Skip to main content
AIDiveForge AIDiveForge
Visit PreFlight

Get This Tool

License: License: unverified
Local-run terms: Local CLI installation and scanning available via npm; Pro key unlocks additional fixes.

Share This Tool

Compare This Tool
📋 Embed this tool on your site

Copy this code to embed a compact tool card:

PreFlight

FreemiumOpen SourceSelf-Hosted

Summary

AI coding tools write fast and skip the boring parts — like checking whether your new auth endpoint leaks session tokens or your SQL query bypasses row-level security. PreFlight is the local scanner that catches those gaps before they reach a commit.

PreFlight installs via npm and runs as a pre-commit gate, scanning AI-generated code for security vulnerabilities in auth flows, database logic, and SQL patterns — then offering deterministic or AI-assisted patches inline. It integrates with VS Code, Cursor, and MCP clients, so the scan happens in the environment where the AI code was written. The free tier caps patches at ten, which is sufficient for evaluation but stops short of daily use on an active codebase. Teams that exceed that ceiling without a pro key lose the fix-application step and are left with scan output only. The repo is open-source and self-hosted, so the scan never phones home.

Bottom line: Pick PreFlight if you want a local, no-cloud security gate between Copilot and your main branch — but plan for the patch cap to force a licensing decision the moment a junior dev using AI tooling ships more than ten fixable issues in a sprint.

Pricing Plans

SubscriptionLast verified 2 weeks ago
Price
$19/mo
Free Tier
Unlimited scans, 10 free patches (local + deep-reasoning AI)

Free Tier: PreFlight Guardian

Free

Unlimited local scanning plus 10 free patch applications across local deterministic fixes and proxy-backed AI fixes. Zero config for scanning. A Pro key is only required after the 10 free patches are used.

  • Unlimited local scanning
  • 10 free patch applications
  • Local deterministic fixes
  • Proxy-backed AI fixes
  • Zero config setup

Teams

$49per month

Per-seat pricing for team rollout with shared onboarding and unlimited scans and fixes.

  • Team rollout
  • Shared onboarding
  • Unlimited scans
  • Unlimited fixes
  • Per-seat pricing

View full pricing on github.com →

Pricing may have changed since last verified. Check the official site for current plans.

Community Performance Report Card

No community ratings yet. Be the first to rate this tool!

Best For: Developers using AI coding tools, Teams enforcing local security gates, Projects requiring RLS and SQL safety checks, Local-first workflows without cloud dependency for scanning

Community Benchmarks Community

No community benchmarks yet. Be the first to share a real-world data point.

  • Runs entirely locally with no cloud dependency for scanning, so code never leaves the machine during the security check — which matters for teams under data-residency or compliance constraints.
  • Pre-commit integration means vulnerabilities surface before they enter the repository rather than at PR review, so the team avoids the back-and-forth of post-commit security findings.
  • RLS and SQL safety checks are explicitly scoped, so the specific class of vulnerability that AI tools most often miss in database logic gets dedicated coverage rather than a generic lint pass.
  • MCP client support lets other tools and editor workflows invoke the scanner directly, so the security gate can be embedded in automated flows without requiring a separate manual step.
  • Open-source codebase allows teams to audit the scan rules themselves, so trust in the tool does not depend solely on vendor claims about what it detects.
  • The free tier caps patch application at ten — once that limit is hit, the tool continues to surface findings but stops applying fixes. A team using AI coding tools daily will exhaust this on a single feature branch, forcing a licensing decision before they have enough production signal to evaluate the tool's accuracy.
  • The scanner is scoped to auth, database, and SQL vulnerability classes. Teams that need coverage across a broader attack surface — dependency vulnerabilities, secret detection, SSRF, or injection beyond SQL — will need a separate tool running in parallel, which means maintaining two scan configurations and reconciling their output.
  • The project shows a single star and no forks on GitHub at the time of curation, with an open issue logged. Teams evaluating this against established SAST tools with large community rule sets and documented false-positive rates will find precious little external evidence of production use — which is the condition under which a security-conscious team switches to a competitor with a longer track record.

Community Reviews

No reviews yet. Be the first to share your experience.

About

Platforms
CLI, npm, VS Code, Cursor
API Available
No
Self-Hosted
Yes
Last Updated
2026-06-23T16:18:22.539Z

Best For

Who it's for

  • Developers using AI coding tools
  • Teams enforcing local security gates
  • Projects requiring RLS and SQL safety checks
  • Local-first workflows without cloud dependency for scanning

What it does well

  • Pre-commit scanning of AI-generated code
  • Detecting security vulnerabilities in auth and database logic
  • Applying deterministic or AI-assisted patches
  • Integrating with VS Code, Cursor, and MCP clients

Integrations

VS CodeCursorMCP clients

Discussion Community

No discussion yet. Sign in to start the conversation.

Spotted incorrect or missing data? Join our community of contributors.

Sign Up to Contribute

Community Notes & Tips Community

Be the first to contribute. General notes, observations, gotchas, and tips from people who use this tool day-to-day.

Frequently Asked Questions

Is PreFlight free?
PreFlight has a permanent free tier alongside paid upgrades (paid plans from $19/mo). You can keep using a baseline version indefinitely without paying.
Is PreFlight open source?
Yes. PreFlight is open source.
Can I self-host PreFlight?
Yes. PreFlight supports self-hosting on your own infrastructure.
What platforms does PreFlight support?
PreFlight is available on: CLI, npm, VS Code, Cursor.

Hours Saved & ROI Stories Community

Be the first to contribute. Concrete time/cost savings, with context. e.g. "Cut my code review backlog from 4h to 45m per week."

PreFlight

PreFlight sits between your AI coding assistant and your version control system. The core workflow is a pre-commit scan: the tool inspects staged code for vulnerabilities in authentication logic, database queries, and SQL safety patterns — including row-level security (RLS) checks — then surfaces findings with an option to apply a deterministic or AI-assisted patch before the commit lands. Installation is via npm; the GitHub repo confirms local execution with no cloud dependency for the scanning step itself.

The differentiating feature is the MCP client integration. Beyond VS Code and Cursor extensions, PreFlight exposes an MCP interface, which means it can be invoked as an external tool from any MCP-compatible client. That positions it as a security checkpoint that other agents or editor workflows can call directly, rather than something a developer has to remember to run manually.

PreFlight fits tightest in teams that have adopted AI coding tools broadly and need a local enforcement layer before code reaches CI. It does not replace a full SAST pipeline or a cloud-based security scanner — it is scoped to the classes of vulnerability that AI code generators frequently introduce. The free tier enforces a hard patch limit, documented in the repo as ten patches before a PREFLIGHT_PRO_KEY is required for unlimited use. Teams running high-volume AI-assisted development will hit this ceiling inside a single sprint.