Community · $0
Release hygiene for AI-assisted code
Deterministic static checks for credential patterns, sample-data imports in production routes, and AI-fiction KPIs. Runs on your machine — nothing uploads unless you opt in.
One command
Starter setup (MCP + CI + config)
npx --yes simplebeacon init --starterZero-install from GitHub — wires config, Cursor MCP, agent rule, and GitHub Action in one step.
npm install -D simplebeaconPrefer zero install? Use npx --yes simplebeacon init --starter above — no package.json edit required.
Creates .simplebeacon/config.json, Cursor MCP (simplebeacon-mcp --offline),
an agent scan rule, and .github/workflows/simplebeacon.yml.
Reload Cursor → Settings → MCP → enable simplebeacon.
While coding
MCP in Cursor (shift-left)
Your agent scans snippets and files before they land in a PR — same rules as CI, local only.
scan_snippet— paste or draft code before savescan_file— path under your repo rootgate_status— last full scan pass/fail + blocking countexplain_finding— why a rule fired and how to fix it
npx simplebeacon-mcp --smoke-testSmoke test prints sample findings and exits — the MCP server otherwise waits on stdio (normal).
MCP setup guide →Before merge
Full-repo gate (authoritative)
MCP catches mistakes early; the CLI gate is what blocks merge in CI.
npx simplebeacon scan --gate --offlinenpx simplebeacon gate status--offline— network blocked; proves nothing left your machine--gate— exit non-zero on blocking issues (sample paths, cred patterns, fiction KPIs)- Report blocking issues — not raw finding counts as a flex metric
CI gate
GitHub Action
init --starter drops the workflow file, or copy examples/github-action/simplebeacon.yml manually.
- Fails PRs on blocking production leaks & credential patterns
- JSON report artifact + optional PR summary
- Start in report-only mode; add
--gatewhen your team is calibrated
Source: github.com/tjp420/simplebeacon · MIT · MCP server has zero extra npm dependencies
Honest metrics
Gate blocking count — not raw findings
Large repos can surface thousands of informational pattern hits. The gate fails on blocking issues only (sample paths in prod routes, credential shapes, fiction KPIs). Tune allowlists in .simplebeacon/config.json.
- Report
gate statusand blocking count — never flex total findings - MCP smoke test shows 2 blocking hits on a known bad import snippet
- See GATE-CALIBRATION.md
Optional paid
Executive PDF (not required to use the CLI)
Run the gate locally, then book a formatted clearance PDF from your JSON report — no zip handoff required for the free tier. Agency milestone certificates from $999+.
Book clearance PDF — $499Browser snippet check on the homepage is a quick demo — MCP + CLI are the product. Cloud Teams ($49/mo) is internal scan history — waitlist.