frontier-scout 1.8.0

A local AI adoption radar for tools, MCP servers, agent frameworks, and model drops.

     

About  ·  Quickstart  ·  Bring your own LLM  ·  Demo  ·  Cost  ·  Roadmap

[!TIP] 377 releases scanned → 5 worth your time. Newsletters tell you what's popular and trending tells you what's loud — neither knows your stack, and neither says whether a tool is safe to run. Frontier Scout reads your repo locally, ranks every release against it, and refuses to say "ship it" without evidence.

---

About

Frontier Scout is a local-first AI-adoption radar. One pipeline, three jobs — find what's new → figure out what's relevant to your code → refuse to say "ship it" without evidence. It runs as a dense, keyboard- and mouse-driven terminal app (Mission Control) or fully headless in CI, and works with whatever LLM you already pay for — or none at all.

_{Mission Control — the Adoption Matrix (fit × risk) cross-linked to the verdict list, with segmented gauges and a guard-gated detail panel.}

How it works

	Stage	What it does
01	WATCH	Scouts GitHub Releases, the MCP registry, Hugging Face, and PyPI / npm — the frontier as it lands.
02	MATCH	A local tree-sitter pass maps releases to your repo's stack (Python, JS/TS, Go, Rust, Ruby) — without ever reading your source.
03	DECIDE	A source-backed ADOPT / TRIAL / ASSESS / HOLD verdict, plus the smallest safe trial to run next.

Every finding lands on the Adoption Matrix (fit × risk) and as a verdict card — a source-backed call, a fit / risk / readiness read, a permission map, and the safest next step. The detail panel surfaces explicit concerns (burns tokens · abandoned · vendor lock-in · security surface · marketing-only · unproven), so you always see why we'd push back. And guard blocks adoption until a sandbox trial receipt exists.

Three promises

Awareness is table stakes. Evidence is the product.

Try before trust	Every adoption candidate earns a sandbox dry-run receipt, a permission map, and a guard check before it touches your real repo.
Fix vulns you didn't know existed	Dependency intelligence cross-references your manifests against curated security, hardening, and breaking-change feeds — then emits a trial recipe, not a silent lockfile rewrite.
Bound risky changes	Incident Change Scout turns a ticket into cited context, a bounded remediation plan, and a human approval interrupt before any write.

Quickstart

Prerequisite — Python 3.11+

# install (pipx recommended) — or run with no install at all
pipx install frontier-scout
uvx frontier-scout demo          # try it without installing

# configure your LLM backend once (auto-detects what you have)
frontier-scout setup

# open Mission Control inside any repo
cd ~/code/my-app && frontier-scout

Mission Control lands on the Scout tab — the radar that ranks the latest AI releases that fit your repo. From a highlighted verdict, every capability is one keystroke:

 L  hermetic lab  ·   e  firewall eval  ·   i  implement & test  ·   D  dossier  ·   o  open source  ·   P  palette

Tabs: Scout · Schedule · Receipts · Guard · Packs · Deps · Reports · Settings. Everything reflows down to an 80×24 VS Code panel, with unicode/ASCII and colour/mono fallbacks. Prefer a calmer, one-finding-at-a-time flow? frontier-scout --ui briefing.

 Develop locally

git clone https://github.com/ajaysurya1221/frontier-scout
cd frontier-scout
python3 -m venv .venv && source .venv/bin/activate
pip install -e ".[dev]"
frontier-scout --help

Bring your own LLM

Frontier Scout needs exactly one backend and works with whichever you already have. The setup wizard detects what's present and picks the first available:

You have…	Set	Cost / scan
An Anthropic API key	ANTHROPIC_API_KEY	~$0.34
An OpenAI API key	OPENAI_API_KEY	~$0.05
Claude Code installed	nothing — auto-detected	$0
Codex CLI installed	nothing — auto-detected	$0
Any OpenAI-compatible gateway	OPENAI_BASE_URL	your endpoint

Already paying for a Claude Code or Codex subscription? Scouting runs at zero marginal cost — it shells out to the CLI you already pay for. New in v1.7.0: an openai-compatible provider for LiteLLM, vLLM, Ollama & self-hosted gateways. Force a backend with --provider anthropic | openai | claude-cli | codex-cli.

[!NOTE] No backend at all? frontier-scout demo runs the whole pipeline offline against bundled fixtures — no key, no network, no Slack, no cloud.

