-
Notifications
You must be signed in to change notification settings - Fork 0
AI Agent Integration
Caspian Security works with any AI coding agent — Claude Code, Cursor, Antigravity, Claude Desktop, Cline — in two ways. Both require zero setup inside the target repository: Caspian runs via npx, and it never writes files into a project it doesn't own. You paste a small piece of text wherever you choose.
There are two routes. Use either or both.
Drop one plain-language instruction into your agent's own config so that, while it works on a task, it notices the line and runs Caspian. Generate the exact block:
caspian snippet --agent claude --mode after-edits # → paste into CLAUDE.md
caspian snippet --agent cursor # → Cursor Project Rules / .cursorrules
caspian snippet --agent antigravity # → Antigravity rules / memory
caspian snippet --agent generic --mode pre-commit # → any system prompt--mode chooses the trigger:
| Mode | Trigger sentence | Command used |
|---|---|---|
request |
"When I ask you to run a security check…" | full scan |
after-edits (default)
|
"After you finish editing code…" | full scan |
pre-commit |
"Before committing changes…" | caspian scan . --changed-since origin/main |
The generated block instructs the agent to run the scan, fix every Error-severity finding, re-run to confirm it's clear, and summarize the rest. Example of what gets pasted:
## Security scanning — Caspian Security
Caspian Security is a standalone security scanner (295+ rules...). It needs no
configuration in this repository.
After you finish editing code in this project, run:
npx -y caspian-security caspian scan . --format json --fail-on error
Then read the JSON output and act on it:
- Fix every finding at "Error" severity, then re-run to confirm it is clear.
- Summarize any remaining Warning/Info findings for me.
- Do not consider the task done (or commit) while Error-severity findings remain.In VS Code, the command "Caspian Security: Copy AI Agent Instructions" copies the same block to your clipboard (pick agent + trigger from the menu).
Caspian ships a Model Context Protocol (MCP) server exposing four tools: scan, scan_git_history, list_rules, explain_rule. The config shape is identical across clients; only the file location differs. Print the block with the right path:
caspian mcp-config --client claude-code # or claude-desktop | cursor | antigravity | cline{
"mcpServers": {
"caspian-security": {
"command": "npx",
"args": ["-y", "caspian-security", "caspian", "mcp"]
}
}
}| Client | Where the config lives |
|---|---|
| Claude Code |
.mcp.json at the project root, or claude mcp add caspian-security -- npx -y caspian-security caspian mcp
|
| Claude Desktop |
%APPDATA%\Claude\claude_desktop_config.json (Windows) / ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) |
| Cursor |
~/.cursor/mcp.json (global) or .cursor/mcp.json (project) |
| Antigravity | Antigravity Settings → MCP / Plugins |
| Cline | Cline → MCP Servers → Configure |
Transport is stdio; no network port is opened; there is no telemetry and no persistent state. In VS Code, "Caspian Security: Copy MCP Server Config" copies the block for the client you pick.
Example prompt once wired up: "Use Caspian to scan this repo for security issues, focusing on Error-severity findings."
- Route 1 (snippet) is the simplest and most portable — it works with any agent that can run a terminal command, needs nothing installed, and lets you decide the interval/event.
- Route 2 (MCP) gives the assistant structured tools (rule lookup, history scan) it can call directly, which is nice for interactive chat.
See also: Terminal Usage, PR Scanning, SARIF Export.
Caspian Security
Run Anywhere
Features
Reference