Intentiv User Guide

Does the code in that repo really do what it says on the tin?
Terms of Service & License

Table of Contents

Overview

What Does That Code Really Do?

Intentiv is your AI-powered co-worker, thoroughly evaluating code - before you integrate it. Point Intentiv to any GitHub repo, or upload files, and it will evaluate for:

  1. Intent Alignment: Does the code do what it claims to do?
  2. Code Security: Is the code secure or are there any potentially malicious actions hiding
  3. Code Quality: Is the code well structured, documented, and aligned to best practices

Traditional code scanning tools don't understand the intent of the code. That's where Intentiv starts! How can you evaluate code if you don't understand the intent?

Intentiv scans code, creating a Trust Score and a thorough evaluation report, containing:

  • Trust Score - Just what it says
  • Summary - Concise summary of that the code does and what you should know about it
  • Trust Score Breakdown - Visual representation of how the code evaluates against:
    1. Intent Alignment
    2. Code Security
    3. Code Quality
  • Issues Summary - Details on Critical, High, Moderate, & Minor issues

MCP Catalog

Pre-analyzed AI Tools at Your Fingertips

MCP Servers are popping up everywhere. Do you ever wonder, "what does this thing really do"? We've scanned thousands of MCP servers and created a catalog for you. Browse the catalog by Top Score, Bottom Scores, Official Servers - or scan a new MCP server.

Quick Start Guide

Intentiv provides a comprehensive, AI-powered platform for assessing code trustworthiness through advanced hierarchical analysis. Whether you're a developer evaluating dependencies, a security engineer protecting your organization, or an AI researcher studying code patterns, Intentiv delivers the insights you need to make informed decisions about code safety.

Key Features at a Glance:

  • Three-Pass AI Analysis: Intent → Discrepancy → Trust Assessment
  • Real-Time Progress: Live analysis updates with WebSocket integration
  • Personal Dashboard: Track analysis history with GitHub/Google login
  • MCP Catalog: Pre-analyzed AI tools and integrations
  • Comprehensive Results: Trust scores, categorical ratings, detailed explanations
  • Modern Web Interface: Responsive design for desktop and mobile
  • Persistent Storage: PostgreSQL database with full result history
  • Secure Authentication: OAuth integration with GitHub and Google

Getting Started:

  1. Visit the Intentiv web interface
  2. Sign in with GitHub or Google for full access
  3. Choose Code Scanner for repository analysis
  4. Paste a GitHub repository URL
  5. Select analysis level (Quick, Standard, or Comprehensive)
  6. Monitor real-time progress
  7. Review comprehensive three-pass results
  8. Track your analysis history in My Analysis

Best Practices:

  • Start Small: Begin with Quick analysis (3 files) for efficient assessment
  • Trust Score First: Use overall score as primary decision factor
  • Review Categories: Check alignment, security, and quality ratings
  • Track History: Sign in to monitor trust score trends over time
  • Export Results: Download JSON for integration with other tools

Perfect For:

  • Dependency Evaluation: Assess third-party libraries before integration
  • Code Review: Automated architectural and security analysis
  • Supply Chain Security: Detect hidden functionality and malicious code
  • AI Code Assessment: Evaluate AI-generated code trustworthiness
  • Open Source Research: Analyze community projects and contributions
  • Enterprise Security: Audit internal codebases and dependencies

Start with a repository you're considering for your project, and experience how Intentiv's unique hierarchical intent analysis can transform your approach to code trust assessment. The platform is ready for production use with a comprehensive web interface, authentication, and persistent analysis tracking.

How Intentiv Works

Intentiv uses advanced AI to review and understand code at a human level through a Three-Pass Analysis System:

First Pass - Intent Analysis

  • Understands what each component claims to do
  • Analyzes hierarchical relationships (repository → file → class → function)
  • Builds comprehensive intent context

Second Pass - Discrepancy Detection

  • Compares actual implementation with stated intent
  • Detects scope creep and architectural violations
  • Identifies misplaced functionality

Third Pass - Trust Assessment

  • Provides final trust scores and categorical ratings
  • Assesses code quality, security, and AI detection
  • Generates comprehensive trustworthiness report

The result? You can make informed decisions about which code to trust and integrate into your systems.

