All the ethical ambiguity of AI-powered clean room reimplementation, but you run it yourself. No cute marketing site. No fake testimonials from "Dr. Heinrich Offshore." No offshore subsidiaries. Just a Rust binary, your API keys, and whatever you tell your lawyers.
Apparently "free as in freedom" doesn't mean "free as in do whatever you want and pretend you wrote it." Who knew.
One careless npm install and suddenly your proprietary SaaS must disclose its source. Your investors
are calling. Your lawyers are crying. Your quarterly report is weeping.
Keeping track of 2,000+ transitive dependencies and their license terms? That's not engineering, that's archaeology. And your compliance team bills by the hour.
Some licenses require you to share your improvements. Your board didn't raise $40M in Series B so you could give code to strangers on the internet.
Third-party audits. License scanners. Legal reviews. All so you can use a left-pad function some maintainer wrote in eleven lines.
Malus showed the world this was possible. PHALUS lets you do it in your basement.
Two AI agents. One firewall. Zero eye contact with source code. Legal precedent since 1984.
Drop in your package.json, requirements.txt, Cargo.toml, or go.mod.
PHALUS resolves every dependency against the live registry. It knows what you depend on. It judges silently.
Agent A reads only public documentation — READMEs, API docs, type definitions. Never a single line of source code. It produces a Clean Room Specification Pack (CSP): 10 documents describing what the package does, never how. Think of it as the world's most thorough product requirements doc, written by an AI that takes clean room protocol more seriously than your compliance team.
Agent B has never met Agent A. They don't share context, state, or API sessions. The only thing that crosses the boundary is the CSP, logged with SHA-256 checksums. This is the legal core — provable separation between the documentation reader and the code writer. Phoenix Technologies did this with humans in 1984. We do it with LLMs in 2026.
Agent B reads only the CSP and uses a symbiont reasoning loop to iteratively implement the package from scratch. It writes code, checks API completeness, resolves missing imports, and repeats until done. It has provably never seen the original code, the original docs, or even the package name's npm page. The output is functionally equivalent, independently derived code. Yours to do with as you please. Allegedly.
The validator checks syntax, runs tests, and scores similarity against the original. Anything above threshold gets flagged. Every step is recorded in an append-only audit trail — because if you're going to do something legally dubious, you should at least have really good paperwork.
Agent A now produces structured, machine-parseable specs. Agent B can actually read them.
All 10 CSP documents now follow strict JSON schemas with typed fields.
02-api-surface uses a structured exports array.
09-test-scenarios has concrete input/output pairs. No more unstructured blobs.
8 explicit directives ensure Agent A covers merge algorithms, type-detection cascades, serialization semantics, interface contracts, default behaviors, security mechanisms, enum values, and sentinel values. The stuff that actually trips up reimplementors.
Agent B's check_completeness now correctly parses the structured API surface,
including nested static_methods and instance_methods.
The agentic self-correction loop is no longer blind.
Every CSP document uses .json extension. No more JSON-masquerading-as-markdown.
Consistent, validatable, and honest about what it is.
The moral reckoning takes longer.
| Ecosystem | Manifest | Registry |
|---|---|---|
| npm | package.json | registry.npmjs.org |
| Python | requirements.txt | pypi.org |
| Rust | Cargo.toml | crates.io |
| Go | go.mod | proxy.golang.org |
We think you should read the answers before using it.
Clean room reimplementation has legal precedent going back to Phoenix Technologies' 1984 IBM BIOS clone and Baker v. Selden (1879). Whether that precedent extends to AI-assisted reimplementation is, to use the legal term, completely untested. You are your own legal counsel here. We are a Rust binary, not a law firm.
Malus is a SaaS product with a payment page, a marketing site, and testimonials from "Dr. Heinrich Offshore." PHALUS is the same two-agent pipeline running on your machine, with your API keys, under a 0BSD license. No cloud. No accounts. No middleman taking a cut of your moral compromise.
This is the question that matters. Clean room reimplementation — whether done by humans in 1984 or AI in 2026 — fundamentally challenges the social contract of open source. PHALUS exists to make that challenge visible, not to celebrate it. If the ease of this tool concerns you, good. It should.
Every run produces a full audit trail: SHA-256 checksums at the firewall boundary, provable agent isolation, similarity scoring against the original. Whether that paperwork satisfies your lawyers depends on your lawyers, your jurisdiction, and how much your lawyers charge per hour.
The validator flags anything above your configured threshold (default: 0.70). Some things — like left-pad — have very few correct implementations. If two separate authors independently write the same eleven lines, is that infringement or mathematics? Ask a philosopher. Or a judge. PHALUS just reports the number.
Private Headless Automated License Uncoupling System. The acronym is unfortunate. The name is accurate. We considered alternatives but decided that if you're going to build a tool for ethically ambiguous license circumvention, you might as well commit to the bit.
There are no robots. There are two LLM API calls with a SHA-256 checksum between them. You can see exactly what happens by reading the source code, which is 100% open, unlike whatever you're about to do with the output.
Join the zero people who've publicly admitted to using this tool.