For Lovable developers

AppSec inside your Lovable prompt.

RASS plugs into your Lovable project as a custom MCP server. Trigger scans, pull findings, and get Hermes-drafted fixes streamed back into the chat — no context switching.

Prompt-driven scans

"Scan the checkout API and give me the top findings" — that's the whole workflow.

Hermes replies in chat

Structured findings with severity, evidence, and copy-ready remediation streamed back into your prompt.

Auto-detects packs

Scans identify the right OWASP, API, Supabase RLS, Stripe, and React packs for your target.

OAuth 2.1 + PKCE

Short-lived, project-scoped tokens. Every tool call is audit-logged. Secrets never touch localStorage.

One source of truth

Findings raised via MCP show up in the console, in reports, and in your GitLab MR comments.

Secure by default

Build faster with an AppSec assistant that treats security as part of the loop, not a post-launch surprise.

The Lovable workflow

Security scanning, right inside your editor.

Connect the MCP server

Add the RASS MCP endpoint to your Lovable project. OAuth 2.1 + PKCE, project-scoped tokens.

Prompt Hermes

"Run an OWASP + Supabase RLS scan on staging and summarize the top 5 issues."

Findings stream back

Severity, evidence, and remediation appear directly in the chat, grounded in real scan data.

Apply fixes

Copy-ready code blocks and configuration snippets — reviewable, editable, and secure by default.

Ready to build secure by default?

Wire RASS into your Lovable project and let Hermes handle the AppSec loop.