Securie for Claude Code — security-aware agent loop

roadmap

Claude Code integrates with Securie via the Model Context Protocol (MCP). Before the agent submits a PR, it runs a Securie scan, reviews the findings, and proposes fixes — closing the loop between code generation and security review. The agent writes the code, the agent verifies its own code against Securie, the agent ships the fix before the PR is opened.

What it does

Closes the loop between Claude Code's code generation and security review. When Claude Code is about to open a PR, it calls `securie.scan` on the diff, receives structured findings, calls `securie.suggest_fix` for each, integrates the fix into the diff, and opens the PR with security checks already resolved. No human-in-the-middle for the obvious vulnerability classes (Supabase RLS, leaked secrets, broken access control).

When to use it

Best fit: Claude Code users who want security baked into the agent's default workflow. Especially valuable for teams where Claude Code is the primary code generator and you want to shift security-review work left without adding manual review steps.

Limitations

Roadmap. Requires Claude Code installed and an MCP-compatible version. Per-user token limits during early access. Some finding classes (sandbox exploit verification) take longer than agent tool-call budgets — those get flagged for human review rather than auto-fixed.

Install

  1. Add the Securie MCP server to .claude/mcp.json (or ~/.claude/mcp.json for user-level)
  2. Claude Code picks up the tools on next start: securie.scan, securie.verify, securie.suggest_fix
  3. Your project-level CLAUDE.md can reference the tools — e.g., 'Before opening any PR, run securie.scan and fix findings'
  4. Agent now includes security review in its workflow automatically