{"id":50532708,"url":"https://github.com/ajaysurya1221/frontier-scout","last_synced_at":"2026-06-03T15:00:39.061Z","repository":{"id":359709857,"uuid":"1245889257","full_name":"ajaysurya1221/frontier-scout","owner":"ajaysurya1221","description":"Local-first try-before-trust radar for AI tools, MCP servers, agents, models, and dependency upgrades.","archived":false,"fork":false,"pushed_at":"2026-05-30T19:34:51.000Z","size":28914,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-05-30T21:14:27.990Z","etag":null,"topics":["agent-security","ai","ai-agents","ai-tools","dependency-intelligence","developer-tools","local-first","mcp","security-tools","tech-radar"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ajaysurya1221.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-05-21T16:54:03.000Z","updated_at":"2026-05-29T05:59:41.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/ajaysurya1221/frontier-scout","commit_stats":null,"previous_names":["ajaysurya1221/frontier-scout"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ajaysurya1221/frontier-scout","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ajaysurya1221%2Ffrontier-scout","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ajaysurya1221%2Ffrontier-scout/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ajaysurya1221%2Ffrontier-scout/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ajaysurya1221%2Ffrontier-scout/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ajaysurya1221","download_url":"https://codeload.github.com/ajaysurya1221/frontier-scout/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ajaysurya1221%2Ffrontier-scout/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33870026,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-03T02:00:06.370Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent-security","ai","ai-agents","ai-tools","dependency-intelligence","developer-tools","local-first","mcp","security-tools","tech-radar"],"created_at":"2026-06-03T15:00:31.562Z","updated_at":"2026-06-03T15:00:39.053Z","avatar_url":"https://github.com/ajaysurya1221.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!--\n  Frontier Scout · README\n  Hero is a self-contained, static SVG (assets/hero-banner.svg) — system-mono only,\n  no external fonts or animation, so it renders identically on GitHub light \u0026 dark.\n  In the repo these assets live under docs/assets/ — adjust the paths below to match.\n  Structure inspired by othneildrew/Best-README-Template (MIT).\n--\u003e\n\n\u003ca id=\"readme-top\"\u003e\u003c/a\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n\u003ca href=\"https://github.com/ajaysurya1221/frontier-scout\"\u003e\n  \u003cimg src=\"docs/assets/hero-banner.svg\" alt=\"Frontier Scout — try AI tools before you trust them. 377 scanned this week, 5 worth your time.\" width=\"100%\"\u003e\n\u003c/a\u003e\n\n\u003cp\u003e\n  \u003ca href=\"#-quickstart\"\u003e\u003cb\u003eQuickstart\u003c/b\u003e\u003c/a\u003e \u0026nbsp;\u0026#183;\u0026nbsp;\n  \u003ca href=\"#-how-it-works\"\u003eHow it works\u003c/a\u003e \u0026nbsp;\u0026#183;\u0026nbsp;\n  \u003ca href=\"#-60-second-demo\"\u003eDemo\u003c/a\u003e \u0026nbsp;\u0026#183;\u0026nbsp;\n  \u003ca href=\"#-bring-your-own-llm\"\u003eBring your own LLM\u003c/a\u003e \u0026nbsp;\u0026#183;\u0026nbsp;\n  \u003ca href=\"#-cost\"\u003eCost\u003c/a\u003e \u0026nbsp;\u0026#183;\u0026nbsp;\n  \u003ca href=\"#-roadmap\"\u003eRoadmap\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp\u003e\n  \u003ca href=\"https://github.com/ajaysurya1221/frontier-scout/releases\"\u003e\u003cimg alt=\"Latest