BATEN CODE — Source Code Certification Engine

BATEN CODE

Source Code Certification Engine

Not AI. Not an opinion.
A deterministic certainty.

Scan a single file or an entire codebase. BATEN CODE applies 8 structural invariants and produces a reproducible, signable, archivable integrity score. Runs locally. No cloud. No telemetry.

Usage

📄

Scan a file

Open any .rs .py .c .cpp file in VSCode.

Click ◈ BATEN in the status bar or Ctrl+Shift+P → BATEN CODE: Audit — Current File.

The report opens immediately in the editor.

📁

Scan a project

Open any file in your project in VSCode.

Ctrl+Shift+P → BATEN CODE: Audit — Full Project.

The engine recursively scans all supported files from the project root and produces a single consolidated report.

Standalone mode — The Windows exe also works from the command line:
baten_engine.exe "C:\my\project" or baten_engine.exe "src\main.rs"
The .md report is generated inside .baten/audit/ at the root of the scanned folder.

Audit Gallery

Real scans of production open-source codebases — run without configuration, without exclusion lists, on the official source trees. Each score is deterministic and reproducible. 11 projects audited. More coming.

Redis — Official Repository · C · 797 files scanned

36% — 🔴 CRITICAL

Scan in 16 s · 878 anomalies · zero configuration · zero cloud

Severity	Violations	Role in scoring
🔴 CRITICAL	14	Density penalty ×4 — exploitable
🟠 HIGH	18	Density penalty ×1 — structural defect
🟡 MEDIUM	631	Contamination ratio only
🔵 LOW	215	Contamination ratio only

nginx — Official Repository · C · 396 files scanned

29% — 🔴 CRITICAL

Scan in 9.6 s · 760 anomalies · zero configuration · zero cloud

Severity	Violations	Role in scoring
🔴 CRITICAL	5	Density penalty ×4 — exploitable
🟠 HIGH	0	Density penalty ×1 — structural defect
🟡 MEDIUM	746	Contamination ratio only
🔵 LOW	9	Contamination ratio only

curl — Official Repository · C · 997 files scanned

50% — 🟠 HIGH

Scan in 18.7 s · 1 153 anomalies · zero configuration · zero cloud

Severity	Violations	Role in scoring
🔴 CRITICAL	5	Density penalty ×4 — exploitable
🟠 HIGH	0	Density penalty ×1 — structural defect
🟡 MEDIUM	681	Contamination ratio only
🔵 LOW	467	Contamination ratio only

PostgreSQL — Official Repository · C · 2 552 files scanned

29% — 🔴 CRITICAL

Scan in 81 s · 6 156 anomalies · zero configuration · zero cloud

Severity	Violations	Role in scoring
🔴 CRITICAL	26	Density penalty ×4 — exploitable
🟠 HIGH	545	Density penalty ×1 — structural defect
🟡 MEDIUM	4 941	Contamination ratio only
🔵 LOW	644	Contamination ratio only

CPython — Official Repository · C Core · 374 files scanned

22–49% — 🔴 CRITICAL

Modules / Objects / Python / Parser · 1 CRITICAL · 33 HIGH detected · zero configuration · zero cloud

Component	Files	Score	CRITICAL / HIGH
Modules	100	22%	0 / 19
Objects	122	49%	1 / 2
Python runtime	127	43%	0 / 8
Parser	25	48%	0 / 4

Notable: posixmodule.c (33 violations) · memoryobject.c · obmalloc.c (CRITICAL)

SQLite — Official Repository · C · 353 files scanned

22% — 🔴 CRITICAL

Scan in 12.6 s · 1 205 anomalies · zero configuration · zero cloud

Severity	Violations	Role in scoring
🔴 CRITICAL	9	Density penalty ×4 — exploitable
🟠 HIGH	11	Density penalty ×1 — structural defect
🟡 MEDIUM	1 067	Contamination ratio only
🔵 LOW	118	Contamination ratio only

OpenSSL — Official Repository · C · ~1 400 files (crypto + ssl + providers + apps)

8–67% — 🔴 CRITICAL

0 CRITICAL · 48 HIGH detected · zero configuration · zero cloud

Component	Files	Score	HIGH
statem/ — TLS handshake state machine	10	8%	15
apps/	95	20%	15
crypto/	947	32%	12
quic/	48	47%	0
providers/	297	67%	6

⚠ The TLS handshake state machine — the foundation of encrypted communication on the internet — scores 8%.

