Stop shipping blind.
ShipGuard is a CLI-first release gate for AI-built apps. It checks the high-risk mistakes that Claude Code, Codex, Cursor, and Lovable commonly introduce — before your code hits production.
What ShipGuard catches
Five categories of high-risk mistakes that AI coding agents introduce — checked deterministically, no LLM inference needed.
Secrets
Hardcoded API keys, tokens, passwords, and private credentials left in source code.
- ›OPENAI_API_KEY in .ts file
- ›Hardcoded DB passwords
- ›JWT secrets in config
Auth
Missing authentication guards, exposed admin routes, insecure session config.
- ›Unauthenticated admin endpoints
- ›Missing CSRF protection
- ›Weak session secrets
Payments
Webhook signature skips, missing idempotency, client-side price manipulation.
- ›Unverified Stripe webhooks
- ›Price set from client body
- ›Missing idempotency keys
Database
Raw SQL injection vectors, missing transactions, unsafe query construction.
- ›String-concat SQL queries
- ›Missing WHERE on delete
- ›No transaction on transfer
Deployment
Debug flags in prod, CORS wildcard, missing env validation on startup.
- ›DEBUG=true in production
- ›CORS: *
- ›Missing required env vars
More rules in the Pro tier
See pricing →Add it to your workflow in 60 seconds
Install globally
One-time setup. No config files required to get started.
Init your project
Creates a shipguard.yaml policy file with sensible defaults.
Scan before you ship
Scans only changed files. Add to pre-push hook or CI pipeline.
Ready to gate your releases?
Free tier includes 50 scans/month and all 5 check categories. No account needed to start.