Getting Started

Access Intentiv

  1. Open your browser and navigate to the Intentiv web interface
  2. Sign in with your account - Use GitHub or Google OAuth for full access
  3. Public repositories - GitHub repositories must be publicly accessible (or use Enterprise with authentication)

Quick Analysis

  1. Go to Code Scanner (main analysis tool)
  2. Choose analysis type: GitHub, GitHub Enterprise, or Upload Files
  3. Paste a GitHub URL (e.g., https://github.com/user/repo)
  4. Set analysis level (Quick: 3 files, Standard: 10 files, Comprehensive: 25 files)
  5. Click "Start Analysis"
  6. Monitor real-time progress with live updates via WebSocket
  7. Review comprehensive results (typically 1-8 minutes depending on analysis level)

For Developers

Use Cases

Code Review Automation

  • Problem: Manual code reviews miss architectural violations
  • Intentiv Solution: Automated detection of scope creep and misplaced functionality

How to Use:

  1. Analyze your repository before merging PRs
  2. Focus on "High" and "Critical" severity issues
  3. Review "Intent Alignment" scores for architectural consistency

Dependency Assessment

  • Problem: Third-party dependencies may contain hidden functionality
  • Intentiv Solution: Trust scoring for all dependencies

How to Use:

  1. Analyze critical dependencies before integration
  2. Look for trust scores below 60 (requires attention)
  3. Review detailed issue breakdowns

Technical Debt Identification

  • Problem: Code quality issues accumulate over time
  • Intentiv Solution: Identifies redundant, irrelevant, and misplaced components

How to Use:

  1. Run analysis on your codebase monthly
  2. Focus on "Moderate" and "Minor" severity issues
  3. Use findings to plan refactoring efforts

Developer Workflow

Before Adding Dependencies

1. Find the GitHub repository
2. Run Intentiv analysis
3. Check trust score (aim for 75+)
4. Review critical/high issues
5. Make integration decision

During Code Reviews

1. Analyze PR repository
2. Check for architectural violations
3. Review scope creep issues
4. Ensure intent alignment
5. Approve or request changes

Regular Maintenance

1. Monthly analysis of main codebase
2. Quarterly dependency review
3. Annual architectural assessment
4. Track trust score trends

For Security Engineers

Use Cases

Code Security Review

  • Problem: Malicious code hidden in dependencies
  • Intentiv Solution: Detects hidden potentially malicious functionality and any intent misalignment that other scanners miss, that could be malicious given the scenario

How to Use:

  1. Analyze all new dependencies before approval
  2. Focus on "Critical" and "High" severity findings
  3. Look for data exfiltration and backdoor indicators

Hidden Backdoor Detection

  • Problem: Backdoors disguised as legitimate functionality
  • Intentiv Solution: Expert-level analysis with malicious intent detection

How to Use:

  1. Run analysis on suspicious repositories
  2. Review "Malicious Intent" indicators
  3. Check for privilege escalation attempts

Data Exfiltration Detection

  • Problem: Code that secretly sends data to external servers
  • Intentiv Solution: Identifies components that exceed intended scope

How to Use:

  1. Analyze authentication and data handling modules
  2. Look for unexpected network calls
  3. Review "Data Exfiltration" issue types

Security Engineer Workflow

Dependency Approval Process

1. Receive dependency request
2. Run Intentiv analysis
3. Check trust score (minimum 70 for production)
4. Review all critical/high issues
5. Approve or reject with findings

Incident Response

1. Identify suspicious repository
2. Run comprehensive analysis
3. Review malicious intent indicators
4. Document findings for investigation
5. Implement containment measures

Regular Security Audits

1. Monthly analysis of critical dependencies
2. Quarterly review of all production dependencies
3. Annual comprehensive supply chain assessment
4. Track security metrics over time

Using the Web Interface

Main Features

Code Scanner (Primary Analysis Tool)

  • Location: Main analysis interface (/code-scanner)
  • Purpose: Comprehensive analysis of GitHub repositories
  • Best for: Individual repository assessment with full three-pass analysis

Analysis Options:

  • GitHub: Public repositories from github.com
  • GitHub Enterprise: Private repositories (with token authentication)
  • Upload Files: Direct file upload for analysis

Analysis Levels:

  • Quick: Fast overview of key components (~1 minute)
  • Standard: Balanced analysis covering main components (~3 minutes)
  • Comprehensive: Detailed analysis including dependencies (~8 minutes)

How to Use:

  1. Select analysis type tab (GitHub, Enterprise, or Upload)
  2. Paste repository URL or upload files
  3. Choose analysis level based on your needs
  4. Click "Start Analysis"
  5. Monitor real-time progress with live updates
  6. Review comprehensive three-pass results
  7. Access detailed results and export options

My Analyses (Personal Dashboard)

  • Location: Personal analysis dashboard (/my-analyses)
  • Purpose: Track and manage your analysis history
  • Best for: Monitoring analysis results over time
  • Requires: GitHub or Google account login

Features:

  • View all your previous analysis with status tracking
  • Filter by repository, date, or trust score
  • Access detailed results for each analysis
  • Track trust score trends over time
  • Click on any analysis to view full details

