HN Showcase
Back to browse
GitHub Repository

Sift through code for embedded authorization logic. Extract it into Policy as Code.

13 starsRust

Zift – find authorization logic in your code

by boorad·May 6, 2026·3 points·0 comments
Visit ProjectView on HN

AI Analysis

●●SolidBig BrainSolve My Problem

Tree-sitter plus LLM hybrid finds auth logic Semgrep rules miss.

Strengths
  • Two-pass architecture: fast structural scan plus optional semantic LLM analysis
  • Direct Rego output for OPA means findings become enforceable policies immediately
  • Rust implementation with tree-sitter parsers for six languages already shipped
Weaknesses
  • Security scanning space is crowded with Semgrep, CodeQL, and GitHub Advanced Security
  • Only 6 stars and zero forks suggests very early adoption and unproven at scale
Category
Security
Target Audience

Backend developers, security engineers, DevSecOps teams

Similar To

Semgrep · CodeQL · OPA

Post Description

I made a code scanner that finds embedded authorization code in your codebases so you can externalize it to Policy as Code.

https://github.com/EnforceAuth/zift

Written in Rust, so it hums through code.

Supports JS/TS/Java/Go/Python/C# now, more coming. Outputs Rego for OPA now, Cedar coming soon.

You can hook up your local agent for a `--deep` scan

Similar Projects

Developer Tools●●Solid

Noodles – Turn any codebase into a diagram with Claude and Tree-sitter

Tree-sitter + agentic flow ~50x faster than raw LLM calls, but codebase visualization is crowded category.

Solve My ProblemShip It
unslop
603mo ago
Developer Tools●●●Banger

Srclight – Deep code indexing MCP server (FTS5 and Tree-sitter)

Tree-sitter + FTS5 + MCP = tokens saved for AI agents to actually code, not search.

WizardryBig BrainZero to One
srclight
103mo ago
Developer Tools●●Solid

Mapstr – AI-powered codebase mapper CLI

Tree-sitter + LLM codebase mapping, but Cursor, Continue, Sourcegraph already do this.

Solve My ProblemShip It
tahaio
103mo ago