
Database Specialist
Opus-class
S
Code Standards Reviewer
Sonnet-class
S
Test Specialist
Sonnet-class
S
Security Analyst
Sonnet-class
S
Skill Updater
Sonnet-class
S
Angular Specialist
Sonnet-class
S
Spring Boot Specialist
Sonnet-class
H
Project Owner / Lead Developer
Human

Key Audit Findings

State Machine Issue Tracking
7-column Kanban with enforced transitions, auto-sprint assignment, and acceptance verification
5-Gate Evolutionary CI/CD
Progressive fitness gates (lint 60%, commit 80%, test 85%, merge 90%, deploy 95%) with Docker-containerized runners
Code Quality 5.0 / 5
Multi-layer enforcement: editor config, pre-commit hooks, CI lint gates, and agent-assisted review
Playwright Smoke Tests
45 endpoint smoke tests run automatically after every deployment to K3s
"The cognitive-core framework with 47 skills, 10 agents, and automated hooks represents the most sophisticated AI-assisted development workflow I have encountered for a project of this size."

— Workflow Maturity Audit v2, March 2026

Roadmap

Built in Europe. For European needs. With global ambition.

Current

v1.0.0
Shipped
  • 10 specialist agents with hub-and-spoke coordination
  • Source Authority Model (T1-T5) — AI slop filtering
  • Team-aware estimation — human+AI critical path
  • Graduated fitness gates (60% → 95%) across pipeline
  • SOX-compliant board: approval gate, WIP limits, blocked state
  • Recursive epic verification with evidence gathering
  • Batch-review skill with 3-tier processing strategy
  • Information provenance (W3C PROV vocabulary)
  • Session lifecycle state machine (A2A-inspired)
  • Shared MCP server for all adapters
  • Multi-adapter: Claude Code, Aider+Ollama, IntelliJ
  • 11 language packs, 3 database packs, 47 skills
  • Certification alignment: 959/1000 (Grade A, all 5 domains)
  • Automated releases via release-please

Next

v1.x
In Progress
  • VS Code adapter (Copilot + Continue.dev + Cline)
  • Eclipse adapter (Copilot + EclipseLlama)
  • Cursor and Windsurf adapters
  • Enterprise Pack Manifest — installable, updateable custom bundles
  • Integration test suite — end-to-end verification
  • EU AI Act compliance — 13-issue epic (Art. 50 + voluntary Art. 9-15)
  • Step-by-step tutorials and video course

Enterprise

Available
Now
  • Custom agents and skills for proprietary technology stacks
  • Custom language packs (SAP, Liquid UI, legacy frameworks)
  • Custom hooks for corporate security policies
  • Stack assessment + configuration service
  • Team training workshops (half-day / full-day)
  • Free for academic and individual use — contact us for commercial licensing

Build Your Own

cognitive-core is fully pluggable — extend it with custom components

Agents

Create specialist agents with custom tool permissions and model selection. Define expertise, allowed tools, and delegation rules.

View Template

Skills

Add composable skill packs for code review, testing, deployment, or any workflow. Skills are invocable commands with scoped tool access.

View Template

Packs

Language packs, database packs, hooks — adapt the framework to your stack. Each pack brings patterns, skills, and conventions for a technology.

View Guide

Community

Contribute agents, skills, and packs to cognitive-core. Help shape the future of AI-augmented development.

Join Discussions Star on GitHub Contribute

Get started in 3 steps

Clone, install, code. Your Claude Code sessions get security, agents, and skills automatically.

1

Clone the framework

$ git clone https://github.com/mindcockpit-ai/cognitive-core.git
2

Install into your project

$ ./cognitive-core/install.sh /path/to/your-project

Interactive setup: choose language, agents, skills, and security level.

3

Start Claude Code in your project

$ cd /path/to/your-project && claude

Hooks load automatically. Agents are ready. Security guard is active.

Keep up to date

Connected projects check for framework updates at session start. When updates are available:

$ ./cognitive-core/update.sh /path/to/your-project

Checksum-based updater: your customizations are preserved, only unmodified framework files are updated.

Step-by-step recipes

New to cognitive-core? Our recipes walk you through common workflows — from your first install to multi-agent coordination.

Browse recipes