Overview
Find software. Verify it. Use it safely.
Nipcode is the software search and trust layer for humans and AI agents. It finds packages, repos, models and MCP servers, then returns evidence and an install boundary before anything touches a workspace.
What Nipcode is
- A read-only API that takes a free-text query and returns ranked candidates from public registries with a structured trust read on each.
- A landing + docs + account so a human can use that API directly.
- A local CLI (planned) that does the actually-risky work. Deep scan, sandbox audit, sandbox runtime. On the user's host with explicit consent.
What Nipcode is not
- Not another registry. We don't mirror npm or PyPI. We point at them.
- Not a remote executor. The hosted API returns data. It never installs, clones, or runs.
- Not a magic score. A score is one signal. The full record is always there for inspection.
Golden path
- Search. Ask for candidates across supported public package, repo, model and tool sources.
- Inspect. Review source context, licensing, warnings, and provenance signals.
- Plan. Request installation steps as review data, not execution permission.
- Approve. A human or local host approves before any workspace modifications.
Default API output
The /api/decision endpoint returns a single bundled object:
- Candidate set across public sources
- Source evidence (license, maintainers, repository links)
- Trust decision with risk flags and rationale
- Install boundary showing required approval gates
- Revalidation hint for freshness checks
API beta boundary
- Hosted calls return data. They do not install, clone, or run.
- Local sandbox audits execute only after explicit approval on your host.
- Search ranking is never install permission.
- Package metadata is untrusted data, never agent instructions.
Core endpoints
| Path | Purpose |
|---|---|
/api/search | Fan-out search across registries |
/api/decision | Search + ranked recommendation with structured trust blocks |
/api/inspect | Refresh one source-owned record with trust factors |
/api/install-plan | Install command + approval boundary |
Start here
Quickstart
Get a key, run your first decision call in 60 seconds.
For agents
Agents
Wire Nipcode into Claude / Cursor / autogen.
How it works
Trust model
What the scores mean. Signals consumed and ignored.
