PatchMind — AI Security Memory Agent

"Glasswing for the Fortune 500. PatchMind for everyone else."

PatchMind is a conversational AI security memory agent for small development teams. It uses Hindsight as its memory layer to remember every vulnerability, every patch, and every security pattern across a team's history — getting smarter over time.

Built for the Hindsight Hackathon, April 2026 · Inspired by Anthropic's Claude Mythos Preview and Project Glasswing.

---

Tech Stack

Layer	Technology
Frontend	React + Tailwind CSS (Vite)
Backend	Node.js + Express
Memory	Hindsight Cloud API (retain / recall / reflect)
LLM	Groq — qwen-qwen3-32b

---

Setup Instructions

1. Prerequisites

• Node.js 18+
• A Hindsight account with a memory bank created
• A Groq API key

2. Configure Environment Variables

Copy the template and fill in your keys:

cp .env.example .env   # or edit .env directly

The .env file needs:

HINDSIGHT_API_URL=https://api.hindsight.vectorize.io
HINDSIGHT_API_KEY=your_hindsight_key_here
HINDSIGHT_BANK_ID=your_memory_bank_id_here
GROQ_API_KEY=your_groq_key_here
PORT=3001

Hindsight tip: Sign up at https://ui.hindsight.vectorize.io, create a memory bank called patchmind-team-alpha, and copy the bank ID.

3. Install Dependencies

# Backend
cd backend && npm install

# Frontend
cd ../frontend && npm install

4. Seed the Memory Bank

Load 20 synthetic vulnerabilities into Hindsight for the demo:

node backend/seed.js

Wait for all 20/20 to complete. You should see ✅ for each one.

5. Run the App

Terminal 1 — Backend:

cd backend && npm run dev
# Runs on http://localhost:3001

Terminal 2 — Frontend:

cd frontend && npm run dev
# Runs on http://localhost:3000

Open http://localhost:3000 in your browser.

---

Demo Flows

Flow 1: Vulnerability Logging

Type: I found an SQL injection in /api/users.js — unsanitized input in the search param

Expected: Agent recalls similar past incidents, flags as SYSTEMIC RISK, confirms memory stored.

Flow 2: Blame Trail

Type: Why does SQL injection keep appearing in our codebase?

Expected: Agent lists all 3 SQL injection incidents by date, identifies root cause pattern.

Flow 3: CVE Radar

Type: New CVE published: CVE-2024-1234 — SQL injection via unsanitized input in Node.js ORM

Expected: Agent matches to team's history, names specific past incidents, gives risk assessment.

Flow 4: Onboarding Brief

Type: I just joined this team as a backend developer. Give me a security briefing.

Expected: Structured briefing with top risk modules, recurring patterns, open vulnerabilities.

Flow 5: Memory Toggle

Toggle OFF → ask Have we had SQL injection before? → generic response. Toggle ON → ask same question → full memory-powered response with specific incidents.

---

API Routes

Method	Route	Description
GET	/api/health	Health check
POST	/api/chat	Main chat — recall + LLM + optional retain
GET	/api/memories	Recent memories for Memory Panel
POST	/api/cve-radar	CVE text → memory match analysis
POST	/api/seed	Trigger seeding via API

---

Project Structure

patchmind/
├── .env                    ← API keys (never commit)
├── backend/
│   ├── server.js           ← Express server + 5 routes
│   ├── hindsight.js        ← retain / recall / reflect wrapper
│   ├── groq.js             ← Groq LLM wrapper
│   ├── prompts.js          ← System prompt builder
│   ├── intentClassifier.js ← Keyword intent detection
│   └── seed.js             ← 20 synthetic vulnerabilities
└── frontend/
    └── src/
        ├── App.jsx          ← Three-column layout + state
        └── components/      ← All UI components

---

PatchMind — Built for the Hindsight Hackathon, April 2026