Runtime security for every service on BuildWithLocus — protecting you from attacks that exploit the gaps in your own code. Detect them live in the log stream, open AI-authored incident reports, and contain the blast radius automatically, through the deploy API you already use to ship.
Shield watches live log streams, matches against a curated indicator library, and opens incidents only when severity crosses a category threshold.
Automated response is limited to reversible moves. Anything that destroys forensic state requires a human on the button.
Every confirmed incident gets a structured report: classification, timeline, remediation checklist, and a suggested new indicator.
Shield watches live log streams, matches against a curated indicator library, and opens incidents only when severity crosses a category threshold.
Automated response is limited to reversible moves. Anything that destroys forensic state requires a human on the button.
// 1. Scale-to-zero — reversible, instant
await endpoints.scaleToZero(service.id);
// 2. Rollback if a healthy prior deploy exists
const { deployments } = await endpoints
.listDeployments(service.id);
const prior = deployments.find(d => d.status === 'healthy');
if (prior) await endpoints.rollback(prior.id);
// 3. Audit every action — typed + traceable
await audit.write({
incidentId,
actionKind: 'scale_to_zero',
actorKind: 'agent',
});Every confirmed incident gets a structured report: classification, timeline, remediation checklist, and a suggested new indicator.
Shield covers the full lifecycle — from runtime log detection to reversible containment to structured incident analysis — all on BuildWithLocus primitives.
Pattern-matched at log-stream speed. Six attack categories in a curated library. Regex-first; no analyst cost on the hot path.
Scale-to-zero fires automatically. Rollback when a healthy prior deploy exists. Destructive actions wait on human approval.
Analysis runs only on confirmed incidents. Structured output, bounded context. Every report suggests one new indicator to learn.
Bring your claw_ key and Shield picks up every service in your workspace in under sixty seconds. No agent install, no sidecar, no kernel module.
Built on Locus primitives. Shield uses SSE log streams, instant rollback, and scale-to-zero — the same deploy API you can wire up in minutes.