Software creation jumped 10–100x. Library discovery didn't.

Starlog is the capability index your AI agent is missing — it shows Claude Code, Cursor, Copilot, and Codex which proven libraries already solve the task, so they stop hand-rolling custom code or guessing from stale training data.

$npm install -g starloghq

Star on GitHub

The Problem

Your agent can't find the library. So it ships you the maintenance burden.

AI coding agents can't see what already exists, so they default to custom code. Every reinvented wheel is technical debt you didn't choose — unreviewed, unmaintained, and yours to own.

Without Starlog

You ask “add authentication” — your agent hand-rolls it:

→ 150-line custom JWT handler

→ Hardcoded bcrypt rounds

→ No session management

→ No MFA, no OAuth, no breach recovery

Technical debt you now own, review, and maintain.

With Starlog

Your agent reaches for what already exists:

→ Clerk / Auth0 / Supabase Auth

→ A few lines of integration code

→Built on SOC 2–compliant infrastructure

→ MFA, OAuth, breach recovery included

Maintained, reviewed, and battle-tested by someone else.

83%¹

of the time, agents pick different libraries for an identical project-setup task

60%²

of capability categories, agents default to custom over existing libraries (12 of 20)

49%³

of AI-imported dependencies carry known vulnerabilities

96%⁴

of open-source CVEs hit dependencies outside the 20 most-used — the obscure long tail agents reach for

Stop building custom. Install Starlog

1 Twist et al. — “LLMs Love Python” (arXiv:2503.17181, King’s College London) — 32–39 unique libraries, 83% inconsistency across 8 models. 2 amplifying.ai — “What Claude Code Actually Chooses” (2,430 recommendations, 20 categories). 3 Endor Labs — “State of Dependency Management 2025”. See also Socket.dev on slopsquatting — AI-hallucinated packages weaponized as supply-chain attacks. 4 Chainguard — “The State of Trusted Open Source” (Mar 2026).

See It Work

Same prompt. Same agent. One has a map.

Starlog adds one tool call before the agent writes code — a search across structured capability data. Here's what changes.

starlog — live

Terminal recording: starlog search returns ranked library recommendations, then starlog init wires Starlog into every coding agent

See the ranking up close →

The Fix

What becomes scarce is not code. It's knowing what's already been built.

Capability Manifests

Not documentation. Not READMEs. Structured, machine-readable descriptions of what each indexed library actually solves — which stacks they fit, when to skip them, and what hosted alternatives cost less than building custom.

Capability-Aware Search

Your agent asks ‘I need auth for a Next.js SaaS’ and gets ranked results with integration effort, health signals, and a concrete comparison: ‘Clerk eliminates 2–4 weeks of auth infrastructure work.’

One-Command Setup

npx starloghq init. MCP server configured. PostToolUse hook installed. Your agent starts using Starlog for dependency decisions — in our benchmark it called the tool on every one.

25 libraries across 7 capability categories

How Starlog works, in depth →

Before your agent installs a package, it can check the receipts — known CVEs, license traps, abandonment, and your org's own bans. See package vetting in action →

Proof

240 runs. 4 vendors. Facts an agent can't recall.

The same blind spot that makes an agent hand-roll auth makes it pick the wrong package. Here's that second failure, measured.

78%

correct decisions with facts (from 20%)

In our own benchmark — synthetic packages, a best-case ceiling, not a deployment estimate.

Opus 4.8GPT-5.5Gemini 3 ProDeepSeek V4 Pro

Full methodology and tables →

Get Started

Three steps. Under a minute. Every agent.

Next time your agent needs auth, it'll reach for Clerk — not hand-roll a JWT parser. Keyword ranking works offline out of the box; no key, no account.

Install

npm install -g starloghq
starlog init

Requires Node 20+. Wires the MCP server, the install hook, and per-agent instruction files. Just trying it? npx starloghq init works too — but install globally for a permanent setup (npx paths are temporary and get cleared).

Restart your agent

Claude Code, Cursor, Copilot, and Codex pick up the new MCP server and instructions on restart.

Verify

starlog doctor

Shows the active ranking mode and flags anything missing — corpus, MCP server, hook, and agent configs in one pass.

✓

See it work

starlog search "auth for Next.js" --top-k 3

A ranked answer with a vs custom rationale — in your terminal now, not next time.

Coverage & ranking: keyword search works offline on the 25-library core — no key, no account. A key unlocks the larger hosted index, plus optional (experimental) semantic ranking — starlog init --api-key <key>. get a key → Details →

Scope: the starlog_search tool runs in Claude Code; Cursor, Copilot, and Codex get instruction files. The starlog CLI works in any terminal.

Update: npm i -g starloghq@latest. Full reference →