AST Interceptor — Gate 1: Supply Chain Watchdog
Mission: Blocks malicious AI commits before they ever reach version control.
Core Actions
scan_python_code— AST walk for eval/exec/credentials/packagesscan_javascript_code— Babel parser with regex fallbackauto_strip_credential— Detect hardcoded secretsquarantine_eval— Block eval() / exec()block_unverified_package— Reject non-allowlist imports
Demo Beat 4
Malicious code (MD5 + eval() + hardcoded key) submitted. Gate 1 fires:
BLOCKED — credential_detected line 4, eval_usage quarantined line 8
Reward: +200 | 1.5× multiplier ACTIVE | Pipeline Integrity: 1.0
Reward Breakdown
| Event | Reward |
|---|---|
| Catch at Gate 1 | +100 |
| Credential detected | +50 |
| Eval quarantined | +50 |
| 1.5× multiplier active | +150 |
| False positive block | −30 |
| Missed + caught later | +20 |
Failure Modes Guarded
- Allowlist too strict → curated safe-list prevents false positives
- Eval() in string literals → AST distinguishes Call nodes from strings
- Babel timeout → graceful regex fallback
Usage
from AST_Interceptor import Gate1Interceptor
interceptor = Gate1Interceptor()
result = interceptor.scan(code, language="python")
Files
AST_Interceptor.py— Core scanner module (500+ lines)AST_Interceptor_test.py— Test suite (10/10 tests)gate1_ast_interceptor.py— Alternate name (identical)test_gate1.py— Alternate name (identical)
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support