AI ships fast.
Now keep your stack safe and healthy.
LumioGuard is continuous stack-health monitoring for AI-built, vibe-coded apps — it watches your code and live services, catches problems before your users feel them, and readies the fixes.
Everything you need to keep production running at 100%.
Reads your live stack, not just your code
One scan reads your code, then your live stack: Supabase advisors and error logs, Vercel deploy health, Neon consumption, GitHub security alerts. Over 240 checks, each mapped to a failure you'd recognize — outage, breach, surprise bill, broken deploy.
Production degrades, a fix is prepared
When prod starts to drift — errors climbing, latency past budget — you don't get a vague alert. You get the fix: a step-by-step playbook, copy-paste SQL, or a ready-to-merge PR when it's safe to automate.
A pull request you read before anything changes
Low-risk fixes arrive as pull requests on a lumioguard/fix/* branch — never your default branch, never a silent write. Database fixes are reversible SQL you run yourself; riskier changes come as drafts or guides. Every fix carries a breakage analysis. You merge in-app.
Every merged fix is watched in production
The moment a fix lands, a two-hour watch opens on production — first check two minutes in. Every check compares the new deploy against the last one: healthy, failing, or needs attention. One bad reading never fails a deploy — and if the watch ends badly, the finding flips to needs attention instead of counting as fixed.
"Fixed" is a re-scan result, not a claim
Apply a fix and a re-scan confirms the finding is actually gone before it counts — a code-only scan can't "confirm" a database fix. And every finding is fingerprinted: if a resolved issue ever creeps back, it reopens itself.
Hear about it the day it appears
Something new turns up, the alert goes out — email or signed webhook, filtered by the severity threshold you set. Quiet hours hold the noise; a daily digest rolls up the rest. And three shareable reports are one click away.
One stack health score, judged the way production judges you.
Every scan rates six pillars from 0 to 100, and your stack health score is the mean of six. No green-light theater — each number is backed by specific checks and the code or service config that triggered them. And one critical flips the verdict to "Needs attention," no matter how good the average looks.
Security
Is your data and access safe? Catches Supabase Row Level Security (RLS) turned off, RLS on with no policies, service-role keys shipped to the client, and long-lived auth OTPs — before real users hit them.
Performance
Will it scale under load? Flags missing foreign-key indexes, large sequential scans on growing tables, and a disabled connection pooler — the query shapes that get slower with every tenant you add.
Cost
Is spend under control? Surfaces no spend cap set, scale-to-zero left disabled, and consumption patterns that turn a busy day into a surprise invoice — named before the statement lands.
Deployment
Pipeline and release safety. Checks for unprotected preview deploys, fork builds running with secrets, and an end-of-life Node runtime — the release gaps that ship straight to production.
Reliability
Errors, logging, and recovery. Watches for production errors or stale deploys, a firewall left disabled or log-only, and missing statement timeouts that let one slow query stall the rest.
Engineering
Tests and code quality. Reads GitHub secret-scanning, Dependabot, and code-scanning alerts plus branch-protection posture — so the safeguards you think are on are actually on.
From hoping it's fine to seeing that it is.
Before LumioGuard
After LumioGuard
From connected to healthy, and kept there.
Connect read-only, run a scan in an isolated sandbox, read findings backed by your own code and services, and merge the fixes you approve — then it keeps watching. Four steps, no agent loose in your repo.
Plugs into the stack you already built on.
Four connectors are live today, all read-only. GitHub gives the repo plus secret-scanning, Dependabot, and code-scanning alerts; Supabase, Neon, and Vercel read schema, config, and stats — never your rows. Connect what you use; LumioGuard only ever reads what each scope allows.
Built from the ground up for security & privacy.
Tenant isolation, encrypted secrets, a tamper-evident audit trail, and throwaway sandboxes aren't add-ons — they're the floor everything else stands on.
Simple pricing, free while we build.
Start free, scale when you're ready. Every plan is read-only and every fix is yours to review. No card, no contract, no setup fees — nothing to uninstall but a connection. Built for indie hackers, solo founders, and non-technical builders shipping with Cursor, Claude Code, Lovable, and Bolt.
For your first project and a look around.
- 1 project
- Weekly GitHub-only scan
- Basic stack health report
- Evidence-cited findings
For solopreneurs and freelancers shipping for real.
- 3 projects
- Weekly scans + Supabase
- 3 fix PRs / month
- Reports + advisor checks
For small teams launching on a schedule.
- 10 projects
- Daily scans
- 20 fix PRs / month
- CI/CD checks + alerts
For agencies shipping client apps at scale.
- 50 projects
- Team workspaces
- White-label reports
- Audience-aware client reports
Enterprise. Need SSO, custom rules, audit-log export, or a private deployment? Enterprise is custom-priced and shaped around how your team ships.
