Managed Feeds

What managed feeds are#

Managed feeds are compact security datasets served by AgentChute and cached by AgentLint. They let local rules check compromised packages, vulnerable dependencies, leaked-secret patterns, malicious URLs, blocked domains, and compromised GitHub Actions without calling the network during a hook.

Local-first behavior#

• 01Hooks never fetch upstream sources.
• 02AgentLint refreshes feeds outside the hook path and stores the last valid cache.
• 03If AgentChute is unavailable, AgentLint uses stale cache.
• 04If no cache exists, feed-backed rules no-op instead of blocking work.

Source map#

• 01GHSA feeds ghsa-vulns and compromised-actions.
• 02OSSF malicious-packages feeds compromised-packages.
• 03gitleaks feeds secret-patterns.
• 04URLhaus feeds malicious-urls.
• 05StevenBlack/hosts feeds blocked-domains.
• 06NVD feeds nvd-cves for managed-cve-intelligence.

Rules using feeds#

• 01no-vulnerable-version-install and no-vulnerable-import use ghsa-vulns.
• 02no-compromised-action uses compromised-actions.
• 03no-compromised-dependency uses compromised-packages.
• 04no-leaked-secret-pattern uses secret-patterns.
• 05no-malicious-url-fetch uses malicious-urls.
• 06no-blocked-domain-fetch uses blocked-domains.
• 07managed-cve-intelligence uses nvd-cves.

Dashboard status#

The Policy page shows a Managed feeds section with source status, last run, record count, served feed names, consuming AgentLint rules, and the last ingestion error when present.

Operator checks#

Use these commands to verify server-side ingestion and client-side cache state during local testing or support.

make ingest-status
make ingest-feed FEED=ghsa FEED_LIMIT=200
agentlint policy explain