Reviewed isn't
fixed.

Hyrax writes the fix and ships the PR.

billing-api · PR #847 · Hyrax

CRITICAL · SQL injection · src/api/search.ts:38

- WHERE name = '" + input + "'

+ WHERE name = $1 // parameterized

✓ 13/13 checks passed · ready to merge

Hyrax

Find. Fix. Ship. Close.

hyrax.dev

A — Claude structure: provocation + real code

// susvibes · 200 real vulnerabilities

TESTS PASS.
CODE BREAKS.

AI agents, run on 200 real open-source vulnerabilities.

Code that worked60%

Code that was secure19%

The SusVibes breakdown

what passed, what didn't, and why

Download →

Hyrax

Find. Fix. Ship. Close.

hyrax.dev

B — MotherDuck structure: data + guide