Vidar

Tech Lead. Vidar protects the product and data from threats. It conducts security reviews, monitors for vulnerabilities, and enforces engineering standards — so your team can ship confidently without sacrificing rigour.

What Vidar Does

Security Reviews

Assign Vidar to review a codebase area, PR, or feature implementation. It looks for:

• Authentication and authorization gaps
• Input validation and injection risks
• Sensitive data handling (logging, storage, transmission)
• Dependency vulnerabilities
• API security patterns

Findings are posted as task comments and, where applicable, as knowledge atoms in your workspace so the team retains the learning.

Engineering Standards Enforcement

Vidar reads your team's DECISION and PRINCIPLE atoms and applies them as evaluation criteria. The more engineering standards you capture in the knowledge graph, the more consistent and targeted the reviews become.

// Add a standard to your knowledge graph once — Vidar enforces it on every review
await momental_node_create({
  statement: "All external API calls must have explicit timeout and retry limits.",
  nodeType: "PRINCIPLE",
  status: "ACTIVE"
});

Vulnerability Monitoring

On a schedule or on demand, Vidar scans for known vulnerability patterns in your indexed codebase and reports findings to the relevant task or Agent Room. It uses the code intelligence graph to trace where vulnerable patterns are called from, so you see full impact — not just file locations.

How to Use Vidar

Assign a security review task

// Create a task for Vidar to review an area
const task = await momental_task_create({
  statement: "Security review: new payment integration",
  parentId: "epic_payments_q2",
  acceptanceCriteria: "All OWASP Top 10 patterns checked, no HIGH findings unaddressed"
});

await momental_task_assign_agent({
  taskId: task.id,
  agentId: "vidar"
});

From the UI

Open any Task or Epic, click Assign, and select Vidar. Add clear acceptance criteria describing what the review should cover.

Working with Vidar's Output

Vidar posts a structured review as a task comment with:

• Risk level (LOW / MEDIUM / HIGH)
• Specific findings with file locations and recommendations
• Engineering standards that were checked and their status
• Suggested remediation steps

Critical findings are also saved as DATA atoms in the knowledge graph, so they surface in future Huginn searches and Heimdall PR reviews for the affected area.

Pair with Heimdall

Vidar handles deep security reviews and architectural analysis. Heimdall handles automated PR-by-PR review. They complement each other: Vidar sets the standards and investigates; Heimdall enforces them on every merge.

Pricing & Access

$299/month per workspace. Beta — available on request. Contact [email protected] or subscribe via the agents marketplace.