AgenticCLI

▮ AgenticCLI — local-first business critical tooling for the agentic era

Catch what Claude agent missed in seconds with ShipGuard

ShipGuard scans your code locally before every deploy. Secrets, broken auth, unverified webhooks, SQL injection, debug flags in production. Local checks are free, unlimited, and private — your code never leaves your machine.

$npx @agenticcli/shipguard scan
view on GitHub →

Runs alongside every agent and terminal.

Claude Code, Codex, Cursor — or any CLI, hook or CI. It reads exit codes natively, so your agent acts on the result.

ClaudeClaude
CodexCodex
CursorCursor

The most important gate for your agent.

live

ShipGuard

The release gate for AI-built apps. Five deterministic checks for the mistakes Claude Code, Codex and Cursor actually make — run locally, in about two seconds, before anything ships.

  • secrets
  • auth
  • payments
  • database
  • deployment
shipguard scan --changed
dev in ~/checkout on mainshipguard scan --changed
Scanning 12 changed files…
CRITICAL secrets:hardcoded-api-key
src/lib/openai.ts:12 · "sk-proj-…"
CRITICAL payments:webhook-unverified
src/app/api/stripe/route.ts:8
MEDIUM auth:admin-route-unprotected
src/app/admin/page.tsx:1
Risk Score: 78/100 HIGH RISK
Status: BLOCKEDexit 1

The security harness

Agents ship code faster than any human review can keep up. ShipGuard wraps the agent loop in a deterministic security gate — so the bugs never reach production.

without a harness

deploy.sh — no gate
dev in ~/checkout on maingit push && deploy
Deploying to production...
✓ build passed
✓ deployed in 2.4s
! api key shipped to prod
! webhook left unverified
# nobody checked.

with ShipGuard

deploy.sh — shipguard gate
dev in ~/checkout on maingit push && deploy
→ shipguard scan --pre-deploy
CRITICAL secrets:hardcoded-api-key
CRITICAL payments:webhook-unverified
Risk Score: 81/100 HIGH RISK
Status: BLOCKEDdeploy halted
✓ caught before it shipped

Critical checks that matter for your business.

The places AI agents actually break production — tuned to the mistakes Claude Code, Codex and Cursor make most. Framework-aware, not just regex.

Secrets

Hardcoded API keys, tokens and credentials — before they reach your git history.

Auth

Unprotected admin routes, missing guards and broken session checks.

Payments

Unverified webhooks and missing signature checks on Stripe & friends.

Database

SQL injection, unsafe queries and destructive or exposed migrations.

Deployment

Debug flags, source maps and dev config shipped to production.

ShipGuard guards your deployments, branches & PRs as agents help you ship faster.

What makes a security gate work for agents — and why each property is load-bearing.

agent-native

JSON + exit codes. That's the API.

Your agent scans, reads structured findings, applies each fix, and re-scans until exit 0. No dashboard, no alert queue — the entire interface is stdout and a return code.

$ shipguard scan --json
{"status":"blocked","findings":[...]}
> agent fixes 2 findings
$ shipguard scan --json
{"status":"safe"} → exit 0

deterministic

Not an LLM. A rule engine.

Same code → same score → same exit code. Every time, on every machine. An LLM gives three different answers to the same question — ShipGuard gives one, and your agent can trust it enough to branch on it without asking a human.

# LLM review
"mostly safe"
"CRITICAL found"
"no issues"
# ShipGuard
78/100 · exit 1
78/100 · exit 1
78/100 · exit 1

local-first

Code never leaves the machine.

Free scans are fully offline — no network, no account. Pro scans connect once to download rule bundles via an authenticated edge gateway, then scan locally. Either way, no code, file paths, or file contents are ever transmitted. Rules come down. Code never goes up.

# free: fully offline
✓ 0 network connections
# pro: rules downloaded, code stays
✓ rules ↓ code ✗ never ↑

framework-aware

Not regex. Structural rules.

ShipGuard understands Next.js App Router routes, Supabase RLS migrations, Stripe webhook handlers, and Firebase security rules. It knows that route.ts in app/api/ is a public endpoint — not just a file with a string in it.

# knows Next.js route structure
CRITICAL auth:api-route-unguarded
app/api/admin/route.ts:1
→ public POST with no auth middleware
Fix: add auth guard or move to protected route

one command

Install and scan in seconds.

No config files. No account. No setup wizard. One npx command and ShipGuard scans your project — locally, privately, in seconds.

$ npx @agenticcli/shipguard scan
ShipGuard v0.4.0 — scanning 14 files
CRITICAL secrets:hardcoded-api-key
HIGH auth:admin-unprotected
Risk 72/100 · DO NOT SHIP · exit 1

/loop

The observe step in every agent loop.

Every coding agent runs a loop: reason → act → observe → repeat. ShipGuard is the observe step — the deterministic checkpoint between "the agent wrote code" and "the code ships." It returns structured findings the agent can reason about and act on in the next iteration, closing the loop without a human in the middle.

# the agentic loop
reason → "add stripe checkout"
act → write code
observe → shipguard scan --json
reason → "fix 2 findings"
act → apply fixes
observe → shipguard scan → exit 0 ✓

hooks

A hard gate, not a polite request.

