Descry-Technologies

Descry-Technologies / Swain

Public

local ai security review. one command before you ship.

www.descry.app
10
0
89% credibility
Found May 30, 2026 at 10 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

Swain is a local AI security review tool that helps solo developers and small teams check their code for vulnerabilities before shipping, using their existing AI subscriptions to find and prioritize security issues with automatic fix suggestions.

How It Works

1
📦 Install Swain in one line

You run a simple installation command that sets up Swain on your computer in seconds.

2
🔗 Connect your AI assistant

You tell Swain about your existing AI subscription so it can think through your code like a security expert.

3
🔍 Run your first security scan

You type one command and Swain reads through your project, looking for the security problems that matter most before launch.

4
📋 See what needs fixing first

Swain shows you a ranked list of issues, starting with the ones that could hurt your users most, with plain-English explanations.

5
🛠️ Get automatic fix suggestions

For many issues, Swain drafts the actual code changes you need, ready for you to review before applying.

🚀 Get your launch verdict

Swain gives you a clear ship/no-ship card so you know exactly when your app is ready to go live.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 10 to 10 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is Swain?

Swain is a local AI security review tool that acts as an automated security lead for your codebase. You run one command, and it analyzes your project for launch-critical vulnerabilities in auth, payments, file uploads, SQL injection, XSS, and tenant isolation. It uses your existing Claude and Codex CLI subscriptions as workers, sending them focused file batches with security playbooks. The tool runs locally, stores project memory in your repo, and gives you a plain-English verdict: READY, BLOCKED, or NEEDS REVIEW. You can run it interactively via a terminal UI, or use commands like `swain scan`, `swain fix`, and `swain status` directly. It also generates shareable launch cards as SVG images for build-in-public updates.

Why is it gaining traction?

The hook is simplicity: one command before you ship, with no SaaS dependency. Unlike traditional security tools that require CI/CD integration or cloud accounts, Swain runs anywhere you have Python and a terminal. The interactive TUI makes it approachable for developers who want guidance rather than wall-of-text output. The feedback loop is clever too -- marking findings as false positives teaches the system, and it builds conventions over time. The launch card feature taps into the build-in-public culture, letting teams share their security posture visually.

Who should use this?

Solo builders and small teams shipping SaaS products who want a human-readable security review without hiring an auditor. It is especially useful for projects using React/Next.js frontends with Python backends (FastAPI, Flask) that handle auth, payments, or file uploads. Developers who already pay for Claude or Codex Pro will get the most value since it leverages existing subscriptions. Teams wanting a lightweight pre-launch checklist without Semgrep configuration or Snyk dashboards will find this fits.

Verdict

Swain is a fresh take on pre-launch security review with a compelling local-first, AI-powered approach. At only 10 stars and 0.8999999761581421% credibility, it is extremely early-stage -- treat it as a promising experiment rather than production-ready tooling. The concept is solid, the TUI is polished, and the feedback-learning system shows thought. But with minimal community validation, limited documentation, and no clear test coverage metrics, you should evaluate it on a throwaway project first before trusting it with anything shipping soon. Watch this space.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.