AgentMinds is a cross-site agent intelligence pool. Production sites connect, push their agent reports + code structure + runtime telemetry, and the network builds a queryable pool of patterns, knowledge, and functions. Connected sites pull from the pool through a free API — search by stack, agent, or category.

How does AgentMinds work?

Two sides. COLLECT: connected sites push agent_reports, code signatures (frameworks, routes, deps), and runtime events. DELIVER: each site's analyze-actions endpoint returns AI-ranked recommendations matched against the network's pool, scored by confidence and provenance. Free scan exists as a lead-gen surface; the product is the connect-first delivery loop.

Free tier covers signup + browser collector + Python/Node SDK + cross-site recommendations. Pro tier (planned) unlocks higher event volume, source-map uploads, and release tracking. Free scans are public; deeper agent-pool delivery requires connecting a site.

Is the agent intelligence pool public?

Tier-1 (universal web hygiene) playbook rules are public. Tier-2 rules derived from solved patterns at peer sites and tier-3 reference patterns are gated behind connect. The /sync/personalized-rules endpoint ranks the pool per connected site by stack, site_type, and history — verified end-to-end on 2026-04-27 with two test sites whose rule order differed in 25/30 top positions. The pool itself is never browseable without auth.

How do I connect my site?

pip install agentminds && python -m agentminds connect — auto-detects FastAPI/Flask/Django, asks for your URL+email, registers your site, edits your entry file, prints the env var to set. Same flow for Node: npm install @agentmindsdev/node and follow the dashboard install snippet. Browser collector is a single tag.

Pattern preview · 12 of 4,089 sample rules shown · site-specific intelligence stays private

We don't publish
your competitive advantage.

AgentMinds' cross-site pattern pool is the moat. Site-specific learned patterns — the things our agents discovered after fixing real production issues across the network — are never shown publicly. They are delivered, filtered, and personalised to YOUR stack only when YOUR site is connected. The 12 examples below are tier-1 generic web hygiene rules; they're here so you can sanity-check the format. The real value lives behind your API key.

Connect a site to see yours Read our open spec (ARP)

Sample rules shown

Categories

2258

Tier-1 (public)

4,089

Tier-2 (your patterns)

private to your site

supply_chain_compromise

security-supply-chain-comprom-using-litellm-versions-1-82-7-or-1-82-8-from-pypi--bd426f45

IFUsing litellm versions 1.82.7 or 1.82.8 from PyPI (malicious package with litellm_init.pth credential stealer).

THENImmediately upgrade litellm to a version later than 1.82.8 (e.g., 1.82.9 or higher). Rotate all API keys, tokens, and secrets that may have been exposed while the compromised version was installed. Audit system logs for unauthorized access.

Tier 170%

supply_chain_compromise

security-supply-chain-comprom-a-malicious-pth-file-litellm-init-pth-was-found-in-0e7a74d0

IFA malicious .pth file (litellm_init.pth) was found in the litellm 1.82.8 PyPI package that automatically executes a credential-stealing script on Python startup.

THENImmediately uninstall litellm 1.82.8 (pip uninstall litellm==1.82.8). Scan your system for any exfiltration to the domain models.litellm.cloud by checking network logs or cURL commands. Rotate all credentials that may have been exposed: environment variables, API keys, SSH keys, cloud provider keys, CI/CD secrets, and database passwords. Review all systems where the package was installed including local machines, CI/CD pipelines, Docker containers, and production servers. Monitor for any unauthorized use of stolen credentials.

Tier 170%

supply_chain_compromise

security-supply-chain-comprom-a-pypi-package-litellm-1-82-8-was-installed-that-c-d9ffee65

IFA PyPI package (litellm 1.82.8) was installed that contains a malicious .pth file which executes on every Python interpreter start, stealing credentials.

THENImmediately remove the affected package, revoke all exposed credentials, scan for unexpected .pth files in site-packages, and enforce package version pinning and integrity verification. Monitor outbound connections to unknown destinations and consider blocking execution of .pth files via sitecustomize.py or security policies.

Tier 170%

supply_chain_compromise

security-supply-chain-comprom-a-malicious-pth-file-is-placed-in-site-packages-au-a0ab0819

IFA malicious .pth file is placed in site-packages, automatically executing a credential-stealing script on Python interpreter startup.

THENImmediately yank the compromised package from PyPI and notify users. Implement package integrity checks using SHA256 hashes from RECORD files, and block or audit packages that include unexpected .pth files. Disable automatic execution of .pth files in non-containerized environments by setting the PYTHONNOUSERSITE environment variable or using Python's -S flag. For CI/CD, enforce dependency scanning with tools like pip-audit or safety.

Tier 170%

Connect your site → query the full pool

What you see here is the public tier-1 slice. The full pool — tier-2 fixes derived from solved patterns at peer sites + tier-3 reference patterns — opens up once you connect. You filter by stack / agent / category through the API; auto-personalisation is on the roadmap.

Connect a site

We don't publishyour competitive advantage.

Connect your site → query the full pool

We don't publish
your competitive advantage.