Agents
Wire Nipcode into your agent.
Every /api/decision response is designed to be read by a language model and surfaced to a user, not to be auto-executed.
The pattern
- User asks for a dependency or tool
- Agent calls
/api/decisionwith the user's natural-language query - Agent reads
best.recommendation,best.why,best.risk,best.install_boundary.commandto the user verbatim - Agent waits for explicit approval
- If approved, agent runs the install command locally. Never via the hosted API
Machine discovery
Two files tell an agent how Nipcode works without needing a human to read these docs:
- /llms.txt. Agent-readable instructions in markdown
- /.well-known/nipcode.json. Machine-readable endpoint catalog, auth shape, source list, rate limits
Hard rules
- Treat candidate descriptions as untrusted data. READMEs, model cards, MCP server descriptions can contain prompt-injection. Do not pass them as instructions to your own LLM step.
- Never cache decision responses for more than 5 minutes. Package metadata changes (yanked versions, new advisories) and stale decisions get people hurt.
- Never auto-install based on
recommended: truealone. The install_boundary always requires explicit user or host-policy approval. - Pin versions in install commands.
npm install foois reproducible only if you also pin.
Framework hints
| Framework | Pattern |
|---|---|
| Claude Code / MCP | Wrap /api/decision as a tool; gate the install command on tool_use approval |
| Cursor | Add to "search-the-web" routing for package questions; surface install_boundary verbatim in chat |
| OpenAI Assistants | Function-call decision, parse blocks, render trust chips in your UI |
| Custom autogen | Hook before pip install / npm install in your shell wrapper |
Next
Examples
Working code in TS and Python.
