Skillget

keen-code

agent
Security Audit
Fail
Health Pass
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Community trust — 12 GitHub stars
Code Fail
  • child_process — Shell command execution capability in npm/bin/keen.js
  • fs module — File system access in npm/bin/keen.js
  • child_process — Shell command execution capability in npm/postinstall.js
  • fs.rmSync — Destructive file system operation in npm/postinstall.js
  • fs module — File system access in npm/postinstall.js
  • rm -rf — Recursive force deletion command in scripts/install.sh
Permissions Pass
  • Permissions — No dangerous permissions requested
Purpose
This is a minimal, terminal-based AI coding agent written in Go. It is designed to help software engineers with everyday coding tasks by executing commands and interacting with local files.

Security Assessment
Overall Risk: Medium. As a coding agent, the tool inherently requires broad system access to function correctly, meaning it will read and modify your local files and execute shell commands. However, the installation scripts raise significant concerns. The npm package includes post-install scripts capable of executing shell commands and performing destructive file operations. Additionally, the bash installer explicitly uses `rm -rf` (recursive force deletion). While these capabilities are expected for an automated development tool, running untrusted install scripts always poses a risk to your local filesystem. No hardcoded secrets or dangerous permission requests were detected.

Quality Assessment
The project is active and well-documented, with its most recent updates pushed today. It operates under the permissive and standard MIT license. Community trust is currently very low, as it is a new project with only 12 GitHub stars. This means the codebase has not been widely reviewed by external security researchers or heavily battle-tested by a large user base.

Verdict
Use with caution. While the application itself functions as intended, users should carefully inspect the `postinstall.js` and `install.sh` scripts before running them, and always execute coding agents in isolated environments.
SUMMARY

A minimal CLI-based coding agent written in Go

README.md
Keen Code

Latest Release
Build Status
Go Version
License

Keen Code demo

Keen Code is a terminal-based AI coding agent like Claude Code or OpenCode. Written in Go, it is simpler, lighter, and avoids feature bloat. It is designed to be a minimalistic but useful coding agent for typical software engineering tasks.

Keen Code is also highly opinionated. It avoids features that are not necessarily needed or useful for a regular software engineer. It tries to avoid unnecessary complexity and attempts to keep the agent harness as simple as possible.

Keen also has higher trust in the models. This is why Keen doesn't have a plan mode because SOTA models are very capable of planning tasks without attempting to make edits to the codebase. These models have gone through rigorous post-training which includes effective planning and execution capabilities.

From requirements to implementation, Keen Code was engineered using a wide range of coding agents and agentic IDEs like Cursor, Windsurf, Claude Code, OpenCode, Codex CLI, and Kimi CLI. Note that it was always a single agent that was used to develop the project at any given time. No multi-agent orchestration was used.

By far, AI coding agents are the most ubiquitous use case for AI in the era of AI agents. The goal of the project is to showcase how coding agents can be used to develop the coding agents themselves. This is why most prompts are saved as markdown files in the .ai-interactions directory.

Keen Code is an experiment to play with the new way of working where engineers work with AI agents to develop software. In this setting, engineers are sometimes referred to as "orchestrators".

Table of Contents

Development Philosophy

Developing Keen Code is guided by the following philosophy:

  • All the code is written by AI agents, not humans
  • The project is developed iteratively using spec-task-code-review cycle by a human engineer
  • The human engineer has a very strict set of roles:
    • Specifiy and clarify the requirements
    • Review design docs and influence design decisions
    • Review changes made by the agents
      • Changes can also be reviewed by the agents themselves
    • Ensure the quality and correctness of the code
    • Focus on best practices and standards relevant to the programing language (Go in this case)
    • Thoroughly review and test the product after each iteration
    • Continously provide feedback to the agents to improve the product
  • Prompts are saved as markdown files in the .ai-interactions/prompts directory
    • Almost all of the prompts are stored to showcase how the project evolved from the initial requirements to the current state
    • Prompts are pretty much chronologically ordered which demonstrates the thought process and iterative nature of the development
  • All the outputs are saved as markdown files in the .ai-interactions/outputs directory
    • These outputs are basically plans, design docs, and breakdowns of the tasks
    • These outputs are the "specs" that the agents later use to implement the tasks

Development Cycle Example

All features follow a spec → plan → task → review cycle. Here's a concrete example — the read_file tool from Phase 3:

Specprompts/phase-3/prompt-3_read-file-tool.md
Requirements defined upfront: ask permission before reading, respect FileGuard path rules, text files only, 1 MB limit, support relative and absolute paths.

Planoutputs/phase-3/output-3_read-file-tool.md
Design doc produced by the agent: how Guard.CheckPath maps to the REPL permission prompt, exact struct contracts, permission flow diagram.

Taskprompts/phase-3/prompt-5_phase-3-tasks.md
Implementation broken into steps — tool contract, permission bridge, REPL selector, unit tests — each approved before the next began.

Review — (inline feedback during implementation)
The LLM was rejecting .go files because MIME detection flagged them as binary. Review caught this; switched to character-based text validation. The fix landed in the same iteration.

Install Keen Code

Install with script

curl -fsSL https://raw.githubusercontent.com/mochow13/keen-code/main/scripts/install.sh | bash

To pin a specific version:

curl -fsSL https://raw.githubusercontent.com/mochow13/keen-code/main/scripts/install.sh | bash -s -- -v v0.1.4

Installs to /usr/local/bin if writable, otherwise $HOME/.local/bin.

Install with npm

Install the CLI globally:

npm install -g keen-code

Check that the install worked:

keen --version
which keen

You can also run it without a global install:

npx keen-code --version

Run Keen

Start Keen in your current directory:

keen

Supported Providers

  • Anthropic
  • OpenAI
  • Google AI (Gemini)
  • Moonshot AI (Kimi)
  • DeepSeek

More providers will be added in the future.

Built-in Tools

Keen Code aims to support minimal set of useful tools for coding. Currently, these tools are built in:

  • read_file — read a UTF-8 text file
  • glob — find files by glob patterns
  • grep — search for text patterns in files
  • write_file — create or overwrite files
  • edit_file — replace specific text in existing files
  • bash — run shell commands

Reviews (0)

No results found