60-second demo

$ frontier-scout demo

╭── ◉ FRONTIER · SCOUT — demo ready ──────────────────────────────╮
│                                                                  │
│   Serving at  http://localhost:54321   ·   Ctrl+C to stop        │
│                                                                  │
│   ✓  briefing.html    adoption receipts                          │
│   ✓  verdicts.json    raw verdict data                           │
│   ✓  judge-trace.md   quality trace                              │
│                                                                  │
│   Next ▸  frontier-scout setup           Mission Control TUI     │
│          frontier-scout scan --dry-run   verdicts for this repo  │
│                                                                  │
╰──────────────────────────────────────────────────────────────────╯

Writes briefing.html, briefing.md, verdicts.json, cost-breakdown.md, and judge-trace.md under demo/. Use --no-serve for CI / offline.

The killer workflow

Someone drops a repo, MCP server, model, or agent framework in a newsletter or team chat. Turn that link into a local adoption decision instead of a vibes-based "looks safe":

frontier-scout init --repo .            # local stack profile (+ tree-sitter import evidence)
frontier-scout evaluate <tool-url>      # source-backed evidence + permission map
frontier-scout trial <tool> --dry-run   # adoption receipt, installs nothing
frontier-scout guard --repo .           # CI gate: risky tools need a stored receipt
frontier-scout report                   # static HTML executive radar

Inspect living packs and repo-relevant dependency upgrades:

frontier-scout packs list               # candidate → watched → core → retired
frontier-scout deps scan --repo .       # repo-relevant security & breaking upgrades
frontier-scout dossier <tool>           # local adoption dossier with explicit unknowns

Safety model

Frontier Scout handles untrusted public content and can optionally run untrusted packages in the lab — so the rails are load-bearing:

Rail	What it guarantees
Source text is data, not instructions	Incident & breach headlines can never become tool recommendations.
No hallucinated tools	Tool names are checked against the source pool; source URLs must pass a domain allowlist.
ADOPT must earn it	Not enough readiness evidence → demoted. The Adoption Firewall fails closed on unknown capability surfaces.
The lab is hermetic	Stripped environment, wall-clock timeout, size caps, and generated-script secret scanning.
The scanner is offline	Deterministic local tree-sitter AST parse — never sends source content to an LLM, never hits the network.
guard never writes	It only reads local evidence and policy; CI-friendly exit codes.

See SECURITY.md for the full threat model.

Cost

frontier-scout demo is free — it never calls the network. The figures below model a live weekly scan (a recent run scanned 377 items, considered 350, and shipped 5 verdicts for ~$0.31): a fast score pass, a fast verdict pass, and an optional Opus-class judge pass.

Provider (fast / deep)	Score + verdict	+ judge	Weekly scan
Anthropic  Sonnet / Opus	~$0.22	+$0.12	~$0.34
OpenAI  4o-mini / 4o	~$0.01	+$0.04	~$0.05
Claude CLI  subscription	$0	$0	$0
Codex CLI  subscription	$0	$0	$0

Set JUDGE_ENABLED=false to skip the judge for the cheapest run on any provider. Every call is written to a local ~/.frontier-scout/costs.jsonl ledger — and the Receipts tab shows exactly what you spent.

Roadmap

• v0.2 — Living Scout Packs, dependency intelligence, Adoption Firewall, Incident Change Scout
• v0.4.0 — Monorepo profile walker + tree-sitter import-evidence scanner (Python & JS/TS)
• v1.0.0 — Mission Control: every CLI capability gets a TUI surface, scout-first landing
• v1.1.0 — Global setup wizard, cron automation, notifications, Go / Rust / Ruby coverage
• v1.4.0 — Universal LLM provider, RLAIF fit-grounding loop, honest per-provider costs
• v1.5.0 — Mission Control complete: 8-tab keyboard command center + command palette
• v1.6.0 — Mission Control v2: full mouse ↔ keyboard parity, permission map, repo switcher
• v1.7.0 — Single provider-selection ladder, two-tier scout/judge split, openai-compatible provider for gateway / self-hosted interop
• Mission Control v5 (in progress) — the Adoption Matrix (fit × risk dot-plot), segmented gauges everywhere, and the local architecture profile surfaced in Settings
• Next — streaming subprocess output in Trials, multi-repo workspace, launchd / Windows Task Scheduler

See ROADMAP.md for the longer view.

---

Contributing

The fastest useful PRs improve the CLI/report path, validator coverage, source quality, or lab isolation. Read CONTRIBUTING.md, browse good first issues, and respect the Code of Conduct.

make setup && make demo && make test && make eval && make audit

CI runs compile checks, non-live tests, and a tracked-file secret scan.

License

Distributed under the MIT License.

Built with — Textual (TUI) · tree-sitter-language-pack (grammars) · Pydantic (typed models) · SQLite (local store). Structure inspired by othneildrew/Best-README-Template; deterministic import evidence pushed forward by Lum1104/Understand-Anything.

_{Frontier Scout · local-first · no telemetry · bring your own LLM}