How LaunchGuard works under the hood.
Quick reference for the engine adapters, setup commands, and trust posture. Full developer docs ship with the platform README.
LaunchGuard Solana Engine
Custom static + heuristic scanner. Bundled. Reads the repo in read-only mode and never persists raw secret values.
DeepSec
External AI code-reasoning scanner. Run locally per repo, then import the `./findings` folder.
$ npx deepsec init $ cd .deepsec $ pnpm install $ pnpm deepsec scan $ pnpm deepsec process $ pnpm deepsec revalidate $ pnpm deepsec export --format md-dir --out ./findings
Shannon Active Validation
Authorized live testing only. Configure SHANNON_WORKER_URL or import shannon-results JSON. License review applies before vendoring source.
$ npx @keygraph/shannon setup $ npx @keygraph/shannon start -u <approved-url> -r <repo-path> -o ./shannon-results
Static engines
Standard CLI tools. LaunchGuard parses the JSON output and merges with core findings.
$ semgrep scan --config auto --json $ trufflehog filesystem ./repo --json $ trufflehog git file://./repo --json $ osv-scanner --format json ./repo
Privacy
Read-only by default. No raw secrets stored. No model training on user code. Shannon requires explicit authorization. DeepSec can run locally.
About
LaunchGuard Solana is built by founders who have shipped Solana apps under hackathon and grant pressure. We built the tool we wished existed.
Responsible disclosure
Email security@launchguard.dev (placeholder). 48h acknowledgement, 7 day patch SLA on critical issues.
Contact
team@launchguard.dev (placeholder). For sales / enterprise, mention your stack and target launch date.