A terminal-first AI agent that runs locally on your machine. It drives the editor, the shell, the build, and the test loop the same way a human engineer does — but it reasons about security as a first-class concern, not an afterthought. Reachability, policy, SBOM, license posture — all of it is in scope before the agent writes a line.
Operates the developer's actual workflow, not a chat sidebar. Edits files in place, runs the build, watches tests, and fixes the regressions it just caused. The loop is the product — type, run, observe, repair — and the agent stays inside it.
Every code change is evaluated against the project's policy, SBOM, and reachability graph before it gets committed. The agent knows which transitive packages are KEV, which sinks are reachable, and which license shifts your legal team will care about — without being prompted.
Lino runs on-device for inline findings and short reasoning. Network is only used when Griffin cloud-burst is genuinely needed — multi-hop reachability, cross-package exploit hypothesis. The default mode is offline-capable; the cloud is the optional escalation.
Every action is logged with a structured trace: intent → tool call → result → fallback. The session is exportable as a single artifact for code review, regulatory audit, and reproducibility. The trace is not a debug log — it is the work product.
General coding agents are tuned for breadth. Safeguard Code is tuned for the supply-chain-aware engineer.
| Capability | Safeguard Code | Generic AI coding agent |
|---|---|---|
| Knows your SBOM | ||
| Reads your policy gates | ||
| Runs offline by default | ||
| Reasoning model is security-tuned | ||
| Auto-fix uses a cited trace | ||
| Audit log per session |
1. Install the agent binary globally. One command, every platform.
$ npm i -g @safeguard-sh/code
2. Initialise the workspace. Discovers the project, reads the policy, indexes the SBOM.
$ safeguard-code init
3. Launch the agent. It now drives your editor, shell, build, and tests in a single session.
$ safeguard-code
These are the loops where supply-chain context turns a coding agent from a generalist into a specialist.
Point the agent at a service. It enumerates reachable findings, ranks by SLA and CVSS, applies the lowest-risk patches that satisfy your version constraints, and runs the test suite after each. The release branch cuts clean.
Hand it a target package and version, plus a list of repos. The agent fans the upgrade out, runs each service's test suite, captures the diff, and reports the survivors and the casualties — with a per-repo patch ready for review.
Drop in a CVE that just landed. The agent scopes blast radius across reachability and SBOM, drafts the upstream patch against the affected version, and prepares the disclosure thread with the trace attached. Hours, not days.
Hand it a fresh repository. It reads the code, gets the build green, and surfaces the policy gaps in priority order — secrets in history, missing license headers, unsigned dependencies, reachable CVEs. A first-day report your security lead trusts.
Local-first, supply-chain-aware, audit-trace by default. The coding agent that fits the way security engineers already work.