· 6 min read · AVL Code Dev Team (Antiy · Landi)

Putting a “Self-Disciplined Security Engineer” on Your Machine — The AVL Code Team’s Story

What we set out to build isn’t another chat box

AI coding assistants have been arriving in waves for the past two years. Claude Code, Codex, Cursor, TRAE… we’ve used most of them, and we genuinely admire them. But whenever we switched back to the scenarios we know best — security development, binary triage, threat analysis — something always felt missing.

The assistant we wanted shouldn’t be just a “chat box that answers questions.” It should work right inside your repository: read and write project files, run commands, paste the output back into the conversation; hand it a suspicious sample and it should hash it, extract IOCs, parse PE/ELF/Mach-O, disassemble, and run YARA rules; and it has to know the house rules — ask you first before anything dangerous, and never wander into sensitive territory.

Then there’s the more practical layer: the desktop clients and model channels of these tools sit almost entirely in someone else’s hands. For a team whose foundation is cybersecurity, “sovereign and self-controlled” is not a slogan — it’s something you have to hold yourself.

Hence AVL Code — a sovereign, self-controlled AI coding and security-analysis desktop assistant built by the Antiy Landi team. It fuses conversational AI with an engineer’s real workbench, while approvals and progress ride along to your phone.

A “disciplined colleague,” not a runaway horse

We settled on one product philosophy from the very start: AI should not be a machine that charges off blindly the moment you press a button. It should be like a colleague with professional standards and self-discipline.

In the product, that becomes five work modes: auto, plan, prepare, execute, assess. Facing a bigger task, it first lays out a structured plan and a todo list, acts only after your confirmation, and assesses its own work when done. Each mode can be staffed with agents of a different temperament, and every tool call is approvable and auditable.

This “think first, act second” cadence, paired with background subagents, is what lets it genuinely carry long-horizon tasks. It can dispatch several general-purpose subagents to work in parallel, while the main conversation shows you clean progress instead of a screen drowned in intermediate logs. We even built a dedicated TaskWait tool for this: a single call lets the AI block until background tasks or subagents finish — waiting for “all done” or “any done” — with none of the intermediate output flushed back into the main conversation. A detail ground out of countless real long-running tasks.

Security is written into the genes, not bolted on later

If one thing sets us apart from the other coding assistants out there, it is the security gene.

We ship a complete set of built-in, binary-oriented read-only analysis tools: hashing & entropy, strings & IOC extraction, PE / ELF / Mach-O parsing, disassembly, plus LLM-driven C / Java pseudocode decompilation and YARA rule matching. In other words, from writing code to triaging a malicious sample, one and the same agent rides along the whole way.

But “can analyze samples” is dangerous in itself — the last thing you want is an AI getting “helpful” and running a dropper sample as a script. So we drew a hard line that cannot be lifted: the samples/ directory is a read-only analysis zone where execution tools are force-disabled. Even with “unrestricted mode” switched on, this line does not budge. The rm -rf check, the command-injection blacklist, the network allowlist — these hard limits hold in every mode. Give the AI freedom, but never hand over the steering wheel.

As for “unrestricted mode” itself, we designed it with restraint: a shield toggle, plus a 5-second cool-down, plus a persistent red danger state — scoped per session, memory-only, wiped on restart. Every time you “let go of the reins,” we want it to be a clear-eyed, deliberate choice.

What “sovereign and self-controlled” actually looks like

The phrase gets thrown around as a label. We’d rather unpack it into facts you can verify.

The desktop client is developed in-house, riding on the Landi Threat Detection & Analysis (AI) vertical model and the Antiy AVL security engine underneath. Local credentials are encrypted at rest with national-crypto SM4-GCM, key derivation bound to the machine ID; skill packages carry national-crypto SM2 / SM3 signatures, verified before a skill is installed. Your sessions are stored 100% locally, and sample bodies never leave your machine. The enterprise edition supports full-stack on-premises deployment and MLPS compliance.

At the model layer we built the AVL Delta efficient transport protocol: each turn sends only that turn’s new content, stable history is never re-uploaded, and prefix caching pushes token savings and speed further. If a Delta endpoint is missing, it automatically and safely falls back to standard chat/completions — the conversation never breaks, and authentication errors are never silently papered over. We also speak OpenAI / Anthropic-compatible APIs, so you are free to plug in your own or third-party models — we don’t lock you into paying for any one vendor’s model.

Standing on the shoulders of giants — and respecting your old habits

We never planned to make you abandon the workflow you already have. Quite the opposite: AVL Code deliberately aligns its ecosystem with Claude Code. AGENTS.md / CLAUDE.md at the project root are automatically injected into the system prompt as “project instructions,” with subdirectory instructions injected on demand; subagents keep the standard subagent_type aliases; the hooks system aligns with 11 event types; the skill system is compatible with SKILL.md. If you’re coming from Claude Code or Codex, your existing habits migrate almost seamlessly.

For the stack we went with Wails v2 + Go 1.25 + Svelte 5 (runes) + Tailwind CSS 4, making the whole desktop a genuinely native, cross-platform app — distributed on macOS, Windows and Linux alike. Even the terminal die-hards are covered: the built-in zTUI gives you the full Agent / Hook / MCP / Skill stack in a bare terminal.

Putting the assistant in your pocket

Everyone in security knows this: the approvals that really matter tend to arrive when you’re nowhere near your computer.

So we built companion messaging. Through WeChat, Feishu and DingTalk, you can drive the desktop assistant remotely from your phone: task progress is pushed to the team chat, and critical operations (a git push, say) pop up on your phone as approval cards. You reply “approved,” and the desktop carries on; the session syncs in full and survives restarts. A long task can start at your desk, collect its approvals on your commute, and show you the results when you get home — the way of working we always wanted.

Still young, but the direction is clear

Frankly, AVL Code is still in closed alpha (the alpha channel), version numbers still sitting in the v0.6 range, iterating every day. We position it as “a sovereign alternative to Claude Code and Codex,” but what we really want to build is the security scenario nobody else has taken seriously — an agent that writes good code for you, and keeps the restraint and professionalism a sample demands.

If you also believe that “AI should get things done — but stay controllable,” come give it a try. The Zero starter plan is free for a limited time during the alpha: download the desktop app, log in with your phone number, and finish your first hands-on session with zero configuration.

We’ll be waiting at avlcode.cn.


AVL Code — the AVL security engine, with intelligence at your side. From the Antiy Landi team.