One backend spec. Real TypeScript and Python output. 240 review rules.
A .kern spec is ~70% fewer tokens than the TypeScript it generates — ~81% fewer than maintaining both backends (measured, GPT-class tokenizer, example corpus).
kernlang.dev • MCP • Review • Playground • Docs • For LLMs
npm install -g @kernlang/clikern compile api.kern --target=express # Generate an Express backend
kern compile api.kern --target=fastapi # Generate a FastAPI backend
kern check # Nominal type checker (zero false positives)
kern review src/ --recursive # Static analysis (240 rules, taint tracking)
kern context src/ --stdout # Whole-project context map for an LLM/agent
kern init --template=fullstack my-app # Scaffold fullstack app (Next.js + Express + MCP)
kern init --mcp # Scaffold an MCP server with security guards
kern import src/ --outdir=kern/ # TypeScript → .kern
kern schema --json # Full schema for LLM consumptionKERN is a backend structure and portable route-logic language — and as of v4, a typed core language: classes with inheritance, enums, closures, and a built-in nominal type checker, all compiling to both TypeScript and Python with parity proven by differential conformance fixtures (every fixture executes on both runtimes and must produce identical results).
Define routes, schemas, handlers, API shape, validation, and small portable logic once, then emit real TypeScript/Express and Python/FastAPI code. Keep complex business logic in TypeScript or Python; move shared structure and parity-safe operations into KERN.
KERN also includes four supporting capabilities: Review, Infer, MCP Security, and Evolve. You can skip .kern entirely and run kern review against existing TypeScript and Python for security bugs, unguarded effects, flaky tests, and prompt injection — 240 AST-based rules that catch what ESLint misses.
KERN should own the repeatable parts of backend work:
- route declarations and HTTP shape
- request and response schemas
- validation and status responses
- small portable route logic
- generated Express and FastAPI structure that stays aligned
Host-language code should still own application-specific business logic, data access, and framework-specific integration. The goal is not to hide TypeScript or Python; it is to stop rewriting the same route/schema/controller structure twice.
| Tier | Targets | Status |
|---|---|---|
| Primary backend parity path | Express, FastAPI | Maintained path for TypeScript/Python backend structure and portable route logic |
| Supported product/runtime targets | MCP, CLI, Ink, Next.js, Web (React), Tailwind | Useful targets with schemas, deterministic output, and examples |
| Additional adapters | Vue, Nuxt, React Native, Terminal | Available adapters; verify fit before making them your main production path |
Tiers are tracked per compile target, not per npm package. For example, @kernlang/terminal contains two separate targets: --target=terminal (pure ANSI/Node.js output) and --target=ink (React + Ink TSX output).
For detailed examples, interactive demos, and the full rule reference, visit kernlang.dev.
v4 turns KERN's portable layer into a typed core language. One source, two real runtimes, identical behavior:
enum name=Status values="Pending|Active|Done"
class name=Shape abstract=true export=true
method name=area returns=number
class name=Square extends=Shape export=true
field name=side type=number value={{ 3 }}
method name=area returns=number
handler
return value="this.side * this.side"
fn name=measure returns=number
param name=shape type=Shape
handler
return value="shape.area()"
- Classes — single inheritance, abstract classes, fields, getters, static members. Override variance is Liskov-checked by
kern check. - Enums — TypeScript gets a native
enum; Python gets a plain namespace class with identical member values (including TS auto-increment semantics). Operations the two targets can't represent identically — reverse indexingStatus[0],Object.keys(Status)iteration — are rejected at compile time for both targets, so neither side can silently diverge. - Closures — including captured-variable mutation, lowered correctly on both targets.
- Type checking —
kern checkverifies class hierarchies, call-site arity and argument types, and declared returns. Zero false positives by design: it only reports violations it can prove.
The parity guarantee is enforced, not promised: every language construct ships with differential conformance fixtures that execute the generated TypeScript and the generated Python and require identical results — and anything outside the provable subset fails closed with an explicit error instead of guessing.
8 lines of .kern:
machine name=Order
state name=pending
state name=confirmed
state name=shipped
state name=delivered
transition name=confirm from=pending to=confirmed
transition name=ship from=confirmed to=shipped
transition name=deliver from=shipped to=delivered
Compiles to 40 lines of typed TypeScript — a state union type, guarded transition functions, and a dedicated error class.
