Use cases
Six auditors on one codebase.
Dependencies, IPC handlers, and input boundaries each get a dedicated Claude Code session. The Conductor splits the pass, watches every terminal, and verifies fixes before they count.
The split
Audit surfaces in parallel.
Dependencies
One session walks the dependency tree: unmaintained packages, risky install scripts, versions with known advisories, and proposes pinned upgrades you can review.
IPC and process boundaries
Another reads every handler that crosses a trust boundary, flagging unchecked input, overly broad capabilities, and assumptions that only hold on the happy path.
Input boundaries
Request parsing, file paths, query construction, upload handling. Each gets read for validation gaps and injection risk, with concrete patches proposed where it finds them.
Findings become fixes, fixes get verified
An audit that ends in a spreadsheet is half a deliverable. With Loom, findings can be dispatched as