release\" src=\"https://img.shields.io/github/v/release/ajaysurya1221/frontier-scout?include_prereleases\u0026color=24d6a8\u0026labelColor=05080b\u0026label=release\u0026style=for-the-badge\"\u003e\u003c/a\u003e\n  \u0026nbsp;\n  \u003cimg alt=\"Python 3.11+\" src=\"https://img.shields.io/badge/python-3.11+-7aa6ff?style=for-the-badge\u0026labelColor=05080b\u0026logo=python\u0026logoColor=white\"\u003e\n  \u0026nbsp;\n  \u003cimg alt=\"License: MIT\" src=\"https://img.shields.io/badge/license-MIT-a9bccd?style=for-the-badge\u0026labelColor=05080b\"\u003e\n  \u0026nbsp;\n  \u003cimg alt=\"local-first\" src=\"https://img.shields.io/badge/telemetry-none-e3c26f?style=for-the-badge\u0026labelColor=05080b\"\u003e\n\u003c/p\u003e\n\n\u003c/div\u003e\n\n\u003e [!TIP]\n\u003e **377 releases scanned \u0026#8594; 5 worth your time.** Newsletters tell you what's _popular_. Trending tells you what's _loud_. Neither knows your stack — and neither tells you whether a tool is safe to run. **Frontier Scout reads your repo locally, ranks every release against it, and refuses to say \"ship it\" without evidence.**\n\n\u003cdetails\u003e\n  \u003csummary\u003e\u0026nbsp;\u003cb\u003eTable of contents\u003c/b\u003e\u003c/summary\u003e\n\n- [🛰\u0026nbsp; How it works](#-how-it-works)\n- [🎯\u0026nbsp; Three promises](#-three-promises)\n- [⚡\u0026nbsp; Quickstart](#-quickstart)\n- [🔌\u0026nbsp; Bring your own LLM](#-bring-your-own-llm)\n- [⏱\u0026nbsp; 60-second demo](#-60-second-demo)\n- [🔭\u0026nbsp; The killer workflow](#-the-killer-workflow)\n- [🔒\u0026nbsp; Safety model](#-safety-model)\n- [💸\u0026nbsp; Cost](#-cost)\n- [🗺\u0026nbsp; Roadmap](#-roadmap)\u0026nbsp; \u0026#183;\u0026nbsp; [🤝 Contributing](#-contributing)\u0026nbsp; \u0026#183;\u0026nbsp; [📄 License](#-license)\n\n\u003c/details\u003e\n\n## 🛰\u0026nbsp; How it works\n\nOne pipeline, three jobs — **find what's new \u0026#8594; figure out what's relevant to _your_ code \u0026#8594; refuse to say \"ship it\" without evidence.**\n\n| | Stage | What it does |\n| :-- | :-- | :-- |\n| **01** | **WATCH** | Scouts GitHub Releases, the MCP registry, Hugging Face, and PyPI / npm — the frontier as it lands. |\n| **02** | **MATCH** | A local tree-sitter pass maps releases to your repo's stack (Python, JS/TS, Go, Rust, Ruby) — **without ever reading your source**. |\n| **03** | **DECIDE** | A source-backed **ADOPT / TRIAL / ASSESS / HOLD** verdict, plus the smallest safe trial to run next. |\n\nEvery finding lands on the **Adoption Matrix** (fit \u0026#215; risk) and as a **verdict card** — a source-backed call, a fit / risk / readiness read, a permission map, and the safest next step. Note that **`guard` blocks adoption until a sandbox trial receipt exists**.\n\n\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"docs/assets/mission-control-v5.png\" alt=\"Frontier Scout Mission Control: the Scout home with the Adoption Matrix (a fit by risk cell grid of tier-coloured verdict dots), the ranked verdict list, and a detail panel for anthropics/skills.\" width=\"100%\"\u003e\n  \u003cbr/\u003e\n  \u003csub\u003eMission Control — the \u003cb\u003eAdoption Matrix\u003c/b\u003e (fit \u0026#215; risk) cross-linked to the verdict list, with segmented gauges and a guard-gated detail panel.\u003c/sub\u003e\n\u003c/div\u003e\n\nThe detail panel also surfaces explicit **concerns** — `burns tokens` \u0026#183; `abandoned` \u0026#183; `vendor lock-in` \u0026#183; `security surface` \u0026#183; `marketing-only` \u0026#183; `unproven` — so you always see _why_ we'd push back.\n\n## 🎯\u0026nbsp; Three promises\n\nAwareness is table stakes. **Evidence is the product.