Build a fullstack Todo app (Next.js + Express + MCP) from scratch:
# 1. Install
npm install -g @kernlang/cli
# 2. Scaffold
kern init --template=fullstack my-todo-app
cd my-todo-app
# 3. Compile everything
kern compile models.kern # shared types
kern compile api.kern --target=express # backend API
kern compile frontend.kern --target=nextjs # Next.js frontend
kern compile mcp-server.kern --target=mcp # AI agent tools
# 4. Run
cd generated/api && npx tsx server.ts # API on :3001Available templates: fullstack, nextjs, express, file-tools, api-gateway, database-tools
See examples/starter/fullstack/ for the generated files.
The KERN nominal type checker — deterministic, zero false positives by design (it only fires on violations it can prove; anything ambiguous is skipped, never guessed).
kern check # Check every .kern file under cwd
kern check src/ # Check a directory
kern check api.kern # Check one file
kern check --json # Stable machine output (schemaVersion 1.0) for CI/bots
kern check --with-semantics # Also run semantic validationWhat it checks: class declarations and override variance, call-site arity and argument types, and declared returns — annotate a function with returns=<Class> and the checker verifies every literal return value="new <Class>(...)" against it:
class name=Dog
class name=Cat
fn name=mk returns=Dog
handler lang=kern
return value="new Cat()" # kern check: check-return-type error
Exit codes: 0 clean, 1 findings, 2 operational failure — drop it straight into CI before kern review.
Static analysis with taint tracking, concept-level checks, and OWASP LLM01 coverage. No AI needed.
kern review src/ --recursive # Full scan
kern review src/ --enforce --min-coverage=80 # CI gate
kern review --diff origin/main # Only changed files
kern review src/ --lint # KERN + ESLint + tsc unified
kern review src/ --llm # AI review (see below)240 rules across base, security, framework, performance, test-quality, null-safety, dead-logic, concept, and taint-aware analysis layers.
Recent coverage includes broadly reusable Next.js, React, Storybook, and Playwright checks: App Router body parsing, cache and header hazards, client-boundary env exposure, cookie hardening, SWR invalidation drift, browser storage parsing, client-side redirect sinks, wildcard postMessage, legacy React lifecycles, effect cleanup mistakes, timer cleanup drift, stale .length/.size hook deps, props-array mutation in render, focused tests, fixed Playwright sleeps, brittle networkidle waits, non-deterministic stories, and unmocked Storybook network calls.
--llm translates your code to KERN IR — a compressed semantic representation that strips framework sugar and gives raw meaning. Two modes:
Inside an AI CLI (Claude Code, Codex, Cursor) — no env vars needed:
kern review src/ --llm # Outputs KERN IR + findings + taint for the AI to reviewCI/CD pipeline — set both env vars to call an LLM API directly:
KERN_LLM_API_KEY=sk-... KERN_LLM_MODEL=gpt-4o kern review src/ --llmNo hardcoded model — you choose via KERN_LLM_MODEL. Files are batched by token size, not count.
Full rule reference: kernlang.dev/review
Scan MCP servers for vulnerabilities. 12 rules mapped to the OWASP MCP Top 10. Plus live server inspection and tool pinning.
npx kern-mcp-security ./src/server.tsAvailable as: VS Code Extension | CLI (npx kern-mcp-security) | GitHub Action (see CI/CD below)
KERN ships its own MCP server. AI agents can compile, review, inspect, and self-correct .kern files via the Model Context Protocol.
npx @kernlang/mcp-server # Start locally (stdio)Or use the hosted endpoint — no install required:
https://kernlang.dev/api/mcp # Streamable HTTP — point any MCP client here
Claude Desktop — add to claude_desktop_config.json:
{
"mcpServers": {
"kern": { "command": "npx", "args": ["@kernlang/mcp-server"] }
}
}Claude Code:
claude mcp add kern -- npx @kernlang/mcp-server16 tools including compile, compile-json, compile-and-review, review, review-kern, review-mcp-server, inspect-mcp-servers, verify-tool-pins, audit-mcp-config, generate-security-tests, parse, decompile, validate, list-targets, list-nodes, schema
3 resources: kern://spec, kern://targets, kern://examples/{category}
1 prompt: write-kern (system prompt with full language spec)
Self-correction loop: schema → write .kern → compile-json → fix from diagnostics → done. Zero human intervention.
