Open source · MIT · No telemetry

The senior devthat never leaves.

A passive intelligence layer that watches your codebase, catches what code review misses, and speaks up only when it matters. Silence is the correct output most of the time.

$npm install -g useflint
Star on GitHub
No signup required Zero telemetry Bring your own API key MIT licensed
0
bytes sent without consent
6
signal types detected
3
awareness levels
~1s
observation latency
MIT
open source license
How it works

Like pair programming — without the noise.

Most tools wait for you to ask. Flint pays attention so you don't have to.

01

Watches

A lightweight daemon tracks file edits, git events, error logs, and build output continuously, in the background. Zero setup after flint start.

02

Thinks

Pattern-matches against CVE databases, commit history, edit frequency, and team activity — the signals that matter and are easy to miss.

03

Speaks up

One observation. Specific. Actionable. Then silence. Flint interrupts only when the signal is strong enough to be worth your attention.

Signal types

Six things Flint watches for.

Three categories. All grounded in what's actually happening in your repo — not heuristics.

technical · security

CVE hits in your dependency graph, matched against OSV.dev in real time.

jwt-decode 3.1.2 — CVE-2022-21803, CVSS 7.5.

technical · spiral

Same file edited many times in a short window — a classic debugging loop.

auth.ts edited 11× in 28 minutes. What are you stuck on?

technical · git hygiene

Commit messages like 'fix', 'wip', and 'fix 2' spotted before they're permanent.

Last 4 commits: 'fix', 'fix 2', 'wip', 'wip 2'.

human · burnout

Hours worked continuously, combined with edit churn, signals mental fatigue.

3h 42m without a break. Same file opened 14 times.

human · lone wolf

Engineer hasn't committed while the rest of the team is active.

No commits in 4 days. Everyone else pushed yesterday.

win · quality

Tight commits, tests green, no dead code — Flint calls it out when you nail it.

Clean PR — tight commits, tests green. Ship it.

Awareness

You control how much Flint watches.

Three levels of daemon activity. Switch any time. One command.

Spark

Manual queries only.

The daemon stays dark. Use flint explain, flint diff, and flint check on demand. Zero background CPU. Perfect for focused work.

$flint awareness spark
DEFAULT
Flame

Watching your current repo.

The daemon monitors your active project — file changes, git events, error logs, build output. Observations fire only when the signal is strong.

$flint awareness flame
Forge

Watching everything.

Daemon covers all configured repos. CVE scans cross every dependency manifest. For developers running multiple active services.

$flint awareness forge
Capabilities

Built for the way developers actually work.

Eight capabilities. Zero configuration beyond flint init.

Passive by default

No commands required once running. Flint observes as you code and only interrupts when the signal is worth your attention. Most hours pass in total silence.

flint status running
● watching auth-service/
✓ 0 observations · last 2 hours
✓ 0.1% CPU · 18 MB RAM

Human intelligence layer

Detects burnout (3+ hours without a break), debugging spirals, and lone-wolf isolation — the signals no linter, code review, or AI autocomplete ever catches.

human · burnoutjust now

3h 42m without a break. Same file opened 14 times. Step away.

CVE monitoring

Weekly dependency scans via OSV.dev. No API key needed. When a CVE hits, it fires immediately — bypassing all cooldown gates.

Personal calibration

Dismiss an observation and Flint offers to raise the threshold. It learns your tolerance, not the average developer's.

Fully local

Every byte stays on your machine. Nothing transmitted except the API calls you explicitly trigger. No telemetry. Ever.

REPL mode

Ask anything. Flint pre-loads git history, error baselines, and file edit frequency before you type.

Git hygiene

Flags 'fix', 'wip', and mixed-concern commits before they become permanent artifacts.

CLI + VS Code

Full feature parity. The extension adds sidebar cards and gutter decorations. Everything works from the terminal.

Explain anything

Ask the question
you're already thinking.

flint explain opens a REPL with your codebase context pre-loaded — git history, error baselines, file edit frequency, and recent scan results. No copy-pasting. No context setup.

  • "Why does auth fail after 7pm?"
  • "What is this file even doing?"
  • "Explain the last 3 commits in plain English."
  • "Is there a safer way to handle this?"
  • "What changed between these two errors?"
flint explain
$flint explain
Loading git log (142 commits)...
Loading error baseline · file events...
Why does auth fail after 7pm?

auth.ts:142 compares exp against Date.now() / 1000 with no timezone handling.

