Uneven AI — Autonomous Local AI Agent

v0.11.1 — Master Series

THE AI THAT
GUARDS
YOUR CODE

Autonomous. Local. Relentless.

Uneven AI runs entirely on your machine — no cloud, no API keys, no subscriptions required. It watches your terminal, fixes errors in real time, audits security continuously and logs everything. Rust-powered for maximum performance.

npm install uneven-ai

Quick Start →

100%

Local

API Keys

⚡ GPU

Accelerated

// Real-time agent

WATCHES.
FIXES.
LOGS.

Uneven AI spawns alongside your dev process, reading stdout and stderr in real time. The moment an error appears, it diagnoses the cause, applies a surgical fix and writes a detailed entry to .uneven-ai/log.md — with file, line, column, diff and recommendation.

uneven-ai watch

$ uneven-ai watch --cmd "npm run dev"// Uneven AI v0.11 — local agent active// knowledge base indexed ✓ ▶ watching terminal output... ✗ error detected src/auth/service.ts:42:18 TypeError: Cannot read 'id' of undefined ⚙ diagnosing... user object may be null on invalid token ✓ fix applied return user?.id ?? null ✓ logged .uneven-ai/log.md _

// Capabilities

WHAT UNEVEN AI
CAN DO

Every power works locally, in real time, configured via a single TypeScript object.

⚡

AUTO FIX

Parses stack traces with file, line and column precision. Semantic search retrieves relevant context from your KB. The Rust engine applies a surgical diff via the `similar` crate — no full rewrites.

similar · surgical diff

👁

TERMINAL WATCH

Spawns alongside any running process — npm, cargo, python, node, any command. Reads stdout and stderr in real time via Tokio async runtime. Zero CPU overhead when idle.

tokio::process

🔐

PENTESTER MODE

Static and active security scanning with built-in Ethical Guardrails. Proactively blocks malware generation and exploit creation while enforcing strict authorization scopes for active testing.

ethical guardrails · owasp

🧠

LOCAL LLM

LLaMA 3.2 via Candle (Rust) with full GPU/CUDA acceleration. Pluggable brain: swap to OpenAI, Claude, Gemini or Ollama via a single config line while keeping all other powers locally.

gpu accelerated · candle

📚

DOCUMENT INTEL

Advanced Document Intelligence: PDF, Excel (.xlsx), Word (.docx) and CSV Pro. Indexes structured and unstructured business logic from your files into a semantic usearch vector store.

doc-ai · usearch

📋

STRUCTURED LOG

Every event is written to .uneven/log.md with timestamps, file paths, line/column precision, and surgical diffs. Fully searchable and auditable activity history.

.uneven/log.md

🦠

MALWARE SCANNER

Detects reverse shells, obfuscation, crypto mining, and supply chain attacks. The Master Series protection now audits code suggestions generated by AI for maximum safety.

uneven scan

📊

DATA ANALYST

Natural language → Insights. Connect to databases or query directly from local CSV and Excel files. 3-layer security ensures sensitive data never reaches the LLM.

file-analyst · sql

⚙️

CI/CD PIPELINE

Headless pipeline: TypeScript typecheck → malware scan → test suite. Exit code 0 = pass, 1 = fail. Writes step summary to GitHub Actions via $GITHUB_STEP_SUMMARY.

uneven ci

// Brain Engine

SWAP THE
BRAIN.
KEEP THE POWER.

Uneven runs a local LLM by default — zero cloud, zero API key. The brain is pluggable. Swap to any provider via a single config line without changing anything else.

Local LLM

Recommended

Embedded LLM via Candle (Rust). Now with GPU Acceleration. Runs LLaMA 3.2 fully on-device. 100% offline, no API key, no subscriptions. Recommended for privacy.

provider: 'local'

Google Gemini

Best Cloud Choice

Gemini 2.0 Flash & Pro. The best cloud-value brain. Superior performance with minimal cost. Recommended as the primary cloud fallback.

provider: 'gemini'

Ollama

Local Install

Delegates inference to a local Ollama daemon. Supports any model in the Ollama library. Requires Ollama installed on your machine.

provider: 'ollama'

OpenAI

Cloud Brain

GPT-4o and O1 models. Industry standard intelligence. Connect your OpenAI account while keeping your project data local and safe.

provider: 'openai'

Anthropic Claude

Cloud Brain

Claude 3.5 Sonnet and Opus. Exceptional coding reasoning. Best for complex architectural tasks when cloud usage is preferred.

provider: 'claude'

ℹ All five providers share identical behavior — file watching, auto-fix, pentester mode and knowledge base run locally regardless of which brain is active. Only the LLM inference changes.