Full setup guide: kernlang.dev/mcp
30 lines of .kern generates a production MCP server with auto-injected security guards:
kern init --mcp # Scaffold with templates
kern compile server.kern --target=mcp --watch # Compile + hot reloadTemplates: file-tools, api-gateway, database-tools
Give an LLM or agent instant whole-project context — not just for review. kern context walks your project's import graph and call graph and emits a compact, token-budgeted map of how the codebase fits together: which symbols exist, who calls/uses each one (cross-file blast radius), imports, and taint flows.
kern context src/ # write kern-context.json (full artifact)
kern context src/ --stdout # print the JSON to stdout
kern context src/ --spine --stdout # compact <kern-map> spine, ready to drop in a prompt
kern context src/ --spine --spine-budget 3000 # cap the spine at ~3000 tokens
kern context src/ --max-depth=2 # limit import-graph depthTwo forms: the full kern-context.json artifact (default), and — with --spine — the compact <kern-map> spine, the same prompt-ready form kern review --llm injects per batch. Feed the spine to a coding agent and it starts the task already knowing the project's structure — "validateSession → used by 6 files" — instead of cold-reading every file to map dependencies. --spine-budget fits it to a token budget, degrading gracefully on large projects. It's deterministic and cacheable: regenerate after each change and the context stays fresh.
Paths are relative by default (--absolute for absolute, --base=<dir> to rebase). Analyzes TypeScript sources (.ts, .tsx, .mts, .cts); for a .kern project, point it at the compiled TypeScript output.
Drop this into .github/workflows/kern-review.yml to run kern review on every push and PR:
name: KERN Review
on:
push:
branches: [main, dev]
pull_request:
branches: [main]
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/setup-node@v6
with:
node-version: '22'
- name: Activate pnpm
run: |
corepack enable
corepack prepare pnpm@10.32.1 --activate
pnpm --version
- run: pnpm install --frozen-lockfile --ignore-scripts
- run: pnpm build
- name: KERN Review
run: npx @kernlang/cli review src/ --recursive
# Optional: enforce minimum coverage
# - name: KERN Review (enforced)
# run: npx @kernlang/cli review src/ --recursive --enforce --min-coverage=80
# Optional: LLM-assisted review (set secrets in repo settings)
# - name: KERN Review (AI)
# run: npx @kernlang/cli review src/ --recursive --llm
# env:
# KERN_LLM_API_KEY: ${{ secrets.KERN_LLM_API_KEY }}
# KERN_LLM_MODEL: ${{ vars.KERN_LLM_MODEL }}Drop this into .github/workflows/mcp-security.yml for MCP server scanning with SARIF upload and PR comments:
name: MCP Security
on:
push:
branches: [main, dev]
pull_request:
branches: [main]
permissions:
contents: read
security-events: write
pull-requests: write
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
- name: Install KERN MCP Security
run: npm install -g @kernlang/review-mcp@latest
- name: Scan MCP server code
id: scan
run: |
kern-mcp-security --format json --output kern-mcp-security.json . || true
kern-mcp-security --format sarif --output kern-mcp-security.sarif . || true
RESULT=$(kern-mcp-security --quiet . 2>&1) || true
GRADE=$(echo "$RESULT" | head -1 | awk '{print $1}')
SCORE=$(echo "$RESULT" | head -1 | awk '{print $2}')
echo "grade=$GRADE" >> $GITHUB_OUTPUT
echo "score=$SCORE" >> $GITHUB_OUTPUT
echo "MCP Security Score: $GRADE ($SCORE/100)"
- name: Verify tool pinning lockfile
run: |
if [ -f .kern-mcp-lock.json ]; then
kern-mcp-security --verify . || echo "::warning::Tool pinning drift detected"
else
echo "No .kern-mcp-lock.json found — run 'npx kern-mcp-security --lock .' to generate one"
fi
- name: Upload SARIF to Code Scanning
if: always() && hashFiles('kern-mcp-security.sarif') != ''
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: kern-mcp-security.sarif
category: kern-mcp-security
continue-on-error: true
- name: Post PR comment
if: github.event_name == 'pull_request' && always()
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
let report;
try {
report = JSON.parse(fs.readFileSync('kern-mcp-security.json', 'utf-8'));
} catch { return; }
const { grade, total } = report.score;
const color = { A: '22c55e', B: '84cc16', C: 'f97316', D: 'f59e0b', F: 'ef4444' }[grade];
const badge = `-${color})`;
let body = `## KERN MCP Security Report\n\n${badge}\n\n`;
body += `| Metric | Score |\n|--------|-------|\n`;