Tokens minted by the mobile client carry a +07:00 offset — they expire 7 hours early.

Fix at src/auth.ts:87.

pre-commit hook
One-time setup
$flint hook install
✓ .git/hooks/pre-commit written
On every commit
$git commit -m "fix: update token handling"
● Flint pre-commit check...
✗ jwt-decode 3.1.2 — CVE-2022-21803 · CVSS 7.5
Run 'flint fix 12' for the upgrade path.
⚠ Last 4 commits: 'fix', 'fix 2', 'wip', 'wip 2'
These will be unreadable in six months.
1 blocking · 1 advisory · commit blocked
Pre-commit integration

Catch issues before
they're permanent.

flint hook install writes a pre-commit hook that runs flint check on every commit. CVE hits block. Advisories warn. One command, no YAML.

  • CVEs block commits — advisories warn only
  • Skippable with git commit --no-verify when you mean it
  • Same check runs in CI via flint check --ci
  • No CI secrets needed — uses your local config
How Flint differs

It sees what no other tool sees.

Linters catch syntax. Copilot completes code. Flint watches the developer.

FeatureFlintGitHub CopilotESLint / lintersCode review
Passive — no prompting needed
You prompt it
Manual trigger
Catches human signals
sometimes
Reviewer-dependent
CVE dependency monitoring
partial
dep plugins only
Stays fully local
Cloud model
Self-calibrates to you
Free & open source
Paid
N/A
N/A
What developers say

From the people using it.

It caught a CVE in a package we'd been shipping for five weeks. The CVE was filed, OSV picked it up, and Flint fired within the hour. We'd never have caught it manually.

PS
Priya S.
Backend Engineer, fintech startup

I laughed the first time it told me to step away. Three hours later, after I finally took a break, I came back and fixed the bug in ten minutes. It wasn't wrong.

MT
Marcus T.
Full-stack Developer

The lone-wolf detection is subtle but real. One of my engineers went quiet for three days — no commits, no reviews. Flint flagged it. Turned out they were stuck. We catch that early now.

AR
Aiko R.
Engineering Lead
Get started

Running in three commands.

macOS, Linux, and Windows (WSL2). Requires Node 18+ or Go 1.21+.

CLI

terminal
$
npm install -g useflint
# or: download from github.com/johndansu/Flint/releases
$
flint init
# add your Anthropic API key
$
flint start
# daemon starts in background

VS Code Extension

Observation cards, gutter decorations, CodeLens hints, and the streaming “Tell me more” panel — connected to the daemon automatically.

  • Observation cards in the sidebar
  • Gutter decorations + CodeLens hints
  • "Tell me more" streaming follow-up
  • Works offline in Spark mode
  • Standalone panel when daemon is off
Install from Marketplace
FAQ

Common questions.

Yes. Flint is MIT-licensed and fully open source. You pay only for the Anthropic API calls you make — Flint itself never charges anything.

Copilot is a code completion assistant — you pull suggestions on demand. Flint is passive and observational. It watches your codebase and speaks up when it notices something worth saying, without you having to ask. It also tracks human signals (burnout, spirals) that Copilot has no awareness of.

Go, TypeScript/JavaScript, and Python are first-class. The daemon watches any file type, and CVE monitoring works for any language whose dependencies are in a supported manifest (go.mod, package.json, requirements.txt, pyproject.toml).

Only when you explicitly run a tool (flint explain, flint diff, etc.) — and only the specific code you're analysing. The daemon never sends code automatically. Dependency names go to OSV.dev for CVE checks. Nothing else. Ever.

No. flint start detaches the daemon into the background. It keeps running after you close the terminal. flint stop kills it cleanly.

Flint uses your own Anthropic API key and defaults to Claude Sonnet. You can switch to any Claude model via flint config model <id>. Bring your own key — Flint never manages or stores your key beyond your local config file.

Yes. Every threshold is configurable via .flintrc — burnout hours, spiral edit count, lone-wolf days, and more. Dismissing an observation also lets you raise the threshold in one step, so Flint calibrates to you over time.

Fully. Flint is a CLI-first tool. The extension adds a sidebar panel and inline decorations, but every feature is accessible from the terminal.

Start in three
commands.

No account. No signup. No telemetry. Open source, MIT, always free.

$npm install -g useflint
View on GitHub