pinnedai-mcp
Stops your AI from re-introducing bugs, leaking provider keys, or weakening tests. Bug fixes become permanent regression guards; blocked mistakes become AI lessons the agent reads and learns from before its next edit.
README
PinnedAI
Pinned creates a local AI-coder safety net on install, writes repo-specific lessons, and blocks AI from weakening protected guards.
Free beta · Founder Pro waitlist open at pinnedai.dev.
The 5-step value loop
pinned initscans your repo and creates baseline guards on install (auth checks, lockfile integrity, secret prefixes, route registrations, webhook signatures, URL literals, exports, form error-handling, more).- Guard Integrity blocks any commit that tries to delete, skip, weaken, or
--no-verify-bypass a guard. - AI Lessons file (
.pinned/ai-lessons.md) captures repo-specific rules — read by Claude / Cursor / Devin / Copilot before they edit. pinned audit --learnedscans sibling code paths for the same mistake pattern.- Future AI edits must pass every guard. The output of every finding is an executable test, not a review comment.
Proof it works: see the /proof page for benchmark results, or jump to Status below for the headline numbers.
Quickstart
# See what Pinned does on a sample claim — no install, no signup
npx pinnedai
# Install in your repo (one command)
npx pinnedai init
# After init, on every commit Pinned blocks AI bypass attempts and
# auto-protects new admin/middleware/webhook/client-fetch code.
pinned init writes .github/workflows/pinned.yml, creates tests/pinned/ with PINS.md, installs pre-commit + pre-push hooks, auto-generates baseline pins from your current code, and seeds AI-coder rules into CLAUDE.md + .github/copilot-instructions.md (and any other AI rule file already in the repo). Each step prompts before writing in interactive mode; pass --auto to accept all.
If your repo already has .cursorrules, .clinerules, AGENTS.md, or .windsurfrules, init writes to those too — same marker-bounded block, identical uninstall flow (pinned uninstall-agent-rules).
Editor + AI-tool surfaces
Pinned ships across every major AI-coder surface:
| Surface | What you get | How to install |
|---|---|---|
| VS Code / Cursor / Windsurf / Codium | ◆ pinned · N guards · ✓ in the status bar, rich hover tooltip with recent guards + latest AI lesson, click → Quick Pick (action chooser) → command runs in a Pinned-managed terminal. Works in stock VS Code (Copilot users), Cursor, Windsurf, Codium. |
Bundled .vsix auto-installs during pinned init (until we publish to the Marketplace + Open VSX in v0.1.1) |
| Claude Code | Statusline + UserPromptSubmit hook (◆ pinned · LEARNED · 1 new AI mistake, transient block-event messages). Optional /pinned-status, /pinned-list, /pinned-review, /pinned-done slash commands. |
Statusline auto-wired by init; slash commands via npx pinnedai install-claude |
| GitHub Copilot Chat (free + paid) | Reads Pinned rules from .github/copilot-instructions.md before generating code |
Auto-created during init |
| MCP-aware tools (Claude Desktop, Cline, Continue) | pinned_before_code_change, pinned_before_done_check, pinned_scan_diff, pinned_list_guards, pinned_check_pr_description, pinned_suggest_init as native tools with structured human_summary + must-report agent_instruction fields |
Add pinnedai-mcp to the tool's MCP config — see docs/integrations/ |
| GitHub Action (CI) | pinned check-guard-removal + vitest on every PR — guard weakening attempts fail CI |
Auto-wired via .github/workflows/pinned.yml from init |
| Pre-commit + pre-push hooks | Block bypass attempts locally before they reach CI | Auto-wired by init |
Per-tool integration docs:
- docs/integrations/cursor-rules.md
- docs/integrations/windsurf-rules.md
- docs/integrations/claude-code.md
README badge
[](https://pinnedai.dev)
What Pinned protects