**\n\n|  |  |\n| :-- | :-- |\n| **◈\u0026nbsp; Try before trust** | Every adoption candidate earns a sandbox dry-run receipt, a permission map, and a guard check **before it touches your real repo**. |\n| **◆\u0026nbsp; Fix vulns you didn't know existed** | Dependency intelligence cross-references your manifests against curated security, hardening, and breaking-change feeds — then emits a _trial recipe_, not a silent lockfile rewrite. |\n| **◐\u0026nbsp; Bound risky changes** | Incident Change Scout turns a ticket into cited context, a bounded remediation plan, and a **human approval interrupt** before any write. |\n\n## ⚡\u0026nbsp; Quickstart\n\n\u003e **Prerequisite —** Python 3.11+\n\n```bash\n# install (pipx recommended) — or run with no install at all\npipx install frontier-scout\nuvx frontier-scout demo          # try it without installing\n\n# configure your LLM backend once (auto-detects what you have)\nfrontier-scout setup\n\n# open Mission Control inside any repo\ncd ~/code/my-app \u0026\u0026 frontier-scout\n```\n\nMission Control lands on the **Scout** tab — the radar that ranks the latest AI releases that fit your repo. From a highlighted verdict row, every capability is one keystroke:\n\n\u003cdiv align=\"center\"\u003e\n\n\u003ckbd\u003e\u0026nbsp;L\u0026nbsp;\u003c/kbd\u003e hermetic lab\u0026nbsp;\u0026nbsp; \u0026#183; \u0026nbsp;\u0026nbsp;\u003ckbd\u003e\u0026nbsp;e\u0026nbsp;\u003c/kbd\u003e firewall eval\u0026nbsp;\u0026nbsp; \u0026#183; \u0026nbsp;\u0026nbsp;\u003ckbd\u003e\u0026nbsp;i\u0026nbsp;\u003c/kbd\u003e implement \u0026amp; test\u0026nbsp;\u0026nbsp; \u0026#183; \u0026nbsp;\u0026nbsp;\u003ckbd\u003e\u0026nbsp;D\u0026nbsp;\u003c/kbd\u003e dossier\u0026nbsp;\u0026nbsp; \u0026#183; \u0026nbsp;\u0026nbsp;\u003ckbd\u003e\u0026nbsp;o\u0026nbsp;\u003c/kbd\u003e open source\u0026nbsp;\u0026nbsp; \u0026#183; \u0026nbsp;\u0026nbsp;\u003ckbd\u003e\u0026nbsp;P\u0026nbsp;\u003c/kbd\u003e palette\n\n\u003c/div\u003e\n\nTabs: **Scout \u0026#183; Schedule \u0026#183; Receipts \u0026#183; Guard \u0026#183; Packs \u0026#183; Deps \u0026#183; Reports \u0026#183; Settings.** Everything reflows down to an 80\u0026#215;24 VS Code panel, with unicode/ASCII and colour/mono fallbacks. Prefer a calmer, one-finding-at-a-time flow? `frontier-scout --ui briefing`.\n\n\u003cdetails\u003e\n  \u003csummary\u003e\u0026nbsp;Develop locally\u003c/summary\u003e\n\n```bash\ngit clone https://github.com/ajaysurya1221/frontier-scout\ncd frontier-scout\npython3 -m venv .venv \u0026\u0026 source .venv/bin/activate\npip install -e \".[dev]\"\nfrontier-scout --help\n```\n\n\u003c/details\u003e\n\n## 🔌\u0026nbsp; Bring your own LLM\n\nFrontier Scout needs **exactly one** backend, and works with whichever you already have. The setup wizard detects what's present and picks the first available:\n\n\u003cdiv align=\"center\"\u003e\n\n| You have… | Set | Cost / scan |\n| :-- | :-- | :-: |\n| An **Anthropic** API key | `ANTHROPIC_API_KEY` | `~$0.34` |\n| An **OpenAI** API key | `OPENAI_API_KEY` | `~$0.05` |\n| **Claude Code** installed | _nothing — auto-detected_ | **`$0`** |\n| **Codex CLI** installed | _nothing — auto-detected_ | **`$0`** |\n| Any **OpenAI-compatible** gateway | `OPENAI_BASE_URL` | _your endpoint_ |\n\n\u003c/div\u003e\n\nAlready paying for a Claude Code or Codex subscription? Scouting runs at **zero marginal cost** — it shells out to the CLI you already pay for. New in **v1.7.0**: an `openai-compatible` provider for LiteLLM, vLLM, Ollama \u0026amp; self-hosted gateways. Force a backend with `--provider anthropic | openai | claude-cli | codex-cli`.\n\n\u003e [!NOTE]\n\u003e **No backend at all?