Skip to content

linoxbt/RLS-Shield

BranchesTags

Repository files navigation

RLS Shield

RLS Shield is a dependency-free DeFi security triage agent for the Swarms Marketplace. It converts scanner findings, Supabase RLS warnings, webhook risks, and database linter output into a prioritized remediation plan with owners, patch checklists, and verification steps.

The agent is designed for builders who need a practical release-readiness review before launching paid DeFi products, tokenized agents, or marketplace workflows.

What It Does

  • Ranks security findings by severity.
  • Maps known DeFi/Supabase risks to concrete remediation playbooks.
  • Produces patch checklists for engineers.
  • Produces verification checks for QA, CI, or release review.
  • Runs without external AI APIs, model keys, databases, or paid services.
  • Works as direct Python code, a local CLI-style script, or a small HTTP service.
  • Ships with a Vercel-ready web UI and serverless API routes.

Current Playbooks

  • Circle webhook signature fail-closed behavior.
  • Paid content exposure through free or zero-price RLS bypasses.
  • Explicit user_roles write policies as defense in depth.
  • Anonymous execution of SECURITY DEFINER functions.
  • Authenticated execution of privileged SECURITY DEFINER functions.

Repository Layout

.
├── rls_shield_agent.py      # Paste-ready Swarms Marketplace agent code
├── server.py                # Dependency-free HTTP server wrapper
├── index.html               # Vercel-ready web UI
├── app.js                   # Browser-side UI behavior
├── styles.css               # Professional dashboard styling
├── api/                     # Vercel serverless API routes
├── REGISTER.md             # Exact Swarms registration fields
├── src/                    # Node CLI version used during local development
├── test/                   # Node tests
└── test_python_agent.py    # Python smoke test for pytest-compatible runners

Requirements

  • Python 3.10 or newer.
  • No Python package dependencies.
  • Optional: Node.js 18 or newer if you want to run the development CLI/tests in src/.

Run Locally

Run the paste-ready Python agent:

python3 rls_shield_agent.py

Use it from Python:

from rls_shield_agent import triage_security_findings

scanner_output = """
Circle Webhook Accepts Unauthenticated Requests When Secret Is Unset.
The earnings_calls_select_full_content policy allows rows where price_usdc <= 0.
"""

report = triage_security_findings(scanner_output)
print(report["summary"])

Run the HTTP service:

python3 server.py

Default service URL:

http://0.0.0.0:8091

Health check:

curl http://127.0.0.1:8091/health

Demo report:

curl http://127.0.0.1:8091/demo

Analyze findings:

curl -X POST http://127.0.0.1:8091/triage \
  -H "Content-Type: application/json" \
  -d '{"scanner_output":"Public Can Execute SECURITY DEFINER Function without signing in."}'

Change host/port:

RLS_SHIELD_HOST=0.0.0.0 RLS_SHIELD_PORT=8091 python3 server.py

Live VPS Deployment

Current live endpoints:

Health: http://144.91.76.243:8091/health
Demo:   http://144.91.76.243:8091/demo
Triage: http://144.91.76.243:8091/triage

Run As A Systemd Service

Install the service unit:

sudo install -m 644 deploy/rls-shield.service /etc/systemd/system/rls-shield.service
sudo systemctl daemon-reload
sudo systemctl enable --now rls-shield.service

Check status and logs:

systemctl status rls-shield.service
journalctl -u rls-shield.service -n 100 --no-pager

Swarms Marketplace

Use rls_shield_agent.py as the direct agent code in the Swarms launch form.

  • Product type: Agent
  • Language: Python
  • Package requirements: none
  • Monetization: Tokenization
  • Ticker: RLSX
  • Frenzy Mode: enabled

See REGISTER.md for the full registration copy.

Why It Does Not Require An API Key

RLS Shield is deterministic security triage code. It does not call Swarms API, OpenAI, Anthropic, Supabase, Circle, or any external service at runtime.

The Swarms API key shown in Swarms documentation is for developers who want to run Swarms Cloud API calls. The marketplace registration flow for this submission uses the Swarms web launch form and your connected wallet for tokenization.

Development Checks

Python execution smoke test:

python3 rls_shield_agent.py

Optional Node development tests:

npm test

Deploy On Vercel

RLS Shield can be deployed directly from the GitHub repository.

  1. Import https://github.com/linoxbt/RLS-Shield into Vercel.
  2. Keep the framework preset as Other.
  3. Leave build command empty.
  4. Leave output directory empty.
  5. Deploy.

The Vercel app serves:

/              Web UI
/api/health    Serverless health check
/api/demo      Serverless sample report
/api/triage    Serverless POST endpoint

No environment variables are required.

Example API request:

curl -X POST https://YOUR-VERCEL-DOMAIN.vercel.app/api/triage \
  -H "Content-Type: application/json" \
  -d '{"scanner_output":"Public Can Execute SECURITY DEFINER Function without signing in."}'

Security Notes

  • Do not commit wallet private keys, seed phrases, API keys, or .env files.
  • Tokenization requires wallet approval in the Swarms web UI.
  • This agent gives remediation guidance; final production changes should still be reviewed and tested by the project team.

License

MIT

About

RLS Shield turns DeFi scanner findings into prioritized remediation plans, Supabase RLS fixes, webhook hardening steps, and verification checks. It helps teams convert noisy security warnings into concrete patch checklists before launch.

rls-shield.vercel.app

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages