Skip to main content
Glama
aelbuni

aigently

by aelbuni
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Local

Aigent.ly

The open-source CVE catalog, pipeline, and MCP server behind aigent.ly. Every day, CI ingests fresh CVEs from five public threat sources, enriches them with AI-generated coding patterns, and commits ready-to-use security rules directly into this repo — formatted for Cursor, Claude Code, Windsurf, GitHub Copilot, and Cline.

"We open-sourced everything the community needs — the data, the pipeline, the stack registry. The web app that runs aigent.ly is private. Because a security product should practice what it preaches."

How it works

asciicast

CVE published  →  pipeline detects it  →  Claude generates safe-code patterns
    →  rule committed to this repo  →  your IDE enforces it while you type

AI coding assistants write production code fast. They don't know which CVEs affect your stack today, or how to write around them. Aigent.ly bridges that gap: it turns a live CVE feed into IDE rules that travel with your project, enforced at generation time — not discovered at audit time.

Repository layout

Path

Contents

packages/catalog-data/

Live threat snapshots — JSON committed daily by CI

packages/mcp-server/

MCP server (@aigently/mcp-server) — exposes catalog to AI agents

packages/db/

Drizzle schema shared between the pipeline and the web app

packages/mvp-catalog/

Stack registry — add a stack entry here to onboard it

packages/api-client/

TypeScript client generated from the OpenAPI spec

pipeline/scripts/

sync, amplify, summarize, synthesize, export — the full pipeline

.github/workflows/sync-threats.yml

Daily CI: ingest CVEs → AI guardrails → commit

Quick start

No API keys needed. CI commits fresh snapshots daily — just clone and use.

git clone https://github.com/aelbuni/aigently-catalog
cd aigently-catalog
npm install

cp pipeline/.env.example pipeline/.env   # default DATABASE_URL matches docker-compose
npm run db:setup                          # start Postgres, migrate, seed

Use via MCP (recommended)

Add to your IDE's MCP config — works with Claude Code, Cursor, Windsurf, Copilot, and Cline:

{
  "mcpServers": {
    "aigently": {
      "command": "npx",
      "args": ["-y", "@aigently/mcp-server@latest"]
    }
  }
}

The MCP server reads static JSON from packages/catalog-data/ — no database or API keys required.

Available tools

Tool

Description

get_security_context

Detect your stack and return relevant rules and top CVEs

compose_guardrail

Generate an IDE-ready rules file for your stack

search_threats

Full-text and faceted CVE search

get_threat

Full CVE detail with AI-generated safe-code patterns

detect_project_stack

Identify stack from a file list

Threat intelligence pipeline

Sources

The pipeline aggregates five public threat sources and normalizes them into a single schema:

Source

Contribution

NVD (NIST)

Authoritative CVE registry. Fills in CVSS scores and CWE IDs after deduplication.

CISA KEV

US government list of CVEs actively exploited in the wild. Sets isActivelyExploited as a hard prioritization signal.

GHSA (GitHub)

Advisory database across npm, pip, RubyGems, Maven, Go, Swift, and more.

OSV (Google)

Open-source vulnerability database. Queried per stack — scoped to packages your stacks use.

npm Audit

Direct package advisory scan per stack. Catches advisories not yet reflected in OSV or GHSA.

Pipeline stages

Daily CI run (GitHub Actions, 06:00 UTC)

  Ingest     npm Audit + OSV + GHSA → raw advisories
  Enrich     CISA KEV flags + NVD severity/CWE fill-in
  Filter     CVEs published after 2023-01-01 (CISA KEV always included)
  Persist    write threats + stack associations to Postgres

  Amplify    Claude: 2–4 ALWAYS/NEVER patterns per CVE
  Summarize  Claude: cluster CVEs into per-stack rule docs
  Synthesize Claude: merge into guardrail blocks (patterns + deps)
  Export     write JSON snapshots to packages/catalog-data/

  Commit     auto-push catalog-data/ to this repo

AI enrichment

Each new CVE goes through three Claude passes before it becomes an IDE rule:

  1. Amplify — Generates 2–4 ALWAYS/NEVER statements specific to the CVE's attack vector, plus a one-sentence risk summary.

  2. Summarize — Clusters CVEs by attack vector into per-stack rule documents with ALWAYS/NEVER/WARN/CONFIRM directives.

  3. Synthesize — Merges rules per stack into two pre-built guardrail blocks: patterns (safe-coding directives) and deps (dependency advisories).

Supported stacks

Next.js · Express · NestJS · Nuxt · React SPA · FastAPI · Django · Ruby on Rails · Go · iOS · Android

To add a stack: open packages/mvp-catalog/src/stack-registry.ts, add a StackConfig entry, open a PR.

Run the pipeline locally

# pipeline/.env — add your keys:
ANTHROPIC_API_KEY=...   # required for amplify, summarize, synthesize
GITHUB_TOKEN=...        # required for GHSA source
NVD_API_KEY=...         # optional — increases NVD rate limit 10×

npm run sync:threats           # ingest CVEs from all five sources
npm run amplify:threats        # Claude: ALWAYS/NEVER patterns per CVE
npm run summarize:rules        # Claude: cluster into per-stack rule docs
npm run synthesize:guardrails  # Claude: pre-build guardrail blocks
npm run export:catalog         # write JSON to packages/catalog-data/

Reference

All scripts

Script

Purpose

npm run db:up

Start Postgres via Docker Compose

npm run db:setup

First-time setup: start Postgres + migrate + seed

npm run db:migrate

Apply Drizzle migrations

npm run db:seed

Full catalog seed

npm run db:seed:upsert

Non-destructive upsert

npm run sync:threats

Ingest CVEs from all five sources

npm run amplify:threats

AI-generate patterns for new threats

npm run summarize:rules

AI-cluster CVEs into rule summaries

npm run synthesize:guardrails

Pre-build per-stack guardrail blocks

npm run export:catalog

Export DB → packages/catalog-data/ JSON

Environment variables

Variable

Required

Purpose

DATABASE_URL

Always

Postgres connection string

ANTHROPIC_API_KEY

AI steps

Claude API access

GITHUB_TOKEN

Sync

GitHub advisory source (GHSA)

NVD_API_KEY

Optional

10× NVD rate limit

Prerequisites

  • Node.js 22+

  • Docker (for local Postgres)

  • Anthropic API key (AI pipeline steps only)

Contributing

PRs are welcome. The highest-value contributions are:

See CONTRIBUTING.md for full guidelines.

License

Apache 2.0 — threat data sourced from public domain (NVD, CISA KEV, GHSA, OSV).

Aigent.ly and the Aigent.ly logo are trademarks of Aigently, Inc.

This server cannot be installed

F
license - not found
-
quality - not tested
C
maintenance

How are these scores calculated?

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/aelbuni/aigently-catalog'

If you have feedback or need assistance with the MCP directory API, please join our Discord server