Root Library Catalog (RLC) is a managed patching service that addresses vulnerabilities in application dependencies across multiple package ecosystems including npm, PyPI, Maven, and Go. The service patches libraries at their pinned versions without requiring version upgrades or breaking changes. RLC operates through an AI-powered Agentic Vulnerability Remediation (AVR) platform that automates vulnerability detection, patching, testing, and delivery. The platform researches CVEs by collecting advisories, exploits, and upstream commits, then applies minimal security fixes through backporting rather than full version upgrades. Each patch undergoes package tests, functional tests, and CVE-specific validation by security researchers. The service delivers built-from-source patched artifacts with complete chain of trust documentation including provenance, attestation, SBOM in CycloneDX format, VEX, and before/after CVE delta reports. Libraries are delivered with modified version identifiers (e.g., django==4.2.1-root). RLC connects to artifact repositories or registries to automatically discover libraries in production use. The service operates on a contracted fix-rate throughput model with automatic prioritization of Critical and High severity vulnerabilities. CISA KEV vulnerabilities receive priority treatment regardless of capacity constraints. The service requires an active Root Image Catalog (RIC) subscription or equivalent base image support. It maintains native OS compatibility and integrates with existing security scanning tools to identify vulnerable libraries requiring remediation.