api

CLI

The brin CLI — a thin Rust client over the brin API. No SDK, no auth, no signup.

A thin Rust client over the brin API. No SDK, no auth, no signup. A single command returns a score, verdict, and threat data.

##Install

###via npm

Bash

npm install -g brin

###via shell script

Bash

curl -fsSL https://brin.sh/install.sh | sh

##Usage

Bash

brin check <origin>/<identifier>

Before your agent acts on any external context, make a single call. brin returns a score, verdict, and any detected threats.

###Packages

Bash

brin check npm/express
brin check npm/lodash@4.17.21
brin check pypi/requests
brin check crate/serde

JSON

{
  "origin": "npm",
  "name": "express",
  "score": 81,
  "confidence": "medium",
  "verdict": "safe",
  "tolerance": "conservative",
  "scanned_at": "2026-02-25T09:00:00Z",
  "url": "https://api.brin.sh/npm/express"
}

###Repositories

Bash

brin check repo/expressjs/express

###Pull requests

Bash

brin check pr/vercel/next.js/62104

###MCP servers

Bash

brin check mcp/modelcontextprotocol/servers

###Agent skills

Bash

brin check skill/owner/repo

###Domains and pages

Bash

brin check domain/example.com
brin check page/example.com/login

###Commits

Bash

brin check commit/owner/repo@abc123def

##Flags

Flag	Description
`--details`	Include sub-scores (identity, behavior, content, graph)
`--webhook <url>`	Receive tier-completion events as the deep scan progresses
`--headers`	Print only the `X-Brin-*` response headers instead of the JSON body
`--tolerance <level>`	`conservative` (default), `lenient`, or `yolo` — controls how the score maps to a verdict
`--refresh`	Force a fresh scan, ignoring any cached result
`--mode <mode>`	`full` to run the complete scan pipeline synchronously and return the final result in a single request
`--format <format>`	`json` (default), `simple`, or `badge`

###--details

Bash

brin check npm/express --details

JSON

{
  "origin": "npm",
  "name": "express",
  "score": 81,
  "verdict": "safe",
  "sub_scores": {
    "identity": 95.0,
    "behavior": 40.0,
    "content": 100.0,
    "graph": 30.0
  }
}

###--webhook

brin runs a 3-tier analysis — the LLM tier takes 20–30s. Pass a webhook URL to receive results as each tier completes rather than waiting:

Bash

brin check npm/express --webhook https://your-server.com/brin-callback

Events posted to your endpoint:

Event	Description
`tier1_complete`	Identity + registry metadata done
`tier2_complete`	Static analysis done
`tier3_complete`	LLM threat analysis done
`scan_complete`	Final score with graph analysis

###--headers

For fast, scriptable checks without JSON parsing:

Bash

brin check npm/express --headers

Text

X-Brin-Score: 81
X-Brin-Verdict: safe
X-Brin-Confidence: medium
X-Brin-Tolerance: conservative

###--tolerance

Override the default verdict mapping. See Safety tolerance for the full score-to-verdict table.

Bash

brin check npm/express --tolerance lenient

JSON

{
  "origin": "npm",
  "name": "express",
  "score": 81,
  "verdict": "safe",
  "tolerance": "lenient",
  "scanned_at": "2026-02-25T09:00:00Z",
  "url": "https://api.brin.sh/npm/express"
}

###--refresh

Force a fresh scan, bypassing any cached result. Useful when a package has just published a new version:

Bash

brin check npm/express --refresh

Run the complete scan pipeline synchronously. Without this flag, brin returns a preliminary score immediately and runs the full scan in the background. With --mode full, the request blocks until every tier finishes:

Bash

brin check npm/some-new-package --mode full

###--format

Control the output format. Defaults to json.

Bash

# Compact single-line output
brin check npm/express --format simple

Text

npm/express safe 81

Bash

# Markdown badge (useful in CI comments)
brin check npm/express --format badge

Text

![brin](https://api.brin.sh/npm/express?format=badge)

Flags can be combined:

Bash

brin check npm/express --details --tolerance lenient --format json
brin check npm/express --refresh --mode full --webhook https://your-server.com/cb

##What we score

Seven types of external context that agents consume autonomously — each with a distinct threat model and scoring methodology.

Origin	Example	Threats detected
`npm` / `pypi` / `crate`	`npm/express`	Install-time attacks, credential harvesting, typosquatting
`domain` / `page`	`domain/example.com`	Prompt injection, phishing, cloaking, exfiltration via hidden content
`repo`	`repo/owner/repo`	Agent config injection, malicious commits, compromised dependencies
`pr`	`pr/owner/repo/123`	Author risk, prompt injection, secret exposure, CI sabotage, suspicious diff behavior
`skill`	`skill/owner/repo`	Description injection, output poisoning, instruction override
`mcp`	`mcp/owner/server`	Tool shadowing, schema abuse, silent capability escalation
`commit`	`commit/owner/repo@sha`	PR injection, security sabotage, backdoor introduction

##How it works

Before your agent acts on any external context, brin returns a score, verdict, and any detected threats. Pre-scanned results return in under 10ms — fast enough to sit in the critical path of every agent action, no queues, no cold starts.

Text

brin check npm/express
      |
      v
GET https://api.brin.sh/npm/express
      |
      v
  score · verdict · threats

If brin is unreachable, the agent continues as normal — zero risk to your existing workflow.

##Environment variables

Variable	Default	Description
`BRIN_API_URL`	`https://api.brin.sh`	Override the API endpoint

##Local development

Bash

git clone https://github.com/superagent-ai/brin
cd brin
cargo build
cargo test

CLI

##Install

###via npm

###via shell script

##Usage

###Packages

###Repositories

###Pull requests

###MCP servers

###Agent skills

###Domains and pages

###Commits

##Flags

###--details

###--webhook

###--headers

###--tolerance

###--refresh

###--mode

###--format

##What we score

##How it works

##Environment variables

##Local development