Editor signal.
Enforcement aligned.
Iris Code is most useful when the health score you see in the editor is the same score that gates a push or build. The CLI is the bridge — verify locally, automate in hooks, and roll out one shared quality policy without inventing a second CI-only setup.
Local verification
Run Iris Code before you push so the same scoring rules fire locally, in hooks, and in CI. One policy, three checkpoints — editor, hook, pipeline.
Full workspace scan
Score every file in one pass. Iris Code uses the same engine as the editor sidebar — no drift between what you see and what the gate checks.
Score a file or the whole workspace. Same engine as the editor sidebar — no drift between what you see and what the gate checks. Single-file scans are free; directory scans require Pro.
Scan for hardcoded API keys, tokens, and passwords across JS/TS/Go/Python. No licence required.
FreeScan for eval usage, SQL injection, insecure RNG, weak hashing, and more. No licence required.
FreeHook installation
Install Git and build hooks when the team is ready to block pushes or builds that fall below the agreed threshold. One command, zero boilerplate.
Block at the push boundary
The Git hook runs iris check on every push and blocks if any file falls below the configured threshold. Install it once — the hook lives in .git/hooks/ and runs locally for every developer.
Runs on pre-push. Scans the whole workspace and blocks the push if any file falls below the threshold. Zero config after install.
FreeWires into your build command — npm prebuild for Node, a Makefile target for Go/Python. Fails the build when workspace health drops.
ProSee which hooks are installed — git and build, in one command. Free.
FreeTeam rollout
Use one committed .irisconfig.json so editor diagnostics, Gate Preview, and enforcement all speak the same policy. Every developer gets the same rules — no drift between machines.
One file.
One policy.
Commit .irisconfig.json to your repo. The editor, hooks, and CI all read from the same source — a threshold change is a one-line diff that the whole team gets on pull.
Interactively generate .irisconfig.json from a preset (legacy, balanced, or strict). Free — Pro users can also set custom gate limits.
FreeChecks your config for schema errors, unknown keys, and invalid values — before you commit.
FreeFull enforcement gate with machine-readable JSON output — pipe into CI reporters, dashboards, or Slack alerts.
ProEvery command
All twelve Iris Code CLI commands in one place. Full flags and exit codes live in the command reference.
Sign in via browser or licence token. Stored at ~/.iris/credentials.
FreeSingle-file scan is free. Directory, --staged, and --changed on Pro.
Hardcoded credentials, API keys, and tokens. No auth required.
FreeEval usage, SQL injection, insecure RNG, weak hashing, and more. No auth required.
FreeAudit package.json, go.mod, and requirements.txt for CVEs. Lockfile-aware and monorepo-aware.
ProSame scan as deps, but exits 1 only at or above a --severity threshold. Built for CI gates.
ProExport a CycloneDX 1.5 SBOM across npm, Go, and Python. Fully offline.
ProCollect every TODO, FIXME, and HACK comment across the codebase.
ProFull enforcement gate. Exits 1 below threshold. Designed for CI.
ProExport a standalone HTML health report to the current directory.
FreeStatus check is free. Install/uninstall pre-push and build hooks on Pro.
init generates a config with a preset; validate checks an existing one.
FreeWhere to go next
Depending on where your team is, one of these paths gets you to enforcement fastest.