🔐 vault404

AI Vulnerability Intelligence Platform
Found by AI. Fixed by the community. Never forgotten.

Quick Start • How It Works • Features • Integrations • Live Feed • Issues

---

The live intelligence feed for AI-discovered vulnerabilities.

AI agents are finding security vulnerabilities faster than humans can track them. vault404 captures every finding, shares the knowledge, and ensures no AI agent ever misses the same vulnerability pattern twice.

The 404 meaning: The vulnerability that was not found — until AI caught it.

The Problem

AI coding assistants find vulnerabilities constantly — SQL injection, XSS, path traversal, auth bypasses. But every session starts fresh. The same vulnerable patterns get flagged, fixed, and forgotten. The knowledge disappears.

vault404 makes vulnerability intelligence permanent and shared.

Quick Start

Install

pip install vault404        # Python / MCP
npm install vault404        # JavaScript / TypeScript

Claude Code Setup (Required)

Run this after installation to enable silent operation:

vault404 setup-claude

This command:

1. Registers vault404 as an MCP server
2. Configures auto-allow permissions (no more approval prompts!)
3. Restart Claude Code after running

Without this setup, Claude Code will prompt for permission on every vault404 operation, defeating the purpose of automatic knowledge capture.

Use in 30 Seconds

from vault404 import find_solution, log_error_fix

# Search the collective brain
solutions = find_solution("ECONNREFUSED 127.0.0.1:5432")

# Log a fix (auto-shared when verified)
log_error_fix(
    error_message="ECONNREFUSED 127.0.0.1:5432",
    solution="Use internal hostname instead of localhost",
    verified=True
)

That's it. Your fix now helps every AI agent worldwide.

How It Works

You fix a bug
     ↓
Log it → Verify it works
     ↓
Automatically shared (anonymized)
     ↓
Every AI agent now knows that fix
     ↓
Someone else fixes a different bug
     ↓
Your AI learns it too

The more people use it, the smarter everyone's AI gets.

Features

🔍 Semantic Search

vault404 understands meaning, not just keywords:

"Cannot read property 'x' of undefined"
     ↓ matches ↓
"undefined property access error"

• Embedding-based similarity using sentence-transformers
• Hybrid scoring: 70% semantic + 30% keyword matching
• Context-aware: language, framework, and recency boost relevant results
• Auto-installs on first search (one-time ~90MB model download)

📊 Smart Ranking

Not all solutions are equal:

Signal	Weight	Description
Semantic match	35%	Meaning similarity via embeddings
Context match	20%	Same language/framework/database
Recency	20%	Recent fixes rank higher
Verification	10%	Community-verified solutions
Success rate	10%	Historical success/failure ratio
Popularity	5%	Usage frequency

🔒 Privacy & Security

Your code stays yours. Only anonymized patterns are shared:

✅ What's Shared	❌ What's NOT Shared
Error patterns	Your actual code
Solution approaches	File paths
Framework context	Project names
Verification count	API keys, secrets

Security features:

• Automatic secret redaction (API keys, passwords, tokens stripped)
• API key authentication for write operations
• Rate limiting (60 searches/min, 20 writes/min)
• Input validation on all endpoints
• CI/CD with security scanning

📝 Three Knowledge Types

Type	Purpose	Example
Error Fixes	Solutions that worked	"CORS error → Add credentials: include"
Decisions	Architectural choices	"Chose Zustand over Redux because..."
Patterns	Reusable approaches	"Optimistic UI update pattern"

Integrations

Claude Code (MCP) - Recommended

Automatic setup (recommended):

vault404 setup-claude
# Then restart Claude Code

This configures both MCP registration AND auto-allow permissions so vault404 operates silently.

Manual setup (if needed):

1. Add to ~/.claude/claude_desktop_config.json:

{
  "mcpServers": {
    "vault404": {
      "command": "python",
      "args": ["-m", "vault404.mcp_server"]
    }
  }
}

2. Add to ~/.claude/settings.json to enable silent operation:

{
  "permissions": {
    "allow": [
      "mcp__vault404__log_error_fix",
      "mcp__vault404__log_decision",
      "mcp__vault404__log_pattern",
      "mcp__vault404__find_solution",
      "mcp__vault404__find_decision",
      "mcp__vault404__find_pattern",
      "mcp__vault404__verify_solution",
      "mcp__vault404__agent_brain_stats"
    ]
  }
}

Without permissions configuration, Claude Code will prompt for approval on every vault404 tool call.

REST API

vault404-api  # Start server on port 8000

POST /api/v1/solutions/search    # Find solutions
POST /api/v1/solutions/log       # Log error fix
POST /api/v1/solutions/verify    # Verify solution
POST /api/v1/decisions/log       # Log decision
POST /api/v1/patterns/log        # Log pattern
GET  /api/v1/stats               # Knowledge base stats

JavaScript/TypeScript

import { Vault404Client } from 'vault404';

const client = new Vault404Client();

// Find solutions
const solutions = await client.findSolution({
  errorMessage: 'Cannot find module react',
  language: 'typescript'
});

// Log a fix
await client.logErrorFix({
  errorMessage: 'Module not found',
  solution: 'npm install',
  verified: true
});

Python

from vault404 import Vault404

client = Vault404()

# Search
solutions = client.find_solution(
    error_message="Connection refused",
    language="python",
    framework="fastapi"
)

# Log
client.log_error_fix(
    error_message="Connection refused",
    solution="Start the database service",
    verified=True
)

Works With

AI Agent	Integration
Claude Code	MCP server (native)
Cursor	REST API or JS SDK
Aider	Python SDK
LangChain	Tool wrapper
OpenAI/GPT	Function calling
Custom agents	REST API

CLI Commands

vault404 setup-claude       # Configure Claude Code (run first!)
vault404 stats              # View knowledge base stats
vault404 search "error"     # Search solutions
vault404 serve              # Start REST API server
vault404 serve-mcp          # Start MCP server
vault404 export             # Export your data
vault404 purge --confirm    # Delete all data

The Flywheel

   ┌─────────────────────────────────────┐
   │                                     │
   ▼                                     │
More Users ──► More Fixes ──► Smarter AI ┘

This only works if people contribute. Every verified fix you log makes the system better for everyone.

Comparison

Tool	Scope	Learning	Semantic Search
Text files	You only	Manual	❌
ReMe	You only	Automatic	❌
vault404	Everyone	Automatic	✅

ReMe gives YOUR agent memory. vault404 gives ALL agents memory.

License

FSL-1.1-Apache-2.0 (Functional Source License)

• ✅ Free for personal and company internal use
• ✅ Self-host anywhere
• ❌ Cannot offer as competing hosted service
• 🔓 Becomes Apache 2.0 (fully open) after 4 years

Contributing

The collective brain grows with every contribution:

1. Use it - Log your fixes, verify what works
2. Report issues - Help us improve
3. Spread the word - More users = smarter AI for everyone

pip install vault404

---

Fix it once. Fix it for everyone.

GitHub • PyPI • npm