Zero-tolerance
for Runtime Crashes.

Name: GoGuard
Author: NexStat Project

Go panics. TypeScript undefined is not a function. Same lattice-based dataflow engine catches both — with transparent dataflow states and configurable models, calibrated with statistical rigor.

Get Started View on GitHub

Go + TypeScript · Fast diff checks · Single binary · Offline by default

Rules+

Languages

Binary

Fast

Diff Analysis

Local

Offline by default

Same Engine, Both Languages

One bug class. Two syntaxes.

GoGuard catches the same categories of errors in Go and TypeScript because both languages share the same Rust-based dataflow analysis core.

                
                
                
              
[MCP Active]Go

                {"jsonrpc":"2.0","id":1,"method":"textDocument/publishDiagnostics","params":{"uri":"file:///main.go","diagnostics":[{"range":{"start":{"line":8,"character":4},"end":{"line":8,"character":15}},"severity":1,"code":"NIL001","source":"goguard","message":"nil
                pointer dereference: 'user' is guaranteed to be nil here"}]}}
              
func processUser(id string) error {
  user, err := db.GetUser(id)
  if err != nil {
    // user is nil, but we log and continue
    log.Printf("Error: %v", err)
  }
  
  // bug: accessing user.Name when user can be nil
  fmt.Println("User Name:", user.Name)
  return nil
}
                  [ERROR]
                  NIL001
                

                  nil pointer dereference: 'user' is guaranteed to be nil
                  here.
                

                  ↳ line 9:
                  user.Name
                

                
[MCP Active]TypeScript

                {"jsonrpc":"2.0","id":2,"method":"textDocument/publishDiagnostics","params":{"uri":"file:///api.ts","diagnostics":[{"range":{"start":{"line":6,"character":11},"end":{"line":6,"character":23}},"severity":1,"code":"NULL001","source":"goguard","message":"Object
                is possibly 'undefined'."}]}}
              
async function fetchData(opts?: Options) {
  const cache = await redis.get(opts?.key);
  
  if (!cache) {
    // warning: opts can be undefined here
    console.log("Fetching:", opts.endpoint);
    return api.fetch(opts.endpoint);
  }
  return cache;
}
                  [ERROR]
                  NULL001
                
                  Object is possibly 'undefined'. Missing optional chaining.
                
                  ↳ line 6:
                  opts.endpoint

What's Inside

Six Analysis Domains.

Each domain uses lattice-based forward dataflow analysis. Same mathematical framework, two language frontends.

Null Safety

Mathematical lattice-based forward dataflow analysis. Proves every property access is safe — no nil panics, no undefined crashes.

GoNIL001NIL002NIL003 TSNULL001NULL002NULL003

Error Handling

Every error must be handled. Every promise must be caught. No silent swallowing with blank identifiers or empty catch blocks.

GoERR001ERR002 TSTERR001TERR002

Security (Taint)

Forward taint propagation from untrusted sources to dangerous sinks. SQLi, XSS, command injection, path traversal.

GoTAINT001TAINT002 TSTSEC001TSEC002TSEC003

Resource Ownership

Finite state machine tracking for critical resources. Files, sockets, streams, event listeners — opened→closed, guaranteed.

GoOWN001OWN002 TSTLEAK001TLEAK002

Exhaustiveness

Validates interface implementations and discriminated union switches. Every case is covered, every path is managed.

GoEXH001EXH002 TSTEXH001

Concurrency

Detects shared mutable access without synchronization, goroutine leaks, dead channels, and worker thread safety violations.

GoRACE001LEAK001CHAN001 TSTRACE001

Architecture

Two Languages, One Engine.

Go uses a bridge process with FlatBuffers IPC. TypeScript uses OXC — a pure Rust parser running in-process. Both feed the same analysis core.

Go Source go/ssa · go/types

FlatBuffers IPC

TS Source OXC · in-process

Zero-copy (no IPC)

Rust Core Engine Shared analysis

nil/nullerrcktaint own/leakexhconc

Diagnostics

MCP Server

LSP Server

CLI / SARIF

How We Know We're Right

Statistical Calibration Engine.

Every confidence score is calibrated from a labeled corpus of real-world diagnostics. Not invented. Not a heuristic. Measured, with 95% bootstrap confidence intervals.

Label

Diagnostics from real codebases are labeled as TP/FP. Humans, LLM consensus, and agents — tracked by trust tiers.

Calibrate

Labels weighted by trust tier are fed into the calibration model. Confidence scores are fitted to empirical precision curves.

[1, 0.99, 0.98, ...]
[{"tp":412,"fp":2,"score":0.99}]
[{"tp":380,"fp":14,"score":0.95}]
[{"tp":210,"fp":45,"score":0.82}]
[{"tp":105,"fp":80,"score":0.56}]
[{"tp":40,"fp":110,"score":0.26}]

FP < 10%

Verify

Every release is gated by goguard eval --gate. If precision or recall regresses, the release is blocked.

A/B Comparison: baseline vs candidate

PRE

93%

REC

94%

PASS — eval gate unlocked

Built for AI Agents

MCP-native from day one.

GoGuard's built-in MCP server exposes 12 tools — analyze, explain, fix, verify, teach — so your AI agent works with mathematical certainty, not LLM guessing.

Agent Core

analyze

explain

fix

verify

Claude Code

Cursor

Codex CLI

Windsurf

Zed

OpenCode

VS Code

            
            Terminal
          
            # Full setup in two commands
$ goguard init          # config + agent guidance + AGENTS.md
$ goguard setup cursor  # prints MCP config

Ready to ship safer code?

Built by Engineers,
for Engineers.

VIEW ON GITHUB READ THE DOCS

NexStat Project

Proudly created & maintained by the NexStat systems architecture team.

Learn Go

Looking to master Go? Join our interactive learning platform at Devera.one.

Zero-tolerance for Runtime Crashes.