Niro
БесплатноНе проверенAI pentester for PRs — finds exploitable bugs and hands your developer agent the fix.
Описание
AI pentester for PRs — finds exploitable bugs and hands your developer agent the fix.
README
Niro Community Edition
Finds the security bug. Ships the fix.
Niro works like an autonomous, two-person team living in your repo — two roles with one goal: real security bugs, found and closed with proof.
Niro sets the stage first — it stands up your app (or points at a target you provide), seeds test state, and creates the users and data an attacker needs, so you skip most of the environment setup. Then the two-person team goes to work:
- The attacker agent hits your running app like a real adversary — finds exploitable bugs and proves each with a working exploit. Never changes your code.
- The developer agent patches the bugs it can safely fix and records validation evidence — normally a regression test in the project's suite — so every PR arrives with evidence, not just a claim. Never merges — you do.
Most security tools hand you a backlog of maybes and walk away. Niro doesn't stop at proven findings — in fix mode it turns each into a focused pull request. You review the diffs and decide what ships.
From a three-team relay to one run
Fixing a security bug is a relay across three teams — today's tools each cover one slice, so people stitch the rest together:
- Set up the test environment — engineering.
- Attack the app to find and exploit the bugs — security.
- Triage and fix every finding — developers.
A program manager chases the handoffs, and it's never one clean pass. The pentester needs another test tenant, back to eng. A finding won't reproduce, it ping-pongs between security and dev. A fix ships, security has to re-test. Weeks pass, a dozen people touch it, and the code has already moved on.
Niro collapses that relay into one agent-driven run. Its attacker agent does the security team's job, its developer agent does the dev team's — and it automates the setup engineering used to own. You still set the scope, review the diffs, and decide what merges; Niro handles the back-and-forth in between — so three teams' effort lands in a few hours as review-ready pull requests, grouped by root cause so each is small enough to actually review.
Quickstart
From your project root, check the prerequisites, then install Niro and start a fix run:
curl -fsSL https://raw.githubusercontent.com/apxlabs-ai/niro/main/install.sh | sh
niro fix
niro fix opens the selected agent CLI interactively with Niro's first message
already submitted. The agent CLI applies its own sandbox and approval policy;
not every operation necessarily prompts. For an intentionally unattended run,
--autonomous grants the agent CLI full current-user host access without
approval prompts. Read the agent CLI privilege and threat
model before using it. Niro opens review-ready fix
PRs; you decide what to merge.
See Run Niro for report-only and scoped runs, supported agent CLIs, CI, and interactive developer agent workflows.
What a run actually does
Setup done, Niro works your running app the way a real attacker would — and doesn't stop until each bug is proven:
- Attack — probes your HTTP surfaces (web apps, APIs, MCP servers) for real, exploitable bugs.
- Unblock — when a login, empty database, disabled feature, or missing tenant blocks testing, Niro creates what it needs to keep going instead of silently skipping that part of the app.
- Prove — every finding is a false alarm until Niro reproduces it and leaves a runnable proof. Doubt is demoted, never inflated.
Proven bugs are grouped by root cause into focused, review-ready PRs — one per cause, each with its own validation evidence.
Built for trust
AI makes code faster to ship and harder to trust. Niro is built to earn that trust back:
- Your environment, your provider. Niro does not proxy model requests or require uploading your repository, credentials, findings, or logs to a Niro backend. See Security and data for AI-provider boundaries, telemetry, and opt-out controls.
- Host authority is explicit. Local runs are interactive by default;
unattended execution requires
--autonomousand the full host authority it grants is documented in the agent CLI threat model. - You set the blast radius. Attack tools run in a sandbox with kernel-level
egress control — they can reach only the targets you authorize in
scope.yaml, enforced at the network layer. - Transparent coverage. Niro reports what it couldn't reach on every run, so coverage is never a black box — and it remembers intended behavior so it won't keep flagging it. Strongest on the everyday exploitable class; novel, multi-step business logic stays yours.
Niro Enterprise is planned separately for organization-scale governance, audit, compliance, deployment, and commercial support.
Docs
- Get started — prerequisites, installation, and your first run.
- Prepare your app — targets, scope, credentials, fixtures, and test state.
- Run Niro — find or fix, local or CI, whole-app or focused.
- Review the results — findings, exploits, validation evidence, and fix PRs.
- Security and data — data flow, AI providers, sandboxing, egress, and telemetry.
- Agent CLI security — filesystem, command, environment, egress, and prompt-injection boundaries for interactive and autonomous execution.
- Security policy — supported versions and private vulnerability reporting.
- Releases and verification — support lifecycle, version pinning, checksums, image digests, and release notes.
- Coverage and limitations — what Niro tests, what it reports, and where humans remain responsible.
- Reference — commands, flags, and configuration.
- Troubleshooting — common failures, diagnostics, and support artifacts.
Edition and license
Niro Community Edition is free-of-charge, proprietary software distributed as a prebuilt binary. Source code is not provided, and "Community Edition" does not mean open source or source available. This public repository is the documentation and binary-distribution surface; it does not contain Niro product source code.
You may install and use Niro, keep backup copies, and mirror the unmodified binary inside your organization under the Niro Community Edition License Agreement. Public redistribution, resale, modification, and reverse engineering are not permitted. Third-party components remain under their own licenses; see NOTICE.
Issues
Установка Niro
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/apxlabs-ai/niroFAQ
Niro MCP бесплатный?
Да, Niro MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Niro?
Нет, Niro работает без API-ключей и переменных окружения.
Niro — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить Niro в Claude Desktop, Claude Code или Cursor?
Открой Niro на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
Fetch
Web content fetching and conversion for efficient LLM usage.
AWS KB Retrieval
Retrieval from AWS Knowledge Base using Bedrock Agent Runtime.
автор: modelcontextprotocolSpring AI MCP Server
Provides auto-configuration for setting up an MCP server in Spring Boot applications.
llm-analysis-assistant
A very streamlined mcp client that supports calling and monitoring stdio/sse/streamableHttp, and can also view request responses through the /logs page. It also
автор: xuzexin-hzCompare Niro with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории ai
