Small, sharp tools for developers shipping production backends with Claude Code, Cursor, and agentic AI. No accounts, no uploads — everything runs on your device.
Paste a Dockerfile, docker-compose file, or .env and get an instant 0–100 readiness score: hardcoded secrets, root user, unpinned images, missing healthchecks, dev mode, restart policy, and resource limits — each with the one-line fix.
Check your deploy →Turn your revenue into the real number — what every minute, hour, and incident of downtime costs, plus what each uptime SLA lets you lose.
Price your downtime →See how much downtime 99.9%, 99.99%, or any target actually allows per day, week, month, and year — with a live error-budget tracker.
Do the SLA math →Paste an agent's IAM policy, tool list, or config → see exactly what it can delete, exfiltrate, spend, or execute, scored as a blast-radius gauge.
Map the blast radius →Paste a deploy or runtime error — EADDRINUSE, CrashLoopBackOff, 502, OOMKilled, SIGTERM — and get what it means, why it happens, and exactly how to fix it.
Decode the error →Paste code or a .env and instantly find exposed secrets — AWS, Stripe, GitHub, private keys, DB passwords, JWTs. Nothing is uploaded; results are masked.
Scan for secrets →Paste a cron schedule and get it in plain English, field by field, plus the next run times. Supports ranges, lists, and steps.
Decode the cron →Decode a JWT's header and claims and flag security risks — alg:none, missing or long expiry, weak algorithms. Your token never leaves the browser.
Inspect a JWT →Every one of these checks is something Infraveil enforces continuously. Infraveil is a control plane you run on your own servers: it gates every production-changing action — deploys, migrations, restarts, AI-agent actions — behind your approval, with least-privilege access and a tamper-evident audit trail.
See the live demo →