A CLAUDE.md instruction is a hope. A hook is a guarantee. Wire ShipGuard as a PreToolUse hook or a pre-push git hook and it fires deterministically at the boundary between "agent wants to push" and "code leaves your machine." Exit 2 blocks. The agent doesn't get a vote.

# .claude/settings.json
PreToolUse → "Bash" → git push
→ run shipguard scan --strict
→ exit 2 = BLOCKED
# or just a git hook
.husky/pre-push
→ shipguard scan --changed
→ exit 0 = push proceeds

/goal

The stop condition agents actually trust.

Goal-based loops need an objective stop condition — not "does this look safe?" but a binary yes/no the agent can check deterministically. ShipGuard's exit 0 is that condition. The agent's goal becomes: "get to exit 0." It can iterate autonomously — scan, fix, re-scan — with a clear, machine-verifiable definition of done.

# agent /goal: "ship clean"
$ shipguard scan → exit 1
> not done. fixing...
$ shipguard scan → exit 1
> still not done. fixing...
$ shipguard scan → exit 0
> goal met. deploying.

ShipGuard Pro

The free gate catches the obvious. Pro catches the rest — always-current detection rules, deep stack coverage, and cloud-delivered updates your agent gets automatically.

free — catches the common, high-severity mistakes agents make most: hardcoded secrets, unverified webhooks, unguarded routes

shipguard scan
secrets:hardcoded-api-key — src/lib/stripe.ts:4
payments:webhook-unverified — src/app/api/stripe/route.ts:8
2 findings · 12 rules checked

pro — catches the complex workflows, framework-specific patterns & more

shipguard scan --pro
secrets:hardcoded-api-key
payments:webhook-unverified
auth:supabase-rls-disabled
auth:firebase-open-read
deploy:cors-wildcard
db:migration-destructive
6 findings · 176 rules checked

always-current

live threat-intel corpus

Cloud-delivered rule bundles — updated continuously without a CLI upgrade. New AI-code attack class observed today, the rule that catches it is in your gate tomorrow. Free corpus lags by design; Pro is always current.

deep stack coverage

web · database · auth · secrets · supply chain

Rules that understand your tech stack — web frameworks, database ORMs and migrations, authentication providers, secret patterns, and supply chain dependencies. Pro goes deeper than the free modules into stack-specific failure modes that basic pattern matching can't reach.

shipguard.policy.yml

custom policy files

Define which findings block, which warn, and which paths to ignore — per project. Your policy travels with your repo and your agent respects it automatically.

free scanfully offline
1$ shipguard scan
2bundled rules loaded
basic corpus · lagged
3scan runs locally
5 modules · no network
4verdict → exit 0 / exit 1
pro scanrules ↓ · code never ↑
1$ shipguard scan --strict
2CLI generates EdDSA token
auth local · token sent to edge
3edge gateway verifies
body cap → verify → rate limit
4convex → live rule bundle
always-current · credits deducted
5scan runs locally
full corpus in memory · RE2 engine
6verdict → exit 0 / exit 1

Start free.

No credit card. No account required for the free tier. Simple pricing — the local gates stay free forever.

freeavailable now

$0 forever

Unlimited local scans on every push — for every solo builder and agent.

  • Unlimited local scans
  • 5 cloud scans / mo
  • All 5 check categories
  • Deterministic exit codes
  • --json for CI & agents
  • Community support
get started free
Plusavailable now

$19 /mo

month-to-month · no annual option

For the solo builder who wants cloud rules without a CI gate.

  • Everything in Free
  • 10 cloud scans / mo
  • Full corpus access
  • No CI gate
  • Month-to-month
start with Plus
promost popular

$29 /mo

The full gate — deep backend-as-a-service (Supabase, Firebase) checks and a CI gate, for shipping in earnest.

  • Everything in Plus
  • 100 cloud scans / mo
  • Supabase RLS & Firebase deep checks
  • Custom policy files
  • --strict CI gate
  • Priority rule updates & email support
join the Pro waitlist

FAQ

Does my code ever leave my machine?
No. Every gate runs locally in your terminal. ShipGuard never uploads, syncs, or phones home — there's no cloud scan and no exfiltration surface. We literally never see your code.
Which agents and tools does it work with?
Anything that writes code: Claude Code, Codex, Cursor and Copilot today — plus any CI, pre-commit hook or shell. Output is machine-readable, so your agent can run it and act on the result.
Is it really free?
Yes — local scans are free and unlimited, forever, running locally. Paid tiers add cloud scans against the always-current rule corpus and a CI gate.
How is this different from a linter or Snyk?
Linters check style; ShipGuard checks the security mistakes agents actually make and returns a deterministic exit 0 / exit 1 gate. It runs fully local and is built to be driven by an agent, not a dashboard.
What languages and frameworks are supported?
JavaScript and TypeScript with the common web stacks first — Next.js, Express, Stripe, Prisma — and more added continuously. Checks are framework-aware, not just pattern matching.
Can my agent run it automatically?
Yes — that's the point. Wire it into a hook, or just tell your agent “run shipguard before you ship.” It reads exit codes and structured output natively.

From the blog