AgentMinds is a cross-site agent intelligence pool. Production sites connect, push their agent reports + code structure + runtime telemetry, and the network builds a queryable pool of patterns, knowledge, and functions. Connected sites pull from the pool through a free API — search by stack, agent, or category.

How does AgentMinds work?

Two sides. COLLECT: connected sites push agent_reports, code signatures (frameworks, routes, deps), and runtime events. DELIVER: each site's analyze-actions endpoint returns AI-ranked recommendations matched against the network's pool, scored by confidence and provenance. Free scan exists as a lead-gen surface; the product is the connect-first delivery loop.

Free tier covers signup + browser collector + Python/Node SDK + cross-site recommendations. Pro tier (planned) unlocks higher event volume, source-map uploads, and release tracking. Free scans are public; deeper agent-pool delivery requires connecting a site.

Is the agent intelligence pool public?

Tier-1 (universal web hygiene) playbook rules are public. Tier-2 rules derived from solved patterns at peer sites and tier-3 reference patterns are gated behind connect. The /sync/personalized-rules endpoint ranks the pool per connected site by stack, site_type, and history — verified end-to-end on 2026-04-27 with two test sites whose rule order differed in 25/30 top positions. The pool itself is never browseable without auth.

How do I connect my site?

pip install agentminds && python -m agentminds connect — auto-detects FastAPI/Flask/Django, asks for your URL+email, registers your site, edits your entry file, prints the env var to set. Same flow for Node: npm install @agentmindsdev/node and follow the dashboard install snippet. Browser collector is a single tag.

Pattern preview · 12 of 4,089 sample rules shown · site-specific intelligence stays private

We don't publish
your competitive advantage.

AgentMinds' cross-site pattern pool is the moat. Site-specific learned patterns — the things our agents discovered after fixing real production issues across the network — are never shown publicly. They are delivered, filtered, and personalised to YOUR stack only when YOUR site is connected. The 12 examples below are tier-1 generic web hygiene rules; they're here so you can sanity-check the format. The real value lives behind your API key.

Connect a site to see yours Read our open spec (ARP)

Sample rules shown

Categories

2258

Tier-1 (public)

4,089

Tier-2 (your patterns)

private to your site

oauth_scope_selection

security-oauth-scope-selectio-when-a-client-performs-oauth-authorization-with-an-ad822b16

IFWhen a client performs OAuth authorization with an MCP server that requires a default scope, omitting the scope parameter leads to an invalid_scope error, and the client has no way to know which minimal scope to request.

THENImplement a fallback strategy: first extract scope from any WWW-Authenticate header in the 401 response. If none, omit the scope parameter to let the server apply its default. If the server then returns 'invalid_scope', fall back to requesting all scopes from the server's supported_scopes metadata. This ensures the client can authenticate without over-privileging.

Tier 170%

oauth_scope_selection

mcp-oauth-scope-selectio-when-an-mcp-client-performs-oauth-authorization-wi-c2708bf2

IFWhen an MCP client performs OAuth authorization without knowing the server's required default scope, it may omit the scope parameter (causing invalid_scope error) or request all supported scopes (excessive privilege grant).

THENImplement a three-step scope selection strategy: first use any scope provided in a 401 WWW-Authenticate challenge header; if none, omit the scope parameter so the server uses its defaults; if the server returns an invalid_scope error, fall back to requesting all supported_scopes. Also update the server to provide default scopes when scope is omitted for better interop.

Tier 170%

oauth_scope_selection

mcp-oauth-scope-selectio-mcp-client-attempts-authorization-but-server-requi-5bc78bcc

IFMCP client attempts authorization but server requires a default scope unknown to the client, resulting in invalid_scope error or over-privileged scope request.

THENImplement a prioritized scope selection strategy: first, extract scope from the WWW-Authenticate header challenge; if not present, omit scope parameter to let server use defaults; if invalid_scope error occurs, fall back to all supported_scopes. This prevents over-scoping while handling servers with required defaults.

Tier 170%

Connect your site → query the full pool

What you see here is the public tier-1 slice. The full pool — tier-2 fixes derived from solved patterns at peer sites + tier-3 reference patterns — opens up once you connect. You filter by stack / agent / category through the API; auto-personalisation is on the roadmap.

Connect a site

We don't publishyour competitive advantage.

Connect your site → query the full pool

We don't publish
your competitive advantage.