TypeScript

1import { UnevenConfig } from 'uneven-ai'
2
3const config: UnevenConfig = {
4
5  // brain engine
6  brain: {
7    provider: 'local',   // or 'openai' | 'claude' | 'gemini'
8    model: 'llama3.2',
9    temperature: 0.3,
10  },
11
12  // knowledge sources
13  knowledge: {
14    dirs: ['./src', './docs'],
15    files: ['./README.md'],
16    db: { url: process.env.DATABASE_URL },
17    urls: ['https://docs.example.com'],
18  },
19
20  // terminal watcher
21  watch: {
22    terminal: 'npm run dev',
23    autoFix: true,
24    confirmBeforeFix: false,
25  },
26
27  // security analysis
28  pentester: {
29    enabled: true,
30    mode: 'active',
31    target: 'http://localhost:3000',
32    static: { owasp: true, secrets: true, deps: true },
33    bruteforce: { enabled: true, detectRateLimit: true },
34  },
35
36  // log
37  log: {
38    path: './.uneven-ai/log.md',
39    includeDiff: true,
40  },
41
42}
43
44export default config

// Quick Start

UP IN
3 STEPS

INSTALL

Install Uneven AI globally or as a dev dependency. The Rust core compiles automatically on first install via napi-rs.

npm install uneven-ai

INITIALIZE

Scaffolds uneven-ai.config.ts, creates .uneven-ai/ folder and downloads the default LLM model (~1.5GB, one time only).

npx uneven-ai init

START

Indexes your knowledge base, spawns alongside your dev process and starts watching. The full agent in one command.

npx uneven-ai start

// System requirements

Node.jsv18+

RAM4GB min · 8GB+

Disk~2GB (model)

OSLinux · macOS · WSL2

// Pentester Mode

SECURITY
NEVER
SLEEPS

Uneven's Master Series now features active Ethical Guardrails. It doesn't just find vulnerabilities; it refuses to create them. Every AI suggestion is audited against a defensive constitution to ensure malware and exploits never reach your source code.

⚠ Active mode should only be used on systems you own or have explicit authorization to test.

CRITICAL

Ethical Safety Guard

Proactively blocks the generation of malware, reverse shells, cracking scripts and credential-theft payloads.

CRITICAL

SQL Injection

Real payload injection against live endpoints, not just code analysis.

CRITICAL

Exposed Secrets

API keys, tokens and passwords hardcoded in source files.

HIGH

Brute Force Exposure

Detects missing rate limiting on authentication endpoints.

HIGH

XSS Reflected

Tests real payloads against routes for reflected cross-site scripting.

MEDIUM

Open Ports

Async port scanning detects unnecessarily exposed services.

MEDIUM

CORS Misconfiguration

Detects overly permissive cross-origin resource sharing policies.

LOW

Missing Security Headers

CSP, HSTS, X-Frame-Options and X-Content-Type-Options audit.

LOW

Vulnerable Dependencies

CVE lookup via npm audit and OSV database on every save.

CRITICAL

Supply Chain Attack

Detects curl | bash patterns in postinstall scripts and typosquatted package names.

HIGH

Reverse Shell / Obfuscation

Detects /dev/tcp, eval(atob()), large String.fromCharCode arrays and crypto mining references in source files.

// Command Line

FULL
CLI
INTERFACE

uneven-ai init

Scaffolds uneven-ai.config.ts in your project, creates .uneven-ai/ folder and downloads the default LLM model (~1.5GB, one time only).

uneven-ai index

Indexes all configured knowledge sources — local files, database tables and external URLs — into the local vector store.

uneven-ai start

Starts the full agent: terminal watcher, file watcher, knowledge base and pentester if configured. The primary entry point.

uneven-ai watch

Starts only the terminal watcher. Reads stdout/stderr of your dev process in real time. Pass --cmd to specify the process.

uneven-ai ask

Queries the knowledge base directly from the terminal. The agent searches your indexed project, DB and docs to answer.

uneven-ai pentest

Runs the security analysis engine manually. Performs static and/or active testing based on your pentester config.

uneven-ai log

Displays the current .uneven-ai/log.md formatted in the terminal. Shows all errors, fixes and security findings.

uneven-ai reset

Clears the vector store (vectors.usearch) and re-indexes everything from scratch. Use when knowledge base is stale.

uneven-ai scan

Scans for malware and compromised dependencies. Detects reverse shells, obfuscation, supply chain attacks and typosquatting. Exit code 1 on critical/high findings (CI-compatible).

uneven-ai analyze

AI data analyst interactive REPL. Natural language → SQL → execute → Excel/dashboard. Pass --db <url> for PostgreSQL, MySQL, SQLite or MongoDB. --package-exe exports as a portable .exe.

uneven-ai ci

Headless CI pipeline: TypeScript typecheck → malware scan → test suite. Exits 0 on pass, 1 on fail. Use --github to write step summaries to GitHub Actions.

examples

# install globally$ npm install -g uneven-ai # or use via npx$ npx uneven-ai <command> ────────────────────────── $ uneven-ai watch --cmd "npm run dev"// watch dev server $ uneven-ai watch --cmd "cargo run"// watch rust project $ uneven-ai ask "how does processPayment work?"// query codebase $ uneven-ai pentest --mode active// run full pentest _

// Programmatic API

import { Uneven } from 'uneven-ai'

    const ai = new Uneven(config)

    await ai.init() // index +
      setup
    await ai.watch() // start
      agent
    await ai.pentest() // run
      security
    await ai.ask('...') // query KB
    await ai.stop() // cleanup

    // Events
    ai.on('error-detected', fn)
    ai.on('fix-applied', fn)
    ai.on('pentest-finding', fn)
    ai.on('indexed', fn)