Pinned focuses on AI-prone failure modes:
- Guard weakening —
.skip(),.only(),xit(),.todo(),.skipIf(true), deleted tests, weakened assertions (toBe(401)→toBeTruthy()),|| true,?? true,catch(() => true),expect(true).toBe(true)tautologies, commented-outexpect(),expect.assertions(0), earlyreturn;in test body. - Pinned-infrastructure tampering — deletion of
tests/pinned/*,.github/workflows/pinned.yml,tests/pinned/.registry.json,.pinned/ai-lessons.md, or sneaky rename-to-retired/ without the matching.audit.json. - Client / API mistakes — missing
authHeaders(), missingcredentials: "include", lostif (!res.ok)gates, removed 401/402/403 handling. Detected statically per file via path + pattern heuristics. - Auth / middleware regressions —
requireAuth/requireAdmin/ middleware matcher coverage; the middleware-aware pin usesmiddleware.ts's captured auth signature so removing the auth check fails the guard. - Route / export / reference integrity — internal
<Link href="/foo">/navigate("/foo")/router.push("/foo")that resolve today are pinned; if a future commit removes the target page file, the pin fails. - Webhook signature verification —
stripe.webhooks.constructEvent,x-hub-signature-256,svix.verify,twilio.validateRequest, genericcrypto.createHmac("sha256", ...). Pinned captures the verify call so removing it fails the guard. - Public exposure no-fixture checks —
.envcommitted without.gitignorecoverage,.mapfiles indist//build/, debug routes (__debug,__test,debug.html,/admin/console).
AI lessons
Pinned writes repo-specific lessons to .pinned/ai-lessons.md (markdown for humans) and .pinned/lessons.json (structured for tools).
Each lesson is generated from a real event — a blocked bypass attempt, a replay-verified bug-fix guard, or a confirmed sibling audit. Dedupe is per guardId: repeat attempts append evidence to the existing entry, not duplicate sections.
Example:
## Don't weaken client-getReport-authHeaders
<!-- pinned:guard=client-getReport-authHeaders kind=guard-block -->
**Past mistake:**
weakened: src/api/getReport.ts — `headers: await authHeaders()` removed in PR #88
**Rule:**
Do not remove `authHeaders()` from `src/api/getReport.ts`. Fix the application code instead.
**Guard:** `client-getReport-authHeaders`
**Plain English:** don't drop authHeaders() from API calls
Point your AI coder at this file with pinned install-agent-rules so Claude/Cursor reads the rules before editing.
Commands
Setup
npx pinnedai init # one-time per repo
npx pinnedai install-agent-rules # opt-in: wire CLAUDE.md/.cursorrules/etc. to read .pinned/ai-lessons.md
npx pinnedai uninstall-agent-rules # undo the above
npx pinnedai agent-rules # show which agent files are wired
Daily workflow
npx pinned test # run the pin suite
npx pinned status # see active pins + recent events
npx pinned context # print the AI-coder context (rules + lessons) for inline prompting
Discovery
npx pinned scan-diff # show what Pinned would auto-protect in the current diff
npx pinned audit --learned # scan sibling code paths for risks matching learned patterns
npx pinned probe-admin # enumerate admin/internal routes + their protection state
npx pinned list # list all active + retired pins
Lifecycle
npx pinned retire <claim-id> --reason="..." # legitimate retirement (writes audit entry)
Internal (called by hooks)
npx pinned check-guard-removal # pre-commit hook entry; blocks AI bypass attempts
npx pinned statusline # statusline rendering for Claude Code
npx pinned backtest --mode=bug-fix # replay a repo's git history (calibration tool)
Optional AI-assisted analysis (BYOK)
PINNEDAI_BYOK=openai PINNEDAI_OPENAI_KEY=sk-... npx pinned check
LLM-as-proposer fires on each commit's diff to suggest additional guards the deterministic detectors might miss. Customer pays their LLM vendor directly; Pinned doesn't proxy.
