ArgosBrain ships as orchestrator skills — guided, paced suites your AI agent invokes one step at a time, with explicit confirmations between each. Power users invoke atomic skills directly. Everyone else goes through the menu.
/argos-security
Vulnerability triage with structural reachability evidence.
Vuln scan across 22 sink categories, RBAC consistency, CORS misconfig, supply-chain reach, prompt-injection paths. Triaged by exploitability, not just signature.
/argos-onboarding
First-day orientation for an unfamiliar codebase.
Architectural spine, central reactive primitive, naming conventions, top entry points, every public endpoint, every config flag. Paced for a new hire to absorb without drowning.
/argos-architecture
Strategic codebase questions for senior engineers.
Where are the seams? What's the tech debt? Where would a microservice extraction land cleanly? Cycles, hubs, dependency hygiene, event-flow topology — all in one pass.
/argos-testing
The question line coverage can't answer.
Line coverage tells you which lines ran. ArgosBrain tells you which production paths reach a sink that no test ever reaches. Plus blast radius for regression scope and unhandled-throw audit.
/argos-migration
Sequenced migration plans for framework upgrades.
React 17 → 19. Python 2 → 3. Pages Router → App Router. The skill ranks deprecated call sites by blast radius so you fix leaves first, hubs last — and ship without surprise regressions.
/argos-ai-engineering
For engineers shipping LLM-backed apps and agent stacks.
Prompt-injection surface (the new SQL-injection). LLM cost hotspots (calls in loops). MCP tool-graph mapping. RAG source tracer. System-prompt leak finder.
When the user invokes a suite, the agent shows a menu of available checks and asks how to proceed. After each check completes, the agent pauses for confirmation before running the next. Reports never flood the terminal — every step is digestible, and you can stop after one if it's enough.
If you already know which question you're asking, every atomic skill is callable on its own. Each one auto-executes with no clarifying questions and writes its own focused report.
/argos-blast-radiusInbound caller fanout for any function, type, or symbol you're about to change.
/argos-config-explosionEvery env var, feature flag, and runtime knob — where each is read and what branches off it.
/argos-api-surface-mapperLive OpenAPI / Markdown of every public HTTP handler with input/output type shapes.
/argos-test-gap-analyzerFunctions reachable in production but reached by zero tests. Coverage gaps line tools miss.
/argos-security-reviewerComprehensive vulnerability scan across 22 sink categories with reachability proofs.
/argos-compliance-proofsHIPAA / GDPR / PCI / SOC 2 control-flow reachability evidence per regulation.
/argos-auth-bypass-finderState-changing endpoints reachable without passing through auth middleware.
/argos-supply-chain-tracerGiven a vulnerable dep, every direct + transitive usage that reaches production.
/argos-permission-uniformity-checkerInconsistent RBAC checks across endpoints touching the same resource.
/argos-cors-misconfig-finderWildcard origins, reflected-origin reflection, credentialed-CORS pitfalls.
/argos-csrf-token-tracerState-changing endpoints reachable without passing through a CSRF check.
/argos-pii-flow-mapperFull data-lineage map for personal data: source → transformations → sinks.
/argos-n-plus-one-detectorDB queries living inside loops, ranked by production reach and fan-out.
/argos-cache-invalidation-traceCache key dep graph: writes, reads, invalidations, missing busts.
/argos-database-schema-couplerColumn-to-code coupling map for safe renames, type changes, drops.
/argos-prompt-injection-surfaceEvery code path where untrusted user input lands in an LLM prompt.
/argos-llm-cost-hotspotsLLM API calls inside loops, redundant fetches, cache opportunities ranked by spend.
/argos-tool-graphAgent tool registry → call site → reachability map for any tool-using stack.
/argos-rag-source-tracerEvery chunk source feeding the retriever, plus orphan or unused embedded docs.
/argos-system-prompt-leaksSystem-prompt strings reachable from any user-rendered output path.
/argos-eval-coverageModel-capability gap: what ships in production but no eval script touches.
/argos-experiment-trackerTraining pipeline reproducibility: entry → data → checkpoint → tracker → seed.
/argos-paper-reproducibility-checkerFull audit for paper repos: seed flow, dataset pinning, checkpoint provenance, eval-vs-paper alignment. Score 0-100.
/argos-tech-debt-quantifierDead code, complexity hotspots, churn × coupling — debt ranked by reach.
/argos-service-boundary-finderCommunity detection on the call graph proposes natural service splits.
/argos-dependency-hygieneManifest vs reality: unused, partially-used, abandoned, license-risky deps.
/argos-circular-dep-finderEvery import + call cycle that blocks tree-shaking and clean extraction.
/argos-event-flow-mapperProducer → consumer topology for Kafka, SQS, RabbitMQ, Pub/Sub, NATS, Redis Streams.
/argos-error-handling-auditUnhandled throws and silent catches — both anti-patterns hide bugs in production.
/argos-framework-migratorSequenced leaves-first migration plan from a list of deprecated patterns.
/argos-pr-reviewerStructural PR review: naming drift, dead-symbol creation, API breaks, sink delta.
/argos-code-tourTwo-second structural briefing: spine, hubs, naming convention, entry points.
/argos-monolith-extractorBoundary map of a chosen module: every inbound + outbound edge, side-effect inventory.
/argos-m-and-a-auditM&A due-diligence pass on an acquired or target codebase.
/argos-file-librarianInterpret a non-code file (PDF, mockup, spec) and store the structured reading.
| Suite | Shipped today | Coming next |
|---|---|---|
| Security | 9 | — |
| Onboarding | 2 | 3 |
| Architecture | 8 | 2 |
| Testing | 4 | — |
| Migration | 4 | — |
| AI Engineering | 5 | 3 |
| ML / AI Research | 3 | — |
| Backend correctness | 3 | — |
All 6 orchestrators and 26 atomic skills ship today — 100% coverage of the perspectives audit. Some atomic tools serve more than one suite — for example, /argos-blast-radius shows up in Testing, Migration, and Architecture, and /argos-pii-flow-mapper serves Security + Compliance audits.
curl -fsSL https://argosbrain.com/install | sh cd ~/your-project argosbrain ingest . # In Claude Code / Cursor: invoke any of the 6 suites /argos-security /argos-onboarding /argos-architecture /argos-testing /argos-migration /argos-ai-engineering