Assay
Setup Guide

Verify Your Code with the CLI

Find bugs that tests miss, linters ignore, and code review overlooks. Run a full assessment on your codebase in under 5 minutes.

5 minutesCommand line

Before you start

  • Node.js 20 or newer installed on your machine. Check with node --version
  • A code project you want to verify (any language)
1

Create your Assay account

Head to the signup page and create a free account. No credit card required.

Create Free Account

Already have an account? Log in instead.

2

Copy your API key

After signing in, go to your API Keys page in the dashboard. Click Generate New Key and copy the key that starts with lk_live_.

Save your key somewhere safe. You will not be able to see it again after leaving the page.

Set the key as an environment variable so the CLI can find it:

bash
export ASSAY_API_KEY="lk_live_your_key_here"
3

Open your project in the terminal

Open a terminal and navigate to the root folder of the project you want to verify.

bash
cd ~/projects/my-web-app

Replace the path with wherever your project lives on your machine.

4

Run the assessment

This is the main command. It scans your project, extracts every implicit claim your code makes, and verifies each one. No installation needed — npx downloads it on the fly.

bash
npx tryassay assess .

The dot (.) means “this folder.” You can also point it at a specific subfolder:

bash
npx tryassay assess ./src

What happens next

  1. Scan — Indexes your files and understands the codebase structure
  2. Extract — Finds every implicit claim (security, correctness, edge cases)
  3. Verify — Checks each claim against the actual implementation
  4. Report — Shows what passed, what failed, and how to fix it

First run takes a minute or two while npm downloads the package. After that, it is cached and starts instantly.

5

Read your results

When the assessment finishes, you will see a summary like this:

text
Assay Assessment Report
=======================
Project: my-web-app
Files scanned: 47
Claims extracted: 312

Verification Results
--------------------
  Passed:    278 (89.1%)
  Failed:     23 (7.4%)
  Partial:    11 (3.5%)

Critical Issues (3)
--------------------
  CLAIM-042  [security]   SQL injection in user search endpoint
  CLAIM-108  [correctness] Payment calculation uses wrong tax rate
  CLAIM-201  [security]   API key exposed in client-side bundle

High Issues (8)
--------------------
  CLAIM-015  [correctness] Pagination returns duplicate records
  CLAIM-067  [edge-case]  Empty cart checkout not handled
  ...

Full report saved to: .assay/iterations/report-2026-02-20.json

Here is what each section means:

Passed

These claims are correct. Your code does what it says it does.

Failed

These are bugs. The code claims to do something but the implementation does not match. Fix these first.

Partial

The code partially does what it claims. Usually means an edge case is not handled.

Critical / High

Issues ranked by severity. Critical issues are security vulnerabilities or data loss risks. Fix them before deploying.

The full report is saved as JSON in .assay/iterations/ so you can track improvements over time. Run the assessment again after fixing issues to see your score improve.

Other commands

The CLI has 10 commands. Here are the most useful ones:

CommandWhat it does
npx tryassay assess .Full assessment — scan, extract, verify, report
npx tryassay initSet up a project config file (interactive)
npx tryassay verifyVerify claims from a previous extraction
npx tryassay reportGenerate a report from verification results
npx tryassay reverseGenerate verified code from a task description
npx tryassay --helpSee all available commands

Prefer to verify inside your editor?

The MCP server adds Assay directly to Claude Code, Cursor, and Windsurf.

MCP Setup Guide