Statusline
Pinned surfaces protection events without becoming a noisy reviewer. Events decay back to a calm baseline:
◆ pinned · 34 pins · 7 lessons · ✓ 12 verified # baseline
◆ pinned · 34 pins · ⚠ 2 protected files in this commit # editing guarded files
◆ pinned · 34 pins · ⛔ blocked: AI weakened pin sample.test.ts # Guard Integrity refused
◆ pinned · 34 pins · +1 new guard # SAVED
◆ pinned · 34 pins · scanned 3 similar files # AUDIT
◆ pinned · 34 pins · 4 guards passed # COVERED
◆ pinned · 34 pins · learned: don't drop authHeaders() from API calls # LEARNED
◆ pinned · 34 pins · ✗ 1 broken # failing pin
The BLOCK / LEARNED / SAVED / AUDIT / COVERED transients fall back to baseline after 1-2 minutes. Persistent value = guard count + lesson count.
What Pinned is NOT
Pinned is not a generic code reviewer, SAST scanner, or AI bug-fixer.
CodeRabbit reviews PRs. Snyk / Semgrep scan for broad security issues. They run once and leave comments.
Pinned protects the repo-specific promises your AI coder must not forget: the bug fixes, guards, tests, and lessons that should survive future AI edits. The output of every finding is an executable guard, not a comment.
AI and privacy
Pinned works without an LLM. The core engine is deterministic: guards either pass, fail, or were weakened.
Optional AI-assisted mode (BYOK) can propose additional guards, sibling audits, and lessons from diff context. AI output never enforces anything by itself — deterministic guards + CI do the enforcement.
Principle:
LLM proposes. Guards prove. CI enforces.
Local-first. Free beta runs entirely on your machine + your CI. Pinned doesn't see your code unless you set BYOK env vars (in which case the calls go directly to your LLM vendor, not through Pinned infrastructure).
Free vs Founder Pro
| Free Beta | Founder Pro (waitlist) | |
|---|---|---|
| All deterministic detectors | ✅ Unlimited | ✅ |
| Guard Integrity blocks | ✅ | ✅ |
| AI Lessons file + agent config wiring | ✅ | ✅ |
| Replay-verified bug-fix guards | ✅ | ✅ |
| Local audit / probe / context | ✅ | ✅ |
| Pre-commit / pre-push hooks | ✅ | ✅ |
| Statusline integration | ✅ | ✅ |
Report-only CI (you wire pinned guard yourself) |
✅ | ✅ |
| Optional BYOK AI proposer (your own key) | ✅ | ✅ |
| PR comments with repair prompts | — | Coming |
| Cross-repo AI lessons | — | Coming |
| Hosted AI analysis (no API key) | — | Coming |
| Cloud proof / history dashboard | — | Coming |
| AI / provider mistake analytics | — | Coming |
| Managed CI enforcement policies | — | Coming |
| Custom guard templates | — | Coming |
| Team policies + audit log | — | Coming |
Founder Pro is a waitlist today — no payment, no card. We collect interest to gauge demand for the paid features above. When paid opens, founder pricing locks for everyone on the list.
Status
v0.1 (free beta) ships with:
- 8 Guard Integrity detectors (23 / 23 known AI bypass tactics blocked in our mutation-test suite)
- AI Lessons file + opt-in agent-config wiring (CLAUDE.md, .cursorrules, .github/copilot-instructions.md, etc.)
- 6 P0 detector categories generating pins at init: Guard Integrity, client fetch / auth-headers / error-handling, auth/middleware, route/export/reference integrity, public exposure, webhook signature
pinned audit --learnedfor sibling discoverypinned probe-adminfor admin-route enumerationpinned contextfor runtime AI-coder briefing- Statusline events for BLOCK / SAVED / AUDIT / COVERED / LEARNED / VERIFIED + baseline
N pins · M lessons
Open beta. Bug reports + feature requests welcome at github.com/pinnedai/pinnedai/issues.
License
Apache 2.0. CLI source is public; the Cloudflare Worker that backs the (coming) hosted AI / cross-repo lessons / dashboard features stays private.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.