Open Source · Local-First · Zero Config

Bring the magic of security to AI coding agents

Finally — scan for secrets, block destructive commands, and protect against supply chain attacks. All locally, with zero config, in one CLI tool.

Get started for free See how it works

$ curl -fsSL https://seatbelt.pages.dev/install.sh | bash

Security Scanner

Scan your codebase for vulnerabilities in seconds

Point AI Seat Belt at any project. It finds hardcoded secrets, unsafe patterns, supply chain risks, and OWASP vulnerabilities — all without leaving your terminal.

Explore scanner →

✖ Hardcoded API key in config.ts Critical

✖ .env contains prod credentials Critical

⚠ curl | bash pattern in setup.sh High

⚠ eval() with untrusted input in api.js High

⚠ Unpinned deps in package.json Medium

✔ .gitignore covers sensitive paths Pass

Runtime Guardrails

Block dangerous commands before they execute

Wrap your AI agent with AI Seat Belt. Every command is checked against your policy in real-time. Destructive operations are blocked instantly, safe commands pass through seamlessly.

Explore guardrails →

cat ~/.ssh/id_rsa Blocked

rm -rf / Blocked

git push --force origin main Blocked

npm test Allowed

git status Allowed

npx tsc --noEmit Allowed

Capabilities

Everything an AI agent shouldn't do, caught.

AI Seat Belt monitors your AI coding sessions in real-time, blocking dangerous operations before they cause damage.

🛡

Secret Detection

Scans for API keys, tokens, private keys, and .env files. Blocks access to sensitive paths at runtime.

⚠

Command Guardrails

Blocks rm -rf, git push --force, and deployment scripts. Confirms irreversible actions.

📦

Supply Chain

Detects curl | bash patterns, missing lockfiles, and unpinned dependencies.

🔍

Output Validation

Catches unsafe patterns where model output flows to eval, exec, or SQL.

🔄

Instant Rollback

Automatic snapshots before every session. One command to restore any state.

📝

Audit Log

JSONL trail of every command, blocked action, and file change. Full visibility.

How It Works

Getting started is easy.

Three commands. Zero configuration. Drop it into any project.

Step 01

seatbelt scan

Scan Your Repo

Finds secrets, unsafe patterns, supply chain risks, and OWASP vulnerabilities in seconds.

Step 02

seatbelt run -- <agent>

Wrap Your Agent

Every command is checked against your policy. Dangerous operations require confirmation.

Step 03

seatbelt rollback

Undo Anything

Restore to any snapshot instantly. Full file contents preserved with integrity checks.

OWASP LLM Top 10 (2025)

Comprehensive coverage.

AI Seat Belt maps to the OWASP Top 10 for LLM Applications, covering the risks that actually hit developers.

✓LLM01 Prompt Injection

✓LLM02 Sensitive Data

✓LLM03 Supply Chain

✓LLM04 Data Poisoning

✓LLM05 Output Handling

✓LLM06 Excessive Agency

✓LLM07 Prompt Leakage

✓LLM08 Vector/Embedding

✓LLM09 Misinformation

✓LLM10 Consumption

FAQ

Frequently asked questions

Can't find your answer here? Open an issue on GitHub.

AI Seat Belt is an open-source CLI tool that protects your codebase when using AI coding agents. It scans for vulnerabilities, blocks dangerous commands at runtime, and provides instant rollback — all locally with zero config.

No. AI Seat Belt runs 100% locally. Your code, secrets, and audit logs never leave your machine. There are no external API calls, telemetry, or cloud dependencies.

AI Seat Belt wraps any CLI-based agent — Claude Code, Cursor, Aider, Copilot, or custom agents. If it runs in a terminal, AI Seat Belt can guard it.

AI Seat Belt maps its checks to the OWASP Top 10 for LLM Applications (2025). Each scanner and guardrail targets specific risk categories like prompt injection, sensitive data exposure, supply chain attacks, and excessive agency.

Yes. Run seatbelt policy init to generate a policy file, then customize blocked commands, allowed paths, and severity thresholds for your project.