** `frontier-scout demo` runs the whole pipeline offline against bundled fixtures — no key, no network, no Slack, no cloud.\n\n## ⏱\u0026nbsp; 60-second demo\n\n```console\n$ frontier-scout demo\n\n╭── ◉ FRONTIER · SCOUT — demo ready ──────────────────────────────╮\n│                                                                  │\n│   Serving at  http://localhost:54321   ·   Ctrl+C to stop        │\n│                                                                  │\n│   ✓  briefing.html    adoption receipts                          │\n│   ✓  verdicts.json    raw verdict data                           │\n│   ✓  judge-trace.md   quality trace                              │\n│                                                                  │\n│   Next ▸  frontier-scout setup           Mission Control TUI     │\n│          frontier-scout scan --dry-run   verdicts for this repo  │\n│                                                                  │\n╰──────────────────────────────────────────────────────────────────╯\n```\n\nWrites [`demo/briefing.html`](demo/briefing.html), [`demo/briefing.md`](demo/briefing.md), [`demo/verdicts.json`](demo/verdicts.json), [`demo/cost-breakdown.md`](demo/cost-breakdown.md), and [`demo/judge-trace.md`](demo/judge-trace.md). Use `--no-serve` for CI / offline.\n\n## 🔭\u0026nbsp; The killer workflow\n\nSomeone drops a repo, MCP server, model, or agent framework in a newsletter or team chat. Turn that link into a local adoption **decision** instead of a vibes-based _\"looks safe\"_:\n\n```bash\nfrontier-scout init --repo .            # local stack profile (+ tree-sitter import evidence)\nfrontier-scout evaluate \u003ctool-url\u003e      # source-backed evidence + permission map\nfrontier-scout trial \u003ctool\u003e --dry-run   # adoption receipt, installs nothing\nfrontier-scout guard --repo .           # CI gate: risky tools need a stored receipt\nfrontier-scout report                   # static HTML executive radar\n```\n\nInspect living packs and repo-relevant dependency upgrades:\n\n```bash\nfrontier-scout packs list               # candidate → watched → core → retired\nfrontier-scout deps scan --repo .       # repo-relevant security \u0026 breaking upgrades\nfrontier-scout dossier \u003ctool\u003e           # local adoption dossier with explicit unknowns\n```\n\n## 🔒\u0026nbsp; Safety model\n\nFrontier Scout handles untrusted public content and can optionally run untrusted packages in the lab — so the rails are load-bearing:\n\n| Rail | What it guarantees |\n| :-- | :-- |\n| **Source text is data, not instructions** | Incident \u0026amp; breach headlines can never become tool recommendations. |\n| **No hallucinated tools** | Tool names are checked against the source pool; source URLs must pass a domain allowlist. |\n| **ADOPT must earn it** | Not enough readiness evidence \u0026#8594; demoted. The Adoption Firewall fails **closed** on unknown capability surfaces. |\n| **The lab is hermetic** | Stripped environment, wall-clock timeout, size caps, and generated-script secret scanning. |\n| **The scanner is offline** | Deterministic local tree-sitter AST parse — never sends source content to an LLM, never hits the network. |\n| **`guard` never writes** | It only reads local evidence and policy; CI-friendly exit codes. |\n\nSee [SECURITY.md](SECURITY.md) for the full threat model.\n\n## 💸\u0026nbsp; Cost\n\n`frontier-scout demo` is free — it never calls the network. The figures below model a live **weekly scan** (a recent run scanned **377** items, considered **350**, and shipped **5** verdicts for ~$0.31): a fast score pass, a fast verdict pass, and an optional Opus-class judge pass.