https://github.com/ajaysurya1221/frontier-scout
Local-first try-before-trust radar for AI tools, MCP servers, agents, models, and dependency upgrades.
https://github.com/ajaysurya1221/frontier-scout
agent-security ai ai-agents ai-tools dependency-intelligence developer-tools local-first mcp security-tools tech-radar
Last synced: 23 days ago
JSON representation
Local-first try-before-trust radar for AI tools, MCP servers, agents, models, and dependency upgrades.
- Host: GitHub
- URL: https://github.com/ajaysurya1221/frontier-scout
- Owner: ajaysurya1221
- License: mit
- Created: 2026-05-21T16:54:03.000Z (about 1 month ago)
- Default Branch: main
- Last Pushed: 2026-05-30T19:34:51.000Z (26 days ago)
- Last Synced: 2026-05-30T21:14:27.990Z (26 days ago)
- Topics: agent-security, ai, ai-agents, ai-tools, dependency-intelligence, developer-tools, local-first, mcp, security-tools, tech-radar
- Language: Python
- Homepage:
- Size: 27.6 MB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Security: SECURITY.md
- Roadmap: ROADMAP.md
- Agents: AGENTS.md
Awesome Lists containing this project
README
> [!TIP]
> **377 releases scanned → 5 worth your time.** Newsletters tell you what's _popular_. Trending tells you what's _loud_. Neither knows your stack — and neither tells you whether a tool is safe to run. **Frontier Scout reads your repo locally, ranks every release against it, and refuses to say "ship it" without evidence.**
Table of contents
- [🛰 How it works](#-how-it-works)
- [🎯 Three promises](#-three-promises)
- [⚡ Quickstart](#-quickstart)
- [🔌 Bring your own LLM](#-bring-your-own-llm)
- [⏱ 60-second demo](#-60-second-demo)
- [🔭 The killer workflow](#-the-killer-workflow)
- [🔒 Safety model](#-safety-model)
- [💸 Cost](#-cost)
- [🗺 Roadmap](#-roadmap) · [🤝 Contributing](#-contributing) · [📄 License](#-license)
## 🛰 How it works
One pipeline, three jobs — **find what's new → figure out what's relevant to _your_ code → refuse to say "ship it" without evidence.**
| | Stage | What it does |
| :-- | :-- | :-- |
| **01** | **WATCH** | Scouts GitHub Releases, the MCP registry, Hugging Face, and PyPI / npm — the frontier as it lands. |
| **02** | **MATCH** | A local tree-sitter pass maps releases to your repo's stack (Python, JS/TS, Go, Rust, Ruby) — **without ever reading your source**. |
| **03** | **DECIDE** | A source-backed **ADOPT / TRIAL / ASSESS / HOLD** verdict, plus the smallest safe trial to run next. |
Every finding lands on the **Adoption Matrix** (fit × risk) and as a **verdict card** — a source-backed call, a fit / risk / readiness read, a permission map, and the safest next step. Note that **`guard` blocks adoption until a sandbox trial receipt exists**.
Mission Control — the Adoption Matrix (fit × risk) cross-linked to the verdict list, with segmented gauges and a guard-gated detail panel.
The detail panel also surfaces explicit **concerns** — `burns tokens` · `abandoned` · `vendor lock-in` · `security surface` · `marketing-only` · `unproven` — so you always see _why_ we'd push back.
## 🎯 Three promises
Awareness is table stakes. **Evidence is the product.**
| | |
| :-- | :-- |
| **◈ Try before trust** | Every adoption candidate earns a sandbox dry-run receipt, a permission map, and a guard check **before it touches your real repo**. |
| **◆ Fix vulns you didn't know existed** | Dependency intelligence cross-references your manifests against curated security, hardening, and breaking-change feeds — then emits a _trial recipe_, not a silent lockfile rewrite. |
| **◐ Bound risky changes** | Incident Change Scout turns a ticket into cited context, a bounded remediation plan, and a **human approval interrupt** before any write. |
## ⚡ Quickstart
> **Prerequisite —** Python 3.11+
```bash
# install (pipx recommended) — or run with no install at all
pipx install frontier-scout
uvx frontier-scout demo # try it without installing
# configure your LLM backend once (auto-detects what you have)
frontier-scout setup
# open Mission Control inside any repo
cd ~/code/my-app && frontier-scout
```
Mission Control lands on the **Scout** tab — the radar that ranks the latest AI releases that fit your repo. From a highlighted verdict row, every capability is one keystroke:
L hermetic lab · e firewall eval · i implement & test · D dossier · o open source · P palette
Tabs: **Scout · Schedule · Receipts · Guard · Packs · Deps · Reports · Settings.** Everything reflows down to an 80×24 VS Code panel, with unicode/ASCII and colour/mono fallbacks. Prefer a calmer, one-finding-at-a-time flow? `frontier-scout --ui briefing`.
