Your AI now audits

SQL Injection

Auditor is a CLI + MCP workflow for AI-assisted security reviews. The CLI detects your stack, writes auditor.json, and the MCP server uses that context to fetch the most relevant security rules for the project.

Auditor detects your language, frameworks, and deployment context, computes a stack fingerprint, and creates auditor.json. If you are signed in, it can also sync hashed project metadata and stack info to the Auditor backend.

Not for local setup. You can run init, update, status, and doctor without an account. But fetching rules through the MCP server and syncing projects to the backend requires authentication via auditor login.

The built-in installer supports Claude, Cursor, and Windsurf. Auditor runs as a stdio MCP server, so other MCP-compatible clients can be wired manually if needed.

Auditor detects Node.js, Python, Go, and Java projects. It also tags common frameworks and tools such as Express, Next.js, Nest, Fastify, Prisma, Sequelize, TypeORM, Mongoose, React, GraphQL, JWT, FastAPI, Django, Flask, SQLAlchemy, Pydantic, plus Docker and Kubernetes context when present.

No source code is uploaded for stack detection. Auditor reads manifest files locally to infer the stack. When you sign in, it can send project metadata such as project name, path hash, language, frameworks, context, fingerprint, and rules queries based on tags.

init creates auditor.json for the first time. update refreshes it only when the stack fingerprint changes. audit runs update and then prints the prompt to use Auditor in your AI client. doctor checks your environment, backend connectivity, and authenticated rules access.

Run auditor update. Auditor recalculates the fingerprint from your manifest files and rewrites auditor.json only when the detected stack actually changed.