Login and accounts
Sign in surfaces and who can see what. Hard stop only if private data looks wide open.
Seatbelt
Engineer rails so you ship fast and safely. So you don't feel scared of stopping or sharing what the agent built. Seatbelt runs a Ship Read in about a minute. Fix lands in your agent. Flagged pushes park on a PR, not your live site.
Check. Fix. Again. Cleared to share. Commit with proof. About a minute.
Agent changed the build. Seatbelt is ready to check.
Check, fix, again, cleared. Six surfaces every pass. Step through. Play is optional.
Seatbelt is a Ship Read for AI built apps with real risk. It is not a static site checker or a pentest.
Your app has login, takes money, holds customer data, or leaves risky admin shortcuts. You want eyes open before real users show up.
You only shipped plain HTML or a static site. You're probably fine. Run Seatbelt when the product does real things.
Why CEOs care: An independent check you can share so engineering knows you didn't skip a look. Secondary to shipping fast.
Stay in the loop. Hand Seatbelt the build, get a Ship Read, Fix back in the same agent. Run it again each time you're about to ship.
Project folder or ZIP export. Not the agent's "we're done" story. Preview URL and git come next.
About a minute on the scary surface areas. Plain English. Share link after every check.
One tap sends the fix to Cursor, Claude, or whatever you use. Then run again until you hear cleared to share.
Say commit this safely or push my changes. Cleared commits carry the Ship Read link. Flagged pushes smart route to a PR so nothing scary lands on main.
Four commands. Check, fix, again, report. The agent offers a buckle after risky edits. You hear a one line verdict, up to three flags, then the next move. Fix ends with again until you are cleared to share. Pushing to a live site counts as shipping: say commit this safely or push my changes. Cleared commits carry the Ship Read link, flagged pushes get parked on a PR instead of main.
Loop
/seatbelt
seatbelt
Run a Ship Read on the project you just built. One line verdict, up to three flags, one next move.
MCP · seatbelt_scan · Alias: /seatbelt check · am I clear to share?
Not silent on every message. You ask when you are about to ship, or the agent nudges after risky edits.
Paste this into agent rules on ChatGPT.com or other hosts without MCP. On Cursor or Claude, prefer MCP when it is live. This is the fallback.
Before you claim the app is done or ready to ship: 1. If Seatbelt MCP is configured: call seatbelt_scan on the project folder or ZIP export. 2. If MCP is not available: ask me for the export and run https://withseatbelt.com once. Do not treat your own summary as the report. 3. Reply with one line verdict, up to three flags, one next move. 4. For each flag with a fix prompt, apply it in this chat, then run again until I am cleared to share, or accept the risk. 5. When I ask you to commit or push and that deploys the site: check first. Cleared: commit with the Ship Read link in the message. Hard gates: branch and PR instead of main, fix, run again, then merge. Never commit an exposed key anywhere.
Scary surfaces on AI built apps, read as one system. Seatbelt skims structure clues on the folder or ZIP you share, then sends Fix into your agent.
Login and accounts
Sign in surfaces and who can see what. Hard stop only if private data looks wide open.
Payments and money
Checkout, Stripe shaped pieces, webhooks. Soft fix so you verify before real charges.
Secrets and keys
API keys and env looking names in the build. Public leaks get a hard gate.
Customer data
Orders, profiles, emails, uploads. Soft note so you know the app holds people.
Databases
ORM config, raw SQL concat, DB URLs in client, SQLite in public, open DB admin UIs. Structure clues only, not live probing.
Risky shortcuts
Open admin, debug leftovers, delete everything routes. Hard stop when destructive.
Honest scope: Structure and clues on the folder or ZIP you share. Not a pentest. Not hacking production. Built for apps with login, money, or customer data, not plain HTML or static marketing sites.
Every Ship Read ends in a report: what got flagged, what your agent fixed, and the pass that cleared it
You earn Verified by Seatbelt only after a real scan on an app with substance. Plain marketing pages that find almost nothing do not get a badge. It links to your report, not a sticker.
Seatbelt does not hack your database or pretend to be a pentest. It reads the build you share, the way a careful friend would skim it.
A sixty second map so you keep shipping, not a vuln scoreboard or another CodeRabbit.
Start with Get started: install from the monorepo, run /seatbelt init for an optional .seatbelt/ latch, then /seatbelt for a Ship Read. Early access also has a browser path. Prefer MCP in Cursor for the daily loop. No MCP? One web scan, then paste fixes back. Optional fallback rule: Include Seatbelt.
The scary surface areas on AI built apps: accounts, money, secrets, customer data, databases, and risky shortcuts. You hand it a project folder or ZIP. It skims that build. It does not hack production or read customer private data. See What the buckle watches.
ChatGPT (and your coding agent) will summarize what they think they built. Seatbelt reads the real project folder or ZIP you share, then gives you a shareable report and a Fix in agent path. Independent of the agent's "we're done" story. Stay in the loop and run it again before each ship.
Probably not yet. If it only markets and does not hold real risk, you're usually fine. Seatbelt shines when the app does real things. If a scan finds almost nothing, we say so honestly. Run again when the product logs people in, takes money, or stores customer data.
About a minute, then back to shipping. There is no review queue. Scans are ephemeral; we don't keep your source. Free during early access.
Free while we build. Hand Seatbelt a folder or ZIP. About a minute of clarity in the build loop. Then keep shipping.