Node.js — Official Repository · C/C++ · 429 files scanned (src/)

40% — 🔴 CRITICAL

Scan in 14 s · 630 anomalies · zero configuration · zero cloud

Severity	Violations	Role in scoring
🔴 CRITICAL	1	Density penalty ×4 — exploitable
🟠 HIGH	0	Density penalty ×1 — structural defect
🟡 MEDIUM	590	Contamination ratio only
🔵 LOW	39	Contamination ratio only

Git — Official Repository · C · 978 files scanned

35% — 🔴 CRITICAL

Scan in 18.7 s · 1 220 anomalies · zero configuration · zero cloud

Severity	Violations	Role in scoring
🔴 CRITICAL	16	Density penalty ×4 — exploitable
🟠 HIGH	45	Density penalty ×1 — structural defect
🟡 MEDIUM	—	Contamination ratio only
🔵 LOW	—	Contamination ratio only

The version control system managing virtually all of the world's source code — 16 CRITICAL violations.

Linux Kernel — Official Repository · C · 4 527 files scanned (kernel/ + net/ + fs/)

29–33% — 🔴 CRITICAL

7 618 anomalies total · 57 HIGH in core kernel · zero configuration · zero cloud

Subsystem	Files	Score	HIGH
kernel/	607	33%	57
net/	1 813	29%	0
fs/	2 107	30%	0

The operating system powering 90% of the world's servers, smartphones and cloud infrastructure.

LLVM / Clang — Official Repository · C++ · 1 600 files scanned (clang/lib/)

45% — 🔴 CRITICAL

Scan in 96.7 s · 3 953 anomalies · zero configuration · zero cloud

Severity	Violations	Role in scoring
🔴 CRITICAL	0	Density penalty ×4 — exploitable
🟠 HIGH	0	Density penalty ×1 — structural defect
🟡 MEDIUM	—	Contamination ratio only
🔵 LOW	—	Contamination ratio only

The compiler used to build most of the world's production software — best score in the gallery at 45%. Still below 50%.

Firefox (Gecko)

C++ · ~15 000 files

Coming soon

V8 (Chrome)

C++ · ~3 000 files

Coming soon

Rust compiler

Rust · ~2 000 files

Coming soon

CPython stdlib

Python · ~2 000 files

Coming soon

Scoring formula — Base score = (clean files / total files) × 100. Density penalty = (CRITICAL × 4 + HIGH × 1) capped at 50% of base score. Final score = base − density penalty. A project with 750 clean files out of 800 starts at 93% before any penalty — one unsafe function does not condemn the whole codebase.

The 8 BICS Invariants

FTH-1 · CRITICALBuffer overflow, use-after-free, code injection — exploitable vulnerability
FTH-2 · HIGHUnsafe API, unvalidated input, data loss risk
FTH-3 · HIGHMissing or silent error handling
FTH-4 · MEDIUMFunction too long (> 80 lines)
FTH-5 · MEDIUMExcessive nesting (depth > 4)
FTH-6 · MEDIUMHigh cyclomatic complexity
FTH-7 · LOWToo many parameters (> 5)
FTH-8 · LOWMagic numbers, style, readability

Download

Option 1 — VS Code Extension

Install from the Marketplace

Recommended for VS Code users · live status bar · auto-scan on save

1. Open VS Code → Ctrl+Shift+X (Extensions panel)
2. Search BATEN CODE
3. Click Install — the ◈ BATEN badge appears in the status bar
4. Open any .rs .py .c .cpp file and press Ctrl+Shift+P → BATEN CODE: Audit

⬦ Open in VS Code Marketplace →

Option 2 — Standalone Windows Engine

Direct download · no install required

Rust · ~4 MB · no dependencies · Windows 10/11 · works offline
Command line, CI/CD pipelines, server environments

1. Download baten_engine-windows-x64.exe below
2. Windows SmartScreen may appear on first launch — click More info → Run anyway.
The engine is open, deterministic, no network access.
3. Run: baten_engine-windows-x64.exe "C:\my\project"
4. Report saved to .baten/audit/ in the scanned folder

I have read and accept the BICS Certification Agreement. I understand that the scan engine is free to use, and that any D7_SEAL certification requires a separate paid act issued by BATENCORE. ↓ Download Engine — Windows x64 · exe · ~4 MB

SHA-256: b07f93fd5c3d850c22fb9821d319a26cedd17c2305f5e98a25d083e7063fa0ae · v1.0.26 · 2026-03-21

Editors & Environments

VS Code

● Available

Command Line

● Available

CI/CD Pipeline

● Available

JetBrains

○ Coming soon

Neovim / Vim

○ Coming soon

Cursor / Windsurf

○ Coming soon

Voir la galerie d'audits open-source →