Talk to usA security scanner checks once. Neither one watches your whole stack.
A security scanner reads your code once. A dashboard advisor reads your database. Neither scores your whole stack's health, keeps watching after launch, or fixes what it finds.
| LumioGuard | Security scanners & dashboard advisors | Doing it manually | |
|---|---|---|---|
| Checks tenant isolation (RLS) is real | proven | code only | if you remember |
| Catches secrets leaked to the client | flagged | partial | rarely |
| Reads your code in context, not just patterns | AI agent | regex / rules only | n/a |
| Ships a breakage analysis with each fix | with every fix | no | you guess |
| Opens reviewable fix PRs | safe-pr | no | by hand |
| One stack health score across the stack | 0–100 | no | no |
| Runs in an isolated, no-retention sandbox | ephemeral | n/a | n/a |
The questions a careful builder asks.
Straight answers on access, retention, breakage, and what actually gets checked.
01 Will this touch my production database?
No writes, ever, without your approval. Service connections use read-only scopes, and the optional deep scan only reads system catalogs and pg_stat — never your customers' rows. Fixes come back as pull requests you review and merge yourself.
02 Do you keep my code?
No. Each scan runs in a fresh, single-tenant sandbox that reaches the outside world through one controlled path only — the path that carries the reads the scan needs and the findings it sends back. It runs the checks, then the sandbox is thrown away. Nothing about your repo is retained between scans.
03 What if a fix breaks my app?
Every fix comes with a breakage analysis, and fixes are classified by risk: safe ones become reviewable PRs on a lumioguard/fix/* branch, riskier ones come as a draft or a step-by-step guide. You approve and merge in-app, never on your default branch, and a re-scan confirms the issue is actually gone before it counts as fixed.
04 How long does setup take?
A couple of minutes. Install the read-only GitHub App and connect Supabase, Neon, or Vercel with OAuth — then run your first scan when you're ready. Connecting alone never kicks one off, and you don't have to wire up CI or change how you deploy.
05 What does it actually check?
8 rule packs and over 240 checks across six pillars — security, performance, cost, deployment, reliability, and engineering. That includes RLS gaps, service-role keys in client bundles, missing FK indexes, no spend cap, unprotected preview deploys, and GitHub secret-scanning alerts — each with the evidence attached. The checks are run by a Claude Code agent that reads your code in context, not a fixed set of regexes.
06 Is my AI-built app actually secure?
If nobody has checked, it's safest to assume not yet. Vibe-coded apps ship with predictable gaps — Row Level Security left off, service-role keys in the client bundle, no spend cap — because AI tools optimize for working, not hardened. LumioGuard scans your repo and live services across six pillars and shows you exactly where you stand, with the evidence attached.
07 Is my data secure?
Connector tokens are AES-256-GCM envelope-encrypted, every workspace is isolated at the database with fail-closed row-level security, and every action is written to a tamper-evident audit log. You can revoke any connection at any time.
08 Can I start for free?
Yes. LumioGuard is free during private beta, and the Free plan stays free for one project after that — a weekly GitHub-only scan with a basic report. No card to begin.
09 Does it work with Cursor and Claude Code?
Yes — and code from Lovable, Bolt, Replit, and v0 too. LumioGuard scans the code those tools produce, whatever you built with. CI/CD checks are already live — the posture and checks page is in the app, with PR pass/fail verdicts rolling out. A published MCP server that plugs directly into Cursor and Claude Code, Slack alerts, and in-app Copilot Q&A are still on the way.
10 Is this just for launch day?
No. The launch-readiness report covers your pre-launch checklist — the go/no-go that says the app is production-ready — but your stack keeps moving as you ship, so LumioGuard keeps watching: re-scan on a schedule, alerts the day a new critical appears, and a health trend on the timeline.
11 Will this replace my engineers?
No. LumioGuard is a second pair of eyes that never sleeps — it catches the stack-health gaps a busy team misses, then hands you the fix. Every change is a pull request a human reviews and merges; it never writes to your code on its own.
12 What if my stack isn't on the connector list?
The code-only scan works on any GitHub repository, whatever you built it with — so you get findings and fixes from day one. The deeper service checks cover Supabase, Neon, and Vercel today, with more connectors on the way. Connect only what you use; everything else still gets the code scan.
13 What happens when the beta ends?
You won't be charged during the beta. Before any pricing starts, we'll give you notice — no surprise bills. And the Free tier stays free for one project.
See what state your stack is really in.
Connect a project in a couple of minutes, read-only, and get your first stack health score with the evidence attached — and it keeps watching after. Free while we're in private beta.