Software creation jumped 100x. Library discovery didn't.
AI agents compose entire applications from parts. But they pick dependencies blind — same 35 libraries, 60% custom builds, 49% with known vulnerabilities. Starlog is the discovery layer that's missing.
npx starlog initClaude just built another JWT parser
It doesn't know Clerk exists. It's not broken — it just has no way to discover what's already been built.
You ask: “Add authentication”
What your agent does:
→ Builds 150-line custom JWT handler
→ Hardcodes bcrypt rounds
→ Skips session management
→ No MFA, no OAuth, no breach recovery
With Starlog
What it should do:
→ Clerk / Auth0 / Supabase Auth
→ 3 lines of integration code
→ SOC 2 compliant out of the box
→ MFA, OAuth, breach recovery included
~351
libraries. That’s all 8 top LLMs use across every coding task.
83%1
of the time, an agent contradicts its own prior recommendation
60%2
of the time, agents build custom instead of using existing libraries
49%3
of AI-suggested dependencies carry known vulnerabilities
1 amplifying.ai — “What Codex Actually Chooses vs Claude Code” (1,470 responses). 2 Claude Code audit, 20 categories. 3 Socket.dev safety report.
Same prompt. Same agent. One has a map.
Starlog adds one tool call before the agent writes code — a search across structured capability data. Here's what changes.
$agent “add authentication”
→ writing lib/auth/jwt.ts (147 lines)
→ writing lib/auth/bcrypt.ts (43 lines)
→ writing lib/auth/session.ts (88 lines)
× 278 lines of custom auth
× no MFA, no OAuth, no breach recovery
$agent “add authentication”
→ starlog_search(“auth”, stack=“next.js”)
↳Clerk
↳Auth0
↳Supabase Auth
→ npm install @clerk/nextjs
✓ 3 lines. SOC 2. MFA + OAuth included.
What becomes scarce is not code. It's knowing what's already been built.
npm has 2.5M+ packages. PyPI has 500K+. Only a fraction are actively maintained and production-suitable. Starlog gives agents structured capability data — not training data.
Capability Manifests
Not documentation. Not READMEs. Structured, machine-readable descriptions of what 90 libraries actually solve — which stacks they fit, when to skip them, and what hosted alternatives cost less than building custom.
Capability-Aware Search
Your agent asks ‘I need auth for a Next.js SaaS’ and gets ranked results with integration effort, health signals, and a concrete comparison: ‘Clerk eliminates 2–4 weeks of auth infrastructure work.’
One-Command Setup
npx starlog init. MCP server configured. PostToolUse hook installed. Your agent starts using Starlog for every dependency decision — and it uses it 100% of the time.
1,008 benchmark runs. 3 Claude models. The data speaks.
DIY rate measures how often agents build custom implementations instead of recommending existing libraries. Lower is better.
| Category | Without | With Starlog | Change |
|---|---|---|---|
| Authentication | 39.6% | 8.3% | -31.3pp |
| Feature Flags | 37.5% | 4.2% | -33.3pp |
| Caching | 14.6% | 0% | -14.6pp |
| Background Jobs | 12.5% | 0% | -12.5pp |
The manifest data drives the effect, not the delivery mechanism. Context injection and tool use produced nearly identical results — 11.6pp vs 11.3pp DIY reduction.
100%
tool adoption
3/3
models supported
11pp
overall DIY reduction
npx starlog initOne command. Thirty seconds. Every agent.
Next time your agent needs auth, it'll recommend Clerk — not build a JWT parser from scratch.
$ npx starlog initWorks with Claude Code, Cursor, Copilot, and Codex. Configures MCP server, hooks, and agent instructions automatically. Your agent starts making better library choices immediately.
Want to confirm it's wired up? Run starlog doctor — it checks your corpus, MCP server, hooks, and agent configs in one pass, and tells you exactly what's missing.