Overview

Security posture across all products

Security Score
Calculating...
Backup Coverage
Loading repos...
Lockbox
0
No secrets stored

Repositories

Export CSV →

Backup Timeline

Policy Matrix

Manage policies →
ServerDefaultAllowedDeniedCallsBlocked

Audit Log

Verify chain →

AI Tool Exposure Matrix

Full scan →
ToolDirect ReadRuntimeSearchMCPScore

Cloud Sync Risks

RepositorySync ServiceRiskFix

Team Security Posture

Invite member →
MemberRepos Backed UpMCP SecretsSync RiskLast ScanScore

Audit Chain Integrity

Loading...
Keys Stored
0
No keys imported
Services
0
Protection
7/7
All layers active
Active Grants
0
No active grants

Get Started

1
Import your secrets
Your .env file gets encrypted into a binary lockbox. The original stays untouched.
devsafe lockbox import .env
2
AI writes safe references
The AI sees placeholder names, never real values. It writes code using references.
STRIPE_KEY={{LOCKBOX:...}}
3
Run with secrets injected
Secrets are decrypted and injected into the process. Your app runs normally. The AI never sees the values.
devsafe lockbox run -- npm start

Vault

No secrets yet
Import a .env file or add keys manually from the CLI
devsafe lockbox import .env

Protection Status

7/7 active
Binary format
NUL byte blocks text tools from reading lockbox files
AES-256-GCM encryption at rest
All secrets encrypted before touching disk
.gitignore blocks lockbox files
Lockbox data excluded from version control
.claudeignore blocks lockbox files
Claude cannot read encrypted vault data
.cursorignore blocks lockbox files
Cursor cannot read encrypted vault data
.copilotignore blocks lockbox files
Copilot cannot read encrypted vault data
Process injection
Keys injected at runtime, never visible in chat or editor

Active Grants

No active grants. Grants give AI agents single-use, time-limited access to one secret.

Your apps are protected

Sovereignty score and active threat monitoring

Protected
94 out of 100
Sovereignty Score
Score Breakdown
Data Exits
18/20
Policy Compliance
20/20
Secret Hygiene
20/20
Tool Integrity
16/20
Audit Completeness
20/20
Threats Blocked
0
Today
Active Issues
0
None detected
Sovereignty
94%

Alerts

4 items
API key exposed in source code
A secret was detected in a committed file. It could be used to access your account or run up charges.
AI tool has access to secrets
Your editor's AI can read files containing passwords. These get sent to the provider's servers.
2 repos have no backup
If your machine dies or cloud sync corrupts git history, these projects are unrecoverable.
AI tool configs are clean
No hardcoded secrets found in MCP server configurations.

Governance

Tools, policies, and audit trail for AI agent operations

MCP Servers
0
No servers discovered
Tool Calls (7d)
0
7-day window
Policy Denials
0
No denials
Audit Chain
0
Not started

Policy Controls

Server Default Allowed Denied Calls Blocked
No MCP servers discovered. Run devsafe mcp-server to connect.

Audit Trail

No audit entries yet. Tool calls will appear here once servers are connected.

Agent Activity

No agent activity detected. Interception events will appear here.