body += `| Guard Coverage | ${report.score.guardCoverage}% |\n`;
body += `| Input Validation | ${report.score.inputValidation}% |\n`;
body += `| Rule Compliance | ${report.score.ruleCompliance}% |\n`;
body += `| Auth Posture | ${report.score.authPosture}% |\n\n`;
body += `**${report.findingsCount} finding(s)**\n\n`;
body += `> Scanned by [KERN MCP Security](https://kernlang.dev/review)`;
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner, repo: context.repo.repo,
issue_number: context.issue.number,
});
const existing = comments.find(c => c.body?.includes('KERN MCP Security Report'));
if (existing) {
await github.rest.issues.updateComment({
owner: context.repo.owner, repo: context.repo.repo,
comment_id: existing.id, body,
});
} else {
await github.rest.issues.createComment({
owner: context.repo.owner, repo: context.repo.repo,
issue_number: context.issue.number, body,
});
}
- name: Enforce score threshold
if: always()
run: |
SCORE="${{ steps.scan.outputs.score }}"
THRESHOLD=60
if [ -n "$SCORE" ] && [ "$SCORE" -lt "$THRESHOLD" ] 2>/dev/null; then
echo "::error::MCP Security score $SCORE is below threshold $THRESHOLD"
exit 1
fiDrop this into .github/workflows/kern-compile.yml to validate .kern files compile correctly on every PR:
name: KERN Compile
on:
push:
branches: [main, dev]
pull_request:
branches: [main]
jobs:
compile:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/setup-node@v6
with:
node-version: '22'
- name: Activate pnpm
run: |
corepack enable
corepack prepare pnpm@10.32.1 --activate
pnpm --version
- run: pnpm install --frozen-lockfile --ignore-scripts
- run: pnpm build
- name: Validate .kern files
run: npx @kernlang/cli compile src/ --target=nextjs --json
- name: Type-check generated output
run: npx tsc --noEmitUse the built-in release workflows in this order:
- Run
Release Preflightfrommainwith a plain semver like3.2.4. - Wait for the preflight run to pass build, test, and
pnpm publish --dry-run. - Publish a GitHub Release with a lowercase tag like
v3.2.4. - Let
Version & Publishpublish to npm and sync versions back todev.
Contributor architecture guide: docs/architecture.md
| Package | What it does |
|---|---|
| @kernlang/cli | CLI — compile, review, context, evolve, dev |
| @kernlang/core | Parser, codegen, types — the compiler engine |
| @kernlang/test | Native KERN structural test runner |
| @kernlang/review | 240 rules, taint tracking, OWASP LLM01, concept model |
| @kernlang/review-mcp | MCP security scanner (12 rules, OWASP MCP Top 10) |
| @kernlang/react | Next.js, Tailwind, Web transpilers |
| @kernlang/vue | Vue 3 SFC, Nuxt 3 transpilers |
| @kernlang/native | React Native transpiler |
| @kernlang/express | Express backend + WebSocket transpiler |
| @kernlang/python | Python backend codegen (FastAPI router target + WebSocket) |
| @kernlang/mcp | MCP server transpiler — .kern to secure MCP servers |
| @kernlang/mcp-server | KERN's own MCP server — compile, review, parse via MCP |
| @kernlang/terminal | ANSI terminal + Ink transpilers |
| @kernlang/evolve | Self-extending template system |
| @kernlang/review-python | Python review support (FastAPI, Django) |
| @kernlang/playground | Interactive compiler UI |
| @kernlang/metrics | Language coverage analysis |
| @kernlang/protocol | AI draft communication protocol |
- Kern MCP Security — MCP security scanner with inline findings, Security Score, autofixes (Open VSX)
- Kern Sight — Review findings as inline diagnostics, sidebar panel, .kern syntax highlighting
Dual-licensed: AGPL-3.0 + Commercial.
| Use case | License | Cost |
|---|---|---|
| Personal projects | AGPL-3.0 | Free |
| Open-source projects | AGPL-3.0 | Free |
| Education & research | AGPL-3.0 | Free |
| Internal company tools (not distributed) | AGPL-3.0 | Free |
| Commercial products & SaaS | Commercial license | Contact us |
Why AGPL? AGPL means if you use KERN in a product you distribute or serve to users, you must open-source your modifications. If you don't want that obligation, the commercial license gives you full freedom to use KERN in proprietary products without disclosure.
What the commercial license includes:
- Use KERN in closed-source products and SaaS
- No obligation to open-source your code
- Priority support and issue resolution
- License for your entire engineering team
Contact: hello@kernlang.dev — we respond within 24 hours.
Copyright (c) 2026 KERNlang