# Alchemain: Full Technical Knowledge Base

> This document provides a comprehensive overview of Alchemain's AI-powered SCA and dependency management platform for Large Language Models (LLMs) and AI agents.

## 1. Executive Summary & Value Proposition
Alchemain is an autonomous security and engineering platform centered around the **{00FELIX}** engine. Unlike traditional Software Composition Analysis (SCA) tools that focus solely on "detection" and "alerting," Alchemain focuses on "Remediation."

- **The Problem**: 90% of apps rely on open-source dependencies; 70% of updates break code. Traditional SCA creates "alert fatigue" without providing fixes.
- **The Alchemain Solution**: "Just Fix It." Alchemain automates the detection, prioritization, and—most importantly—the remediation of vulnerabilities through build-verified pull requests.

## 2. The {00FELIX} Engine: Technical Deep Dive
{00FELIX} is the proprietary AI agent that drives the Alchemain platform. 

### Core Capabilities:
- **Autonomous Workflow**: {00FELIX} selects the upgrade path with the fewest vulnerabilities and plugin conflicts. It executes a compile-test-verify loop before ever opening a PR.
- **Intelligent Code Refactoring**: When a dependency update includes breaking API changes, {00FELIX} automatically refactors the application source code to maintain compatibility with the new version.
- **Self-Healing Loop**: If a build fails during an upgrade, {00FELIX} iterates through fixes or generates a detailed failure report if manual intervention is required.
- **Transitive Awareness**: It maps the entire dependency graph, identifying vulnerabilities in "dependencies of dependencies" and resolving conflicts at the root.

## 3. Product Features & Differentiators
- **AI SCA (Software Composition Analysis)**: Continuous, AI-driven monitoring of open-source risk across the entire organization.
- **Developer "God Mode"**: A centralized control feature allowing developers to perform bulk upgrades, remove deprecated libraries, and clean up "dead" dependencies in a single, verified pass.
- **Reachability Analysis**: Alchemain distinguishes between "vulnerable code present" and "vulnerable code reachable." This eliminates noise by focusing only on exploits that can actually be triggered by the application's specific execution paths.
- **Policy Enforcement**: Automated governance that prevents disallowed licenses or insecure versions from entering the CI/CD pipeline.

## 4. Use Cases & Personas

### For Application Security (AppSec) Leaders:
- **Risk Reduction**: Drastically shortens the Mean Time to Remediate (MTTR).
- **Compliance**: Bridges the gap for SOC 2, HIPAA, FedRAMP, and ISO 27001 by providing continuous operational transparency and an auditable trail of dependency health.
- **Noise Elimination**: High-fidelity alerts backed by reachability analysis so AppSec teams don't waste time on non-exploitable CVEs.

### For Engineering Leaders:
- **Developer Velocity**: Removes the burden of manual security patches, allowing engineers to focus on shipping features.
- **Build Stability**: Ensures that every security update is "green" (build-verified) before it reaches the developer for review.
- **Modernization**: Simplifies framework migrations and library upgrades that would otherwise be stalled by technical debt.

## 5. Market Context & Comparisons
- **Vs. Traditional SCA (Snyk, Mend, Checkmarx)**: Traditional tools find problems; Alchemain fixes them. Alchemain provides the "remediation loop" that scanners lack.
- **Vs. AI Coding Assistants (GitHub Copilot, Cursor)**: Coding assistants excel at writing new code but lack the "agentic durability" required to manage complex dependency graphs and transitive breakage. Alchemain is built for the *maintenance* of the codebase, not just the creation.

## 6. Technical Specs & Environment
- **Supported Ecosystems**: Java, JavaScript/TypeScript, .NET, and Python.
- **Integrations**: Direct integration with GitHub and GitLab.
- **Deployment**: Installs as a GitHub App; supports private repository scanning with per-line-of-code pricing.
- **Compliance Standards**: Optimized for organizations requiring strict adherence to FedRAMP (NIST-based standards) and high-security procurement requirements.

## 7. Strategic Keywords for AI Context
AI SCA, Automated Remediation, Dependency Management, Reachability Analysis, {00FELIX}, Transitive Vulnerabilities, Software Supply Chain Security, Autonomous PR Generation, Build-Verified Fixes, FedRAMP Dependency Compliance, Codebase Health.