The capability layer for AI-written software
No software should gain new power silently.
Every change your AI ships can read a secret, reach the network, or run a command. Evrel detects the exact moment new power appears in your codebase — and proves how.
AI now writes most code. Reviewers can't read it all, and tests don't catch new authority. So software quietly acquires the power to touch secrets, networks, files, and shells — and nobody decided to allow it. Evrel makes that decision explicit, provable, and yours.
Capability diff
See new power the instant it lands.
Evrel reads code with a real compiler and tracks capability across functions and files. A pull request stops being a wall of text and becomes a capability diff — power gained and lost, line by line.
Try it on a real package
Enter any published npm package and version to get a capability report.
Scan a packageKnow exactly what your code can do.
Capability inventory
Every power your codebase holds — by module, route, and package — live and queryable.
Capability diff & policy
Block silent capability creep in CI. "No module gains shell access without sign-off" becomes enforceable.
Authority findings
See the exact environment, network, file, process, and code-loading powers modeled for each package.
Bring authority to your codebase.
We're working with a small group of security and platform teams. Tell us what you'd want to watch — it shapes what we ship first.