<![CDATA[grekt | Know your AI stack - Audit everything. Trust nothing]]>https://blog.grekt.comhttps://cdn.hashnode.com/uploads/logos/69a84e90e55311e40f05fc27/2aef82f9-f759-4311-b328-0f7eab6ca2c0.pnggrekt | Know your AI stack - Audit everything. Trust nothinghttps://blog.grekt.comRSS for NodeThu, 23 Apr 2026 15:41:51 GMT60<![CDATA[Your AI skills don't belong in your repo]]>https://blog.grekt.com/your-ai-skills-don-t-belong-in-your-repohttps://blog.grekt.com/your-ai-skills-don-t-belong-in-your-repoSat, 21 Mar 2026 20:09:55 GMTWe're riding the AI hype train.
We don't know exactly where it's going, but everyone's building while it moves.

And in the middle of that, we might be making a mistake, we're putting our entire AI layer inside our repositories.

The thing nobody notices (until is late)

You shipped your repo. Maybe it's open source. Maybe it's a private project with 50 contributors. Either way, you ran git push and moved on.

But somewhere in that push, sitting quietly between your source code and your README, there's a folder called .claude/. Maybe .cursor/rules/. Maybe both.

Inside: skills, agents, prompts, hooks. The files that tell your AI how to think about your code. How to review PRs. What patterns to enforce. What to ignore.

You committed them because that's the default. Every AI tool tells you to. "Just add this file to your project." So you did.

Nobody told you that you just published your AI's playbook.

Not a config file. Not a theme preference. The actual instructions that shape how your AI reads, writes, and judges your code, sitting in a public repo, downloadable with a single git clone.

  • For a private repo with a tight team, maybe that's fine.

  • For an open source project, you just gave away your playbook for free.

  • For a company with 200 developers, contractors, and CI pipelines pulling your repo, you've given everyone the same level of access to your AI logic as they have to your utility functions.

The not so open source trap

Open source has a simple deal: you share your code, others use it, contribute, improve it. Everybody wins. But that deal was designed for code. Not for the layer that sits on top of it.

When you open source a project with AI artifacts committed to the repo, you're not just sharing how your software works. You're sharing how you work with AI. That's not code. That's competitive advantage.

"But it's open source, everything should be open."

Should it? We’ve seen a version of this before with E2E tests. At some point, they stop being “tests” and become a full blueprint of how your product behaves. Flows, edge cases, expected outputs.

And if you expose all of that, reproducing the system becomes trivial. AI artifacts are the same thing, just more explicit.

"We're not open source, so this doesn't apply to us."

It does. Just differently.

If someone gets access to your repo, authorized or not they don't just get your code. They get the full AI kit on top. Every prompt, every agent, every heuristic your team built. Not because they were looking for it. Because it was sitting right there, bundled with everything else.

The pattern you already know

Secrets? .env + vault. Never committed. Infrastructure? Terraform, separate state, different access controls.

Your AI artifacts? Committed alongside your CSS.

You already solved this problem for every other layer of your stack. You just haven't solved it for this one yet.

What you can do right now

  • Decide what's shareable and what's not. Some artifacts are generic ("use TypeScript strict mode"). Those are fine in the repo. Others encode how your team works, reviews, and makes decisions. Those probably shouldn't be public.

  • .gitignore the sensitive parts. It's not perfect, someone has to manually manage what goes in and what stays out, and it breaks the "just clone and go" workflow. But it's better than shipping everything by default.

  • Keep a separate repo. Move your AI artifacts to a dedicated repository with tighter access controls. Your team clones it separately. It's manual, it doesn't sync automatically, and you'll end up with a script or two to glue it together, but at least your AI layer isn't bundled with every git clone of your main project.

But... this won't scale well. Managing .gitignore rules across tools, keeping artifacts in sync manually, onboarding new devs with "copy this folder from Slack", that falls apart fast. But it's a start.

What if this was automated?

This is what we asked ourselves: what if your AI artifacts worked like dependencies?

Your repo declares what you need. The content lives in a registry. You commit the manifest, not the artifacts, the same way you commit package.json, not node_modules.

That's grekt. An artifact manager for AI tooling (skills, agents, rules, mcp's...)

Your repo says "I use this code review agent at version 2.1.0." But the actual prompts, the logic, the heuristics, those live in the registry, not in your git history.

Anyone who clones your repo knows what you use. They don't get how it thinks.

# grekt.yaml — lives in your repo
# .grekt/artifacts don't (is gitignored)

artifacts:
  @yourteam/code-review-agent: 2.1.0
  @yourteam/security-skill: 1.4.0

What we're building next

Today, grekt separates your artifacts from your repo. Your AI logic doesn't travel with git clone. That's the foundation.

But separation is step one. We're working on what comes after:

  • Granular access controls: not everyone who accesses the code should access every artifact

  • Audit logs: who installed what, when, and which version

  • Team-level permissions: different roles, different visibility

We're not there yet. But you can't control access to something that ships inside every git clone. First you separate it. Then you control it.

Know your AI stack. But don't let everyone else know it too.

grekt · Docs · GitHub

]]><![CDATA[You don't know your AI stack.]]>https://blog.grekt.com/you-don-t-know-your-ai-stackhttps://blog.grekt.com/you-don-t-know-your-ai-stackWed, 04 Mar 2026 16:04:26 GMTAI tooling has no supply chain. No audit trail. No npm audit equivalent. No lockfile you can trust.

You install MCPs, agents, skills, hooks. They get access to your files, your context, your code.

And then nobody checks again. Not you. Not your team. Not the tool that gave you access to them in the first place.

That's why grekt exists.

Why this matters now

The AI tooling ecosystem is growing faster than anyone's ability to verify it. New MCPs weekly. New agent frameworks monthly. Everyone building, everyone shipping, but the missing piece is auditing.

This isn't a criticism. It's the natural state of a young ecosystem. But "young" doesn't mean "safe to ignore." The tools are already in your projects. The question is whether you know what they're doing there.

What grekt is

A CLI (and soon a dashboard ;D). Runs on your machine or your infra. Looks at every AI artifact in your stack and tells you what it finds.

Version drift. Stale configurations. Security gaps. Tools you forgot were there. Then it points you in the right direction to fix it.

No cloud dependency. No account. Your machine, your data, your terminal.

What this blog is for

We're not here to predict the future of AI. This blog exists to share things that are useful.

Audit findings. Patterns across real stacks. And research on the state of AI tooling security and trusting.

First real content drops soon.

Know your stack.

]]>