SeamShield maps who — or what — can access what in your AI-built app, flags the lanes that are unsafe to ship in plain English, and writes safe fix plans for your agent. It runs where your code already lives. Your source never leaves your machine.
Agents now write routes, rules, and config directly. Each change can quietly open a lane that lets the wrong actor reach the wrong asset — and these mistakes look fine in a diff. SeamShield catches the common unsafe-to-ship ones before hackers find them.
true, an open storage bucket, or a route with no auth lets anonymous writes hit your tables.userId sent from the browser..env or security config without confirmation, or a new package that runs a script during install.SeamShield normalizes everything it finds into a single shape, so one engine can reason about secrets, data rules, auth, agents, and dependencies the same way.
Map access, get a verdict, generate a safe fix, guard future edits, and learn new controls from real-world vulnerabilities — without source ever leaving your machine.
The main command. Ranks every detected lane, applies controls, and returns one honest answer — unsafe to ship, needs review, or no critical access risks found. Never claims you're "secure."
Lists every actor → lane → asset → permission → condition, ranked by risk, in plain language.
Generates a guard-railed prompt your agent can follow — no secret leaks, no weakened rules.
A fast local policy gate that blocks high-confidence risks before an agent can create them.
Pulls new rule and control updates from vulnerability intelligence. Fetches rules only — never sends code.
A control is reusable security logic: given these access lanes, is this pattern dangerous? SeamShield never shows you a raw CWE number — it tells you what the code actually does.
| Control | What it means, in plain English | Category | Default |
|---|---|---|---|
| client_to_server_secret | A server credential is reachable from browser code or a public env variable. | Secrets | critical |
| anonymous_write | Public or anonymous users can write or delete private data. | Data rules | critical |
| trusted_client_role | The server trusts a role or user ID sent from the browser. | Authorization | critical |
| input_to_shell | User input can reach a shell command. | Execution | critical |
| client_only_auth | An admin area or private data is protected only by client-side checks. | Auth | high |
| input_to_filesystem | A file path is derived from user input without an allowlist. | Execution | high |
| agent_to_secret | An AI agent can modify .env or secrets without confirmation. | Agent | high |
| agent_to_policy | An AI agent can rewrite database rules or auth middleware without confirmation. | Agent | high |
| wildcard_cors_with_credentials | An authenticated API allows wildcard or broad origins with credentials. | Network | high |
| dependency_to_shell | A dependency runs a script during install — higher if it's new or agent-added. | Dependencies | medium |
Hand your agent a plan that fixes the lane without opening a new one — explicit rules keep it from printing the secret, weakening auth, or breaking the UI.
SeamShield runs fully offline if you want. When it is online, traffic is one-way — it pulls rule updates in, and never sends your source, secrets, or diffs out.
Guard is a fast local policy gate, not a full scanner. On every agent edit it classifies the affected lane, runs the high-confidence controls, and decides — allow, warn, or block.
Writing secrets into client files, opening public-write rules, editing .env without confirmation, moving admin checks client-side, or adding dangerous shell commands.
New dependency install scripts, auth middleware changes, broad CORS changes, and deploy-config edits get a warning, not a wall.
Each new control traces back to a real CVE, advisory, or incident — translated into an access failure, a local check, and a guard rule.
SeamShield maps access lanes — who or what can reach what. It does this twice: once while your agents build the app, and again while real users hit it in production.
Protects apps while AI agents build them.
Protects live access lanes at runtime.
Same core primitive — an access lane — enforced before you ship and after you ship.
The local engine is open source — read it, run it offline, block the network, and verify for yourself that your source never leaves. We charge for the curated intelligence, runtime Auth, and team governance on top — never for taking custody of your code.
The engine that scans your repo is open source. Inspect exactly what it checks — nothing is hidden.
Block the network and watch it work. Proof, not promises, that your source never leaves the machine.
See the exact access lane and the reason each risk fired. No black-box scores to take on faith.
The open-source CLI, @seamshield/cli — map access and catch the obvious unsafe-to-ship lanes, fully offline. Everything you need to verify your own app before you ship.
Advanced Build coverage, plus SeamShield Auth at runtime — account sharing, abuse and bot detection — for up to 100K users.
Go ProEverything in Pro with usage-based SeamShield Auth, plus governance, CI enforcement, and audit across many repos.
Book a demoSeamShield Auth is available on Pro (up to 100K users) and Enterprise (usage-based). Defense is semantic, not secret — open rules, strength from modeling access correctly.
One command tells you whether your AI-built app has dangerous access lanes open — no account, no upload. Then hand your agent a safe fix and guard every edit after.