MCP Server Catalog (AI Tools Repository)

  • Location: Pre-analyzed MCP servers (/mcp-catalog)
  • Purpose: Browse and discover trusted AI tools and integrations
  • Best for: Finding safe AI tools for development workflows

How to Use:

  1. Browse by category (Database, Development, Utility, etc.)
  2. Search for specific servers or functionality
  3. Review trust scores and analysis summaries
  4. Click for detailed security assessment
  5. Access implementation details and documentation

User Authentication

  • Providers: GitHub OAuth, Google OAuth via Supabase
  • Benefits:
    • Personal analysis history tracking
    • Enhanced analysis limits
    • Private repository access (Enterprise)
    • Analysis result persistence
    • Cross-session analysis tracking

How to Sign In:

  1. Click "Login" in the top navigation
  2. Choose GitHub or Google authentication
  3. Authorize Intentiv access
  4. Access enhanced features automatically
  5. Your analysis are automatically tracked and stored

Understanding Results

Three-Pass Analysis Results

First Pass - Intent Analysis Results

  • Component Intent: What each code component claims to do
  • Hierarchical Context: Parent-child intent relationships
  • Architectural Structure: Repository organization and design patterns

Second Pass - Discrepancy Detection Results

  • Intent Misalignment: Components that don't match their stated purpose
  • Scope Violations: Code that exceeds intended boundaries
  • Architectural Inconsistencies: Violations of design patterns

Third Pass - Final Trust Assessment

  • Overall Trust Score: Comprehensive trustworthiness (0-100)
  • Categorical Ratings: Alignment, Security, Quality assessments
  • AI Detection Level: Estimated AI-generated code percentage
  • Confidence Score: Analysis reliability (0.0-1.0)

Trust Score Breakdown

90-100

Excellent
Highly trustworthy, safe to use

75-89

Good
Minor concerns, generally safe

60-74

Average
Some issues, review recommended

40-59

Poor
Significant concerns, use with caution

0-39

Untrustworthy
Major problems, avoid use

Categorical Ratings

  • Acceptable: Meets trust and quality standards
  • Concerning: Some issues detected, review needed
  • Unacceptable: Significant problems, avoid use

Issue Severity Levels

  • Critical: Immediate security threat, do not use
  • High: Significant security or architectural issue
  • Moderate: Code quality or design concern
  • Minor: Small issue, low priority for remediation

Key Issue Types

  • Hidden Functionality: Code implements undisclosed features
  • Data Exfiltration: Sends data to unexpected destinations
  • Scope Creep: Functionality exceeds stated purpose
  • Malicious Intent: Deliberately harmful code patterns
  • Architectural Violations: Breaks established design patterns
  • Intent Misalignment: Component purpose doesn't match implementation

Best Practices

For All Users

  1. Start Small: Begin with Quick analysis (3 files) for initial assessment
  2. Check Trust Score First: Use as primary decision factor
  3. Review Critical Issues: Always investigate critical findings
  4. Consider Context: Some issues may be acceptable in certain contexts
  5. Document Decisions: Keep records of analysis results

For Large Repositories

  1. Use Analysis Levels: Start with Standard (10 files) for large repos
  2. Focus on Critical Paths: Analyze authentication, data handling, and core logic
  3. Review Architecture: Look for scope creep and misaligned components
  4. Plan Iterative Analysis: Break large analysis into smaller chunks

For Dependencies

  1. Analyze Before Integration: Always check before adding to project
  2. Set Minimum Trust Scores: Establish thresholds for your organization
  3. Review Regularly: Re-analyze dependencies periodically
  4. Have Backup Plans: Identify alternatives for low-trust dependencies

Upcoming Enhancements

Planned Features

Advanced Analysis

  • Multi-Repository Comparison: Side-by-side trust assessment
  • Dependency Chain Analysis: Complete supply chain evaluation
  • Custom Rule Engine: Organization-specific trust criteria
  • Trend Analysis: Trust score evolution over time

Integration & Automation

  • REST API: Programmatic access to all analysis functions
  • CI/CD Integration: GitHub Actions and GitLab CI workflows
  • Webhook Support: Real-time notifications for analysis completion
  • Bulk Analysis: Automated analysis of repository collections

Enterprise Features

  • Private Cloud Deployment: On-premises installation options
  • SAML/SSO Integration: Enterprise authentication systems
  • Advanced Security: Enhanced privacy and data protection
  • Custom Reporting: Executive summaries and compliance reports

User Feedback

Submit Feature Requests: Have an idea to improve Intentiv? We love user feedback. Send it to product (at) intentiv (dot) dev