01
Reality Mode
Exercise real flows—not fixtures. Catch "green CI, broken humans" before release.
01
02
03
04
Classes of failure
40+
mock data, dead routes, auth gaps, secret leaks
Minutes to first scan
< 3
CLI init → ship check in your repo
Where it runs
CI · IDE · MCP
same rules from terminal to merge queue
Three steps.Then you ship with receipts.
Minutes to setup, not hours.
- 01
Install
npx @guardrail/cli init
- 02
Scan
guardrail ship
- 03
Autopilot
Set and forget
Product surface
Findings that match reality—not mocks.
Severity, paths, and policy status in one place—so AI-generated optimism doesn't outrun what production actually does.
Severity
See critical issues before they hit production.
Capabilities
One pipeline. Many places it actually runs.
02
MCP + IDE
Guardrails inside Cursor, VS Code, and any MCP client.
03
Policy gates
Block merges on severity, tier, or org rules—automatically.
04
40+ failure classes
Mock data, dead routes, auth gaps, secret leaks—modeled for AI-built apps.
05
CI · IDE · MCP
Same rules from terminal to merge queue—no drift between environments.
06
guardrail ship
One command tells you if your app works—or only looks like it does.
07
Audit-ready exports
PDFs and evidence trails your security team can file without rework.
The usual failure mode
Green checks. Red reality.
We model the hand-off from AI-generated optimism to what production actually does—so you fix it while it is still cheap.
01
AI drafts the feature
Fast iterations, optimistic UI, synthetic data that "looks fine."
02
CI goes green
Unit mocks pass; integration is shallow; security lags behind vibe.
03
guardrail says no
Reality gates, secret detection, and policy blocks on what matters.
Teams
Built for everyone who signs the release.
01
Engineers: catch dead routes, mock data, and auth gaps before the merge queue—without another dashboard to babysit.
02
Security: exports and evidence that map to how the app actually behaves, not how the README claims it behaves.
03
Leads: one verdict on readiness—block deploys on severity, tier, or policy; same rules in CI and IDE.
Reality check
Go beyond static scans—exercise real user flows.
guardrail models the hand-off from AI-generated optimism to what production actually does. Reality Mode and ship checks catch fake features, shallow integration, and security drift while fixes are still cheap—then wire the same rules through CI, the IDE, and MCP so judgment doesn't vary by surface.
guardrail shipReality runsSecret & policy gatesSARIF & webhooks
v1.0.0secure
Real-time security scanning in your terminal
Reality check
Go beyond static scans—exercise real user flows before you tag a release.
Pricing
Straight numbers.No spreadsheet archaeology.
Same tiers as in-app. Upgrade when findings stop being hypothetical.
Free
Severity counts & scans — findings blurred
1 project
$0forever
- guardrail scan — static analysis
- Severity breakdown (critical / high / medium / low)
- Findings blurred — upgrade for paths & snippets
- 10 scans/month
- CLI & extension access
Starter
Full findings — no auto-fix
3 projects
$9.99/month
$96.00 billed yearly · save ~20%
- Everything in Free (unblurred)
- Full issue detail: paths, rules, snippets
- guardrail ship, reality, gate
- 100 scans/mo, 20 Reality runs/mo
Most teams start here
Pro
Auto-fix & automation
10 projects
$29.99/month
$288.00 billed yearly · save ~20%
- Everything in Starter
- guardrail fix — auto-fix
- AI Agent, autopilot, MCP
- 500 scans, 100 Reality, 50 AI runs/mo
- SARIF, API, webhooks
Compliance
Frameworks & audit-ready
25 projects
$59.99/month
$576.00 billed yearly · save ~20%
- Everything in Pro
- SOC2, HIPAA, GDPR, PCI, NIST, ISO 27001
- PDF reports, deploy hooks
- Higher scan & Reality quotas
- 10 team seats included
Cancel anytime. Questions? Talk to us.
Questions?Answers.
Can't find what you need? Reach out to our team.
What is guardrail?
A tool that verifies your AI-built app actually works before you ship it.
How does it work?
Run one command. guardrail tests your app, finds issues, and tells you exactly what to fix.
Is my code secure?
Your code never leaves your machine. Everything runs locally.
Which IDEs work?
Cursor, VS Code, Claude Desktop, Windsurf, and any MCP-compatible editor.
How long to setup?
About two minutes. Run the init command and you're ready.
Multiple projects?
Yes. guardrail learns patterns across your repos.
InstallMinutes to first scan
CLI
Run npx @guardrail/cli init and get to a first ship check in under three minutes—local execution, no upload required.
ScanStatic + reality
guardrail ship
One command surfaces broken auth, dead routes, mock data, and leaked secrets before users do—so "green CI" isn't lying to you.
IntegrationsWhere you work
IDE · CI · MCP
Same rules in Cursor, VS Code, Claude Desktop, GitHub Actions, and any MCP client—no duplicate policy spreadsheets.
TrustLocal-first
Your machine
Your code stays local. Run scans and Reality checks without handing the repo to a black box you don't control.
Get started
Proof beats polish. Ship with guardrail.
Start free, wire CI, and let Reality Mode argue with your next deploy. Catch fake features and exposed secrets before your users do—same tiers in-app, upgrade when findings stop being hypothetical.