{"slug": "batta-plan-phase-security-reviews-for-ai-coding-agents-oss", "title": "Batta – plan-phase security reviews for AI coding agents (OSS)", "summary": "Batta, an open-source security review tool for AI coding agents, launches with plan-phase reviews that catch design flaws before code is written. The tool indexes a system's architecture—services, data flows, threats, and policies—and integrates via MCP with agents like Claude Code and Cursor, providing context-aware security checks and an audit trail.", "body_md": "Secure agent work, by design.\n\nBatta gives agents the right security and compliance context — so every decision is informed before code is written. It is the security architect running at machine speed: grounded in your actual code, cloud config, and org policies, not generic checklists.\n\nThe core value is not another chat prompt. It is the indexed security model of your system: services, entry points, identities, cloud resources, data flows, trust boundaries, data classifications, threats, mitigations, and known gaps. When an agent starts new work, Batta compares the proposed change against that model and returns concrete questions, risks, required tasks, and evidence-backed attestations for human review.\n\n**Plan-phase reviews** run security review before code is written — catching design flaws when they are cheapest to fix, not during PR or after deploy.**Full context, always** grounds every review in your actual code, cloud config, and org policies — not generic checklists. Every review reflects what your system really does.**System of record for humans** logs every decision, finding, and attestation. Humans stay in control of what matters — with a complete audit trail when it counts.**Agent-native workflow** exposes indexing and reviews over MCP so Claude Code, Cursor, Codex, Copilot Agent, and other coding agents can use Batta from inside the repo.**Local-first OSS setup** works without an LLM key for MCP indexing and review loops.\n\nStart Batta:\n\n```\ncp packages/api/.env.example packages/api/.env\ndocker compose up\n```\n\nOpen [http://localhost:3100/onboarding](http://localhost:3100/onboarding), choose a stable repo key such as\n`payments-service`\n\n, then paste this prompt into your coding agent while the target\nrepository is open:\n\n```\nFetch Batta onboarding instructions from:\nhttp://localhost:3101/api/onboarding/agent-led?repo=<repo-name>\n\nThen follow those instructions in this repository. Configure MCP, verify the connection, and index this repository before considering onboarding complete so future reviews have architecture context.\n```\n\nThat is the recommended onboarding path. The agent fetches current setup instructions from your local Batta server, configures MCP for the repository, verifies the connection, indexes the repo, and adds standing instructions to run Batta reviews before future feature work. Indexing is the step that makes reviews architecture-aware instead of generic.\n\nManual setup and production OAuth details live in\n[docs/agent-integration](/Dolevco/batta-ai/blob/main/docs/agent-integration).\n\n``` php\ncoding agent\n    |\n    | MCP\n    v\nbatta API  ---->  Postgres + pgvector  ---->  indexed architecture context\n    |\n    v\nsecurity review loop\n```\n\n- The coding agent indexes the repository through Batta MCP.\n- Batta stores structured architecture context: services, features, DFDs, threat models, relationships, and review gaps.\n- Before a feature or meaningful code change, the agent starts a security review.\n- Batta compares the change to the indexed architecture and returns missing context, risks, and required security tasks.\n- The agent implements the change and submits evidence-backed attestations for review.\n\n```\npnpm install\ncp packages/api/.env.example packages/api/.env\ndocker compose up -d postgres redis\npnpm --filter @batta/api dev\npnpm --filter @batta/ui dev\n```\n\nThe API runs on [http://localhost:3101](http://localhost:3101) and the UI runs on\n[http://localhost:3100](http://localhost:3100). Check local readiness with:\n\n```\npnpm doctor\n```\n\nThe default local `.env`\n\ndisables auth and embeddings so the first run does not require\nOAuth, certificates, or model keys.\n\nBatta can use Ollama for local chat, indexing agents, work-item review agents, and semantic embeddings. Example setup:\n\n```\nollama pull qwen2.5-coder:14b\nollama pull qwen2.5-coder:7b\nollama pull nomic-embed-text\nLLM_PROVIDER=ollama\nOLLAMA_BASE_URL=http://localhost:11434\nOLLAMA_CHAT_MODEL=qwen2.5-coder:14b\nOLLAMA_SMALL_CHAT_MODEL=qwen2.5-coder:7b\n\nEMBEDDINGS_ENABLED=true\nEMBEDDINGS_PROVIDER=ollama\nOLLAMA_EMBEDDING_MODEL=nomic-embed-text\nOLLAMA_EMBEDDING_DIMENSION=768\n```\n\nLocal model quality varies; larger coder models tend to be more reliable for the text-formatted tool calls Batta agents use. Embeddings from different providers or models should not be mixed in the same persisted vector data unless the indexes are rebuilt.\n\n```\n                 ┌─────────────┐\n   Browser ─────▶│     UI      │ (React + Vite)\n                 └──────┬──────┘\n                        │ REST + SSE\n                 ┌──────▼──────┐\n   Coding agent ─▶│     API     │ (Express + MCP)\n   (MCP/OAuth)   └──┬───────┬──┘\n                    │       │\n                    ▼       ▼\n              Postgres    Redis\n              + pgvector  (cache / pubsub)\n```\n\n| Package | Purpose |\n|---|---|\n`@batta/ui` |\nReact frontend for onboarding, reviews, knowledge base, chat, and integrations. |\n`@batta/api` |\nExpress REST API and MCP endpoint. |\n`@batta/core` |\nLLM task runtime, tools, and memory primitives. |\n`@batta/shared` |\nPersistence, services, integrations, and shared types. |\n`@batta/data-indexer` |\nBackground scanner for code and cloud indexing. |\n\n[Docs index](/Dolevco/batta-ai/blob/main/docs/README.md)[Agent onboarding](/Dolevco/batta-ai/blob/main/docs/agent-integration/agent-led-onboarding.md)[Manual MCP configuration](/Dolevco/batta-ai/blob/main/docs/agent-integration/mcp-config.md)[Security review loop design](/Dolevco/batta-ai/blob/main/docs/loops.md)[Contributing](/Dolevco/batta-ai/blob/main/CONTRIBUTING.md)[Security policy](/Dolevco/batta-ai/blob/main/SECURITY.md)\n\nApache-2.0 — see [LICENSE](/Dolevco/batta-ai/blob/main/LICENSE).", "url": "https://wpnews.pro/news/batta-plan-phase-security-reviews-for-ai-coding-agents-oss", "canonical_source": "https://github.com/Dolevco/batta-ai", "published_at": "2026-06-15 10:29:24+00:00", "updated_at": "2026-06-15 10:46:52.790930+00:00", "lang": "en", "topics": ["ai-agents", "ai-safety", "ai-tools", "developer-tools", "ai-infrastructure"], "entities": ["Batta", "Claude Code", "Cursor", "Codex", "Copilot Agent", "Ollama", "PostgreSQL", "pgvector"], "alternates": {"html": "https://wpnews.pro/news/batta-plan-phase-security-reviews-for-ai-coding-agents-oss", "markdown": "https://wpnews.pro/news/batta-plan-phase-security-reviews-for-ai-coding-agents-oss.md", "text": "https://wpnews.pro/news/batta-plan-phase-security-reviews-for-ai-coding-agents-oss.txt", "jsonld": "https://wpnews.pro/news/batta-plan-phase-security-reviews-for-ai-coding-agents-oss.jsonld"}}