Overview
Security posture across all products
Security Score
Calculating...
Backup Coverage
Loading repos...
Lockbox
0
No secrets stored
Policy Matrix
Manage policies →| Server | Default | Allowed | Denied | Calls | Blocked |
|---|
Audit Log
Verify chain →AI Tool Exposure Matrix
Full scan →| Tool | Direct Read | Runtime | Search | MCP | Score |
|---|
Cloud Sync Risks
| Repository | Sync Service | Risk | Fix |
|---|
Team Security Posture
Invite member →| Member | Repos Backed Up | MCP Secrets | Sync Risk | Last Scan | Score |
|---|
Audit Chain Integrity
Loading...
Keys Stored
0
No keys imported
Services
0
Protection
7/7
All layers active
Active Grants
0
No active grants
Get Started
1
Import your secrets
Your .env file gets encrypted into a binary lockbox. The original stays untouched.
devsafe lockbox import .env
2
AI writes safe references
The AI sees placeholder names, never real values. It writes code using references.
STRIPE_KEY={{LOCKBOX:...}}
3
Run with secrets injected
Secrets are decrypted and injected into the process. Your app runs normally. The AI never sees the values.
devsafe lockbox run -- npm start
Vault
No secrets yet
Import a .env file or add keys manually from the CLI
devsafe lockbox import .env
Protection Status
7/7 activeBinary format
NUL byte blocks text tools from reading lockbox files
AES-256-GCM encryption at rest
All secrets encrypted before touching disk
.gitignore blocks lockbox files
Lockbox data excluded from version control
.claudeignore blocks lockbox files
Claude cannot read encrypted vault data
.cursorignore blocks lockbox files
Cursor cannot read encrypted vault data
.copilotignore blocks lockbox files
Copilot cannot read encrypted vault data
Process injection
Keys injected at runtime, never visible in chat or editor
Active Grants
No active grants. Grants give AI agents single-use, time-limited access to one secret.
Your apps are protected
Sovereignty score and active threat monitoring
Protected
94
out of 100
Sovereignty Score
Score Breakdown
Data Exits
18/20Policy Compliance
20/20Secret Hygiene
20/20Tool Integrity
16/20Audit Completeness
20/20Threats Blocked
0
Today
Active Issues
0
None detected
Sovereignty
94%
Alerts
4 itemsAPI key exposed in source code
A secret was detected in a committed file. It could be used to access your account or run up charges.
AI tool has access to secrets
Your editor's AI can read files containing passwords. These get sent to the provider's servers.
2 repos have no backup
If your machine dies or cloud sync corrupts git history, these projects are unrecoverable.
AI tool configs are clean
No hardcoded secrets found in MCP server configurations.
Governance
Tools, policies, and audit trail for AI agent operations
MCP Servers
0
No servers discovered
Tool Calls (7d)
0
7-day window
Policy Denials
0
No denials
Audit Chain
0
Not started
Policy Controls
| Server | Default | Allowed | Denied | Calls | Blocked |
|---|---|---|---|---|---|
No MCP servers discovered. Run devsafe mcp-server to connect. | |||||
Audit Trail
No audit entries yet. Tool calls will appear here once servers are connected.
Agent Activity
No agent activity detected. Interception events will appear here.