Skip to content

AI Agent Integration

CaspianTools edited this page Jul 1, 2026 · 1 revision

AI Agent Integration

Caspian Security works with any AI coding agent — Claude Code, Cursor, Antigravity, Claude Desktop, Cline — in two ways. Both require zero setup inside the target repository: Caspian runs via npx, and it never writes files into a project it doesn't own. You paste a small piece of text wherever you choose.

There are two routes. Use either or both.


Route 1 — one line in your agent's rules (works with any agent that can run a shell)

Drop one plain-language instruction into your agent's own config so that, while it works on a task, it notices the line and runs Caspian. Generate the exact block:

caspian snippet --agent claude   --mode after-edits   # → paste into CLAUDE.md
caspian snippet --agent cursor                         # → Cursor Project Rules / .cursorrules
caspian snippet --agent antigravity                    # → Antigravity rules / memory
caspian snippet --agent generic  --mode pre-commit     # → any system prompt

--mode chooses the trigger:

Mode Trigger sentence Command used
request "When I ask you to run a security check…" full scan
after-edits (default) "After you finish editing code…" full scan
pre-commit "Before committing changes…" caspian scan . --changed-since origin/main

The generated block instructs the agent to run the scan, fix every Error-severity finding, re-run to confirm it's clear, and summarize the rest. Example of what gets pasted:

## Security scanning — Caspian Security

Caspian Security is a standalone security scanner (295+ rules...). It needs no
configuration in this repository.

After you finish editing code in this project, run:

    npx -y caspian-security caspian scan . --format json --fail-on error

Then read the JSON output and act on it:
- Fix every finding at "Error" severity, then re-run to confirm it is clear.
- Summarize any remaining Warning/Info findings for me.
- Do not consider the task done (or commit) while Error-severity findings remain.

In VS Code, the command "Caspian Security: Copy AI Agent Instructions" copies the same block to your clipboard (pick agent + trigger from the menu).


Route 2 — MCP server (gives the assistant real tools)

Caspian ships a Model Context Protocol (MCP) server exposing four tools: scan, scan_git_history, list_rules, explain_rule. The config shape is identical across clients; only the file location differs. Print the block with the right path:

caspian mcp-config --client claude-code   # or claude-desktop | cursor | antigravity | cline
{
  "mcpServers": {
    "caspian-security": {
      "command": "npx",
      "args": ["-y", "caspian-security", "caspian", "mcp"]
    }
  }
}
Client Where the config lives
Claude Code .mcp.json at the project root, or claude mcp add caspian-security -- npx -y caspian-security caspian mcp
Claude Desktop %APPDATA%\Claude\claude_desktop_config.json (Windows) / ~/Library/Application Support/Claude/claude_desktop_config.json (macOS)
Cursor ~/.cursor/mcp.json (global) or .cursor/mcp.json (project)
Antigravity Antigravity Settings → MCP / Plugins
Cline Cline → MCP Servers → Configure

Transport is stdio; no network port is opened; there is no telemetry and no persistent state. In VS Code, "Caspian Security: Copy MCP Server Config" copies the block for the client you pick.

Example prompt once wired up: "Use Caspian to scan this repo for security issues, focusing on Error-severity findings."


Which route should I use?

  • Route 1 (snippet) is the simplest and most portable — it works with any agent that can run a terminal command, needs nothing installed, and lets you decide the interval/event.
  • Route 2 (MCP) gives the assistant structured tools (rule lookup, history scan) it can call directly, which is nice for interactive chat.

See also: Terminal Usage, PR Scanning, SARIF Export.

Clone this wiki locally