Develop locally
```bash
git clone https://github.com/ajaysurya1221/frontier-scout
cd frontier-scout
python3 -m venv .venv && source .venv/bin/activate
pip install -e ".[dev]"
frontier-scout --help
```
## 🔌 Bring your own LLM
Frontier Scout needs **exactly one** backend, and works with whichever you already have. The setup wizard detects what's present and picks the first available:
| You have… | Set | Cost / scan |
| :-- | :-- | :-: |
| An **Anthropic** API key | `ANTHROPIC_API_KEY` | `~$0.34` |
| An **OpenAI** API key | `OPENAI_API_KEY` | `~$0.05` |
| **Claude Code** installed | _nothing — auto-detected_ | **`$0`** |
| **Codex CLI** installed | _nothing — auto-detected_ | **`$0`** |
| Any **OpenAI-compatible** gateway | `OPENAI_BASE_URL` | _your endpoint_ |
Already paying for a Claude Code or Codex subscription? Scouting runs at **zero marginal cost** — it shells out to the CLI you already pay for. New in **v1.7.0**: an `openai-compatible` provider for LiteLLM, vLLM, Ollama & self-hosted gateways. Force a backend with `--provider anthropic | openai | claude-cli | codex-cli`.
> [!NOTE]
> **No backend at all?** `frontier-scout demo` runs the whole pipeline offline against bundled fixtures — no key, no network, no Slack, no cloud.
## ⏱ 60-second demo
```console
$ frontier-scout demo
╭── ◉ FRONTIER · SCOUT — demo ready ──────────────────────────────╮
│ │
│ Serving at http://localhost:54321 · Ctrl+C to stop │
│ │
│ ✓ briefing.html adoption receipts │
│ ✓ verdicts.json raw verdict data │
│ ✓ judge-trace.md quality trace │
│ │
│ Next ▸ frontier-scout setup Mission Control TUI │
│ frontier-scout scan --dry-run verdicts for this repo │
│ │
╰──────────────────────────────────────────────────────────────────╯
```
Writes [`demo/briefing.html`](demo/briefing.html), [`demo/briefing.md`](demo/briefing.md), [`demo/verdicts.json`](demo/verdicts.json), [`demo/cost-breakdown.md`](demo/cost-breakdown.md), and [`demo/judge-trace.md`](demo/judge-trace.md). Use `--no-serve` for CI / offline.
## 🔭 The killer workflow
Someone drops a repo, MCP server, model, or agent framework in a newsletter or team chat. Turn that link into a local adoption **decision** instead of a vibes-based _"looks safe"_:
```bash
frontier-scout init --repo . # local stack profile (+ tree-sitter import evidence)
frontier-scout evaluate # source-backed evidence + permission map
frontier-scout trial --dry-run # adoption receipt, installs nothing
frontier-scout guard --repo . # CI gate: risky tools need a stored receipt
frontier-scout report # static HTML executive radar
```
Inspect living packs and repo-relevant dependency upgrades:
```bash
frontier-scout packs list # candidate → watched → core → retired
frontier-scout deps scan --repo . # repo-relevant security & breaking upgrades
frontier-scout dossier # local adoption dossier with explicit unknowns
```
## 🔒 Safety model
Frontier Scout handles untrusted public content and can optionally run untrusted packages in the lab — so the rails are load-bearing:
| Rail | What it guarantees |
| :-- | :-- |
| **Source text is data, not instructions** | Incident & breach headlines can never become tool recommendations. |
| **No hallucinated tools** | Tool names are checked against the source pool; source URLs must pass a domain allowlist. |
| **ADOPT must earn it** | Not enough readiness evidence → demoted. The Adoption Firewall fails **closed** on unknown capability surfaces. |
| **The lab is hermetic** | Stripped environment, wall-clock timeout, size caps, and generated-script secret scanning. |
| **The scanner is offline** | Deterministic local tree-sitter AST parse — never sends source content to an LLM, never hits the network. |
| **`guard` never writes** | It only reads local evidence and policy; CI-friendly exit codes. |
See [SECURITY.md](SECURITY.md) for the full threat model.
## 💸 Cost
`frontier-scout demo` is free — it never calls the network. The figures below model a live **weekly scan** (a recent run scanned **377** items, considered **350**, and shipped **5** verdicts for ~$0.31): a fast score pass, a fast verdict pass, and an optional Opus-class judge pass.
| Provider (fast / deep) | Score + verdict | + judge | **Weekly scan** |
| :-- | :-: | :-: | :-: |
| **Anthropic** Sonnet / Opus | `~$0.22` | `+$0.12` | **`~$0.34`** |
| **OpenAI** 4o-mini / 4o | `~$0.01` | `+$0.04` | **`~$0.05`** |
| **Claude CLI** subscription | `$0` | `$0` | **`$0`** |
| **Codex CLI** subscription | `$0` | `$0` | **`$0`** |
Set `JUDGE_ENABLED=false` to skip the judge for the cheapest run on any provider. Every call is written to a local `~/.frontier-scout/costs.jsonl` ledger — and the **Receipts** tab shows exactly what you spent.
## 🗺 Roadmap
- [x] **`v0.2`** — Living Scout Packs, dependency intelligence, Adoption Firewall, Incident Change Scout
- [x] **`v0.4.0`** — Monorepo profile walker + tree-sitter import-evidence scanner (Python & JS/TS)
- [x] **`v1.0.0`** — Mission Control: every CLI capability gets a TUI surface, scout-first landing
- [x] **`v1.1.0`** — Global setup wizard, cron automation, notifications, Go / Rust / Ruby coverage
- [x] **`v1.4.0`** — Universal LLM provider, RLAIF fit-grounding loop, honest per-provider costs
- [x] **`v1.5.0`** — Mission Control complete: 8-tab keyboard command center + command palette
- [x] **`v1.6.0`** — Mission Control v2: full mouse ↔ keyboard parity, permission map, repo switcher
- [x] **`v1.7.0`** — Single provider-selection ladder, two-tier scout/judge split, `openai-compatible` provider for gateway / self-hosted interop
- [ ] **Mission Control v5** _(in progress)_ — the **Adoption Matrix** (fit × risk dot-plot), segmented gauges everywhere, and the local architecture profile surfaced in Settings
- [ ] **next** — streaming subprocess output in Trials, multi-repo workspace, launchd / Windows Task Scheduler
See [ROADMAP.md](ROADMAP.md) for the longer view.
## 🤝 Contributing
The fastest useful PRs improve the CLI/report path, validator coverage, source quality, or lab isolation. Read [CONTRIBUTING.md](CONTRIBUTING.md), browse [good first issues](https://github.com/ajaysurya1221/frontier-scout/labels/good%20first%20issue), and respect the [Code of Conduct](CODE_OF_CONDUCT.md).
```bash
make setup && make demo && make test && make eval && make audit
```
CI runs compile checks, non-live tests, and a tracked-file secret scan.
## 📄 License
Distributed under the [MIT License](LICENSE).
**Built with** — [Textual](https://textual.textualize.io/) (TUI) · [tree-sitter-language-pack](https://github.com/Goldziher/tree-sitter-language-pack) (grammars) · [Pydantic](https://docs.pydantic.dev/) (typed models) · SQLite (local store). Structure inspired by [othneildrew/Best-README-Template](https://github.com/othneildrew/Best-README-Template); deterministic import evidence pushed forward by [Lum1104/Understand-Anything](https://github.com/Lum1104/Understand-Anything).