\n\n\u003cdiv align=\"center\"\u003e\n\n| Provider \u003csub\u003e(fast / deep)\u003c/sub\u003e | Score + verdict | + judge | **Weekly scan** |\n| :-- | :-: | :-: | :-: |\n| **Anthropic** \u0026nbsp;Sonnet / Opus | `~$0.22` | `+$0.12` | **`~$0.34`** |\n| **OpenAI** \u0026nbsp;4o-mini / 4o | `~$0.01` | `+$0.04` | **`~$0.05`** |\n| **Claude CLI** \u0026nbsp;subscription | `$0` | `$0` | **`$0`** |\n| **Codex CLI** \u0026nbsp;subscription | `$0` | `$0` | **`$0`** |\n\n\u003c/div\u003e\n\nSet `JUDGE_ENABLED=false` to skip the judge for the cheapest run on any provider. Every call is written to a local `~/.frontier-scout/costs.jsonl` ledger — and the **Receipts** tab shows exactly what you spent.\n\n## 🗺\u0026nbsp; Roadmap\n\n- [x] **`v0.2`** — Living Scout Packs, dependency intelligence, Adoption Firewall, Incident Change Scout\n- [x] **`v0.4.0`** — Monorepo profile walker + tree-sitter import-evidence scanner (Python \u0026amp; JS/TS)\n- [x] **`v1.0.0`** — Mission Control: every CLI capability gets a TUI surface, scout-first landing\n- [x] **`v1.1.0`** — Global setup wizard, cron automation, notifications, Go / Rust / Ruby coverage\n- [x] **`v1.4.0`** — Universal LLM provider, RLAIF fit-grounding loop, honest per-provider costs\n- [x] **`v1.5.0`** — Mission Control complete: 8-tab keyboard command center + command palette\n- [x] **`v1.6.0`** — Mission Control v2: full mouse ↔ keyboard parity, permission map, repo switcher\n- [x] **`v1.7.0`** — Single provider-selection ladder, two-tier scout/judge split, `openai-compatible` provider for gateway / self-hosted interop\n- [ ] **Mission Control v5** _(in progress)_ — the **Adoption Matrix** (fit × risk dot-plot), segmented gauges everywhere, and the local architecture profile surfaced in Settings\n- [ ] **next** — streaming subprocess output in Trials, multi-repo workspace, launchd / Windows Task Scheduler\n\nSee [ROADMAP.md](ROADMAP.md) for the longer view.\n\n## 🤝\u0026nbsp; Contributing\n\nThe fastest useful PRs improve the CLI/report path, validator coverage, source quality, or lab isolation. Read [CONTRIBUTING.md](CONTRIBUTING.md), browse [good first issues](https://github.com/ajaysurya1221/frontier-scout/labels/good%20first%20issue), and respect the [Code of Conduct](CODE_OF_CONDUCT.md).\n\n```bash\nmake setup \u0026\u0026 make demo \u0026\u0026 make test \u0026\u0026 make eval \u0026\u0026 make audit\n```\n\nCI runs compile checks, non-live tests, and a tracked-file secret scan.\n\n## 📄\u0026nbsp; License\n\nDistributed under the [MIT License](LICENSE).\n\n**Built with** — [Textual](https://textual.textualize.io/) (TUI) \u0026#183; [tree-sitter-language-pack](https://github.com/Goldziher/tree-sitter-language-pack) (grammars) \u0026#183; [Pydantic](https://docs.pydantic.dev/) (typed models) \u0026#183; SQLite (local store). Structure inspired by [othneildrew/Best-README-Template](https://github.com/othneildrew/Best-README-Template); deterministic import evidence pushed forward by [Lum1104/Understand-Anything](https://github.com/Lum1104/Understand-Anything).\n\n\u003cdiv align=\"center\"\u003e\n  \u003csub\u003e\u003cb\u003eFrontier Scout\u003c/b\u003e — local-first \u0026#183; no telemetry \u0026#183; bring your own LLM\u003c/sub\u003e\n  \u003cbr/\u003e\u003cbr/\u003e\n  \u003ca href=\"#readme-top\"\u003e↑ back to top\u003c/a\u003e\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fajaysurya1221%2Ffrontier-scout","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fajaysurya1221%2Ffrontier-scout","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fajaysurya1221%2Ffrontier-scout/lists"}