Two services. Done right.

Service 1 · Before every edit

🛡 Safe Edit Loop

Your agent stops hallucinating APIs, leaves no stubs, breaks no callers. Automatic in Claude Code (PreToolUse + PostToolUse hooks fire deterministic, the agent can't refuse). Prompt-driven in Cursor / Aider / Cline (auto-installed rules — the agent is strongly guided, compliance ~90-95% on modern models).

How it works

Before each edit: hook calls mcp__argos__preflight with the symbol the agent is about to touch. Returns existence + total caller count + production/test split + risk verdict (LOW/MEDIUM/HIGH). Injected into the agent's context before the Edit fires.
Agent decides with real data: "This function has 18 callers across 7 files — refactor as one commit, run the full test suite." Not "remember to check callers."
After each edit: hook scans the modified file for fake-done patterns across 50+ languages (Rust todo!(), Python raise NotImplementedError, JS throw new Error("not implemented"), etc). Hit → agent obligated to fix before claiming "done".

What it catches

✓ Renaming a function with 23 callers without flagging blast radius.
✓ Calling user.send_email() when the actual method is user.email() — hallucinated API.
✓ Refactoring a function and leaving todo!() in 3 of 7 branches.
✓ Editing defaults.ts and breaking 2 test files that consume it through anonymous arrow callbacks.
✓ Writing throw new Error("not implemented") or unimplemented!() then declaring "Done!".

Compatibility — honest about determinism

Agent runtime	Enforcement	Compliance	What ships at `argosbrain init`
Claude Code	Deterministic	100%	PreToolUse + PostToolUse hooks. The agent never sees the choice — hooks fire before / after every Edit regardless.
Cursor	Prompt-driven	~90-95%	`.cursor/rules/argosbrain.mdc` with `alwaysApply: true`. Injected in every chat; Opus 4.7 follows ~95%.
Aider / Cline / Codex CLI	Prompt-driven	~80-90%	`CONVENTIONS.md` · `.clinerules` · `~/.codex/prompts/`. Compliance depends on the model.
Raw MCP host (custom)	MCP instructions only	varies	MCP server's `instructions` field — universal signal every MCP-compatible agent reads.

For deterministic enforcement, we recommend Claude Code. Cursor / Aider / Cline still ship the value via auto-applied rules; just not 100%.

Install

cd ~/your-project
argosbrain init --install-config .
# Drops 5 hooks in ~/.claude/hooks/, registers them per-project,
# writes .cursor/rules/argosbrain.mdc + .clinerules + CONVENTIONS.md
# + CLAUDE.md. Restart your IDE. Done.

Service 2 · Before every major merge

🔴 Red Team Audit

Nine attacker perspectives. Static control-flow only — PoC pseudocode for your team's verification, no live exploits. Findings ranked by (impact × confidence) / cost-to-exploit and composed into MITRE ATT&CK + Unified Kill Chain + OWASP-mapped narratives. One slash command. 30-50 minutes. Run weekly or before every major merge.

P1 · RECON

Public attack surface

Shadow / zombie routes, config-controlled exposure, exposed secrets, trust-boundary inventory, crown jewels.

P2 · WEB/API

OWASP Top 10 2025

+ API Top 10 + WSTG 4.2 + biz-logic. Absorbs auth-bypass, csrf, perm-uniformity, CORS, PII-flow, compliance.

P3 · CLOUD/INFRA

AWS / Azure / GCP IAM, K8s RBAC

IaC misconfig, CI/CD hygiene. Structurally limited (no IaC AST); pairs with Prowler / Checkov / Pacu.

P4 · AI/LLM

OWASP LLM Top 10 + MITRE ATLAS

Prompt-injection surface, tool-graph, system-prompt leaks, RAG sources. The lethal trifecta hunt.

P5 · SUPPLY-CHAIN

npm / PyPI / Cargo / Go / Actions

Postinstall scripts, OSC&R kill chain, 22 named historical campaigns (XZ, tj-actions, ua-parser-js).

P6 · BUILD & RELEASE

CI workflows + Dockerfiles

Build scripts, release signing, XZ-style upstream divergence. The CVE-2024-3094 detection lane.

P7 · FORGOTTEN SURFACE

Dead code as attack surface

Zombie endpoints, dead auth middleware, dead crypto helpers, unused-but-installed deps. What review forgot.

P8 · SURFACE DRIFT

Every new endpoint since last release

Flagged for missing auth middleware, validation regressions, removed-but-revivable handlers. Pre-merge gate.

P9 · PRIVILEGE BOUNDARY

Admin reachable from public

Cross-module privilege escalation, trust-zone violations, IDOR-class horizontal escalation paths.

Plus Perspective 10 — Chain Composer — turning the nine perspectives' flat primitives into ranked kill chains, mapped to Cyber Kill Chain + MITRE ATT&CK + Unified Kill Chain phases, and tied to historical campaigns.

How to run it

# In Claude Code / Cursor / Aider / Cline, type:
/argos-security

# 9 perspectives run in parallel. 30-50 min on a 50k LOC codebase.
# Output: ranked kill chains, MITRE ATT&CK mapping, PoC pseudocode.

Static control-flow review only. PoC pseudocode for your team's verification — no live exploits. IaC coverage is structurally limited; pair with Prowler / Checkov / Pacu for deeper cloud reasoning.

What about everything else?

ArgosBrain ships a code verification engine — call graphs, reachability, ~59 MCP tools, 44 skills under the hood. We could sell every primitive as a service (and used to: 14 services, each its own pitch). We learned that's the wrong shape: agents drown in tool catalogs, buyers can't pick, the whole offering reads as broad-but-shallow.

So we ship two services that compose every primitive internally. The deeper toolkit is available to power users (argosbrain init --skill-pack full, ARGOSBRAIN_EXPOSE=full) — but you don't have to know any of that to use the two services above.

If your fire isn't covered by these two, tell us. Compliance audit prep, M&A code DD, refactoring blast-radius, smart-contract reachability — we have the primitives, we just don't sell them as separate cards. Email contact@argosbrain.com with the use case and we'll tell you which engine subset solves it, or surface it as a third card if demand justifies.

03Or pick by role