Launching brin.sh - safe packages for coding agents

Launching brin.sh - the agent-native package gateway. It blocks bad packages before install and generates safe usage docs for your coding agent.

Agents are writing our software now

Spotify's top engineers reportedly haven't written code by hand since December. Cursor, Claude Code, Codex, Gemini CLI - agents are writing production software everywhere. Some companies are already majority agent-written.

This shift happened fast, and our infrastructure hasn't caught up. The tools agents depend on every day, npm, PyPI, package managers in general, were designed for humans. They assume someone is in the loop to notice a typo in a package name or a suspicious publisher. Agents don't have those instincts. They pattern-match and run install.

Package managers need to change

An agent doesn't read a package's source. It doesn't notice that lodassh was published two days ago by a brand-new account. It reduces the distance between "find package" and "run untrusted code" to zero.

Typosquatting, malicious install scripts, prompt injection in error messages, dependency chain-loading. We had these problems before agents. Agents make each of them worse.

We need agent-native tools. Tools that understand what agents are, how they work, and where they fail. Package installation is the first place that needs this.

What brin does

brin sits between your agent and the registry. Every package gets checked against a security database built by red-teaming agents that scan for agentic threats, on top of known CVEs. Clean packages install normally. Flagged packages are blocked.

brin also generates compressed package documentation and writes it into AGENTS.md. According to evals, agents with these docs hit a 100% pass rate on tasks where agents without them scored 53%. Correct usage means safer usage. Safe install plus correct usage, in one step.

Get started at brin.sh/docs/get-started/quickstart.

Source at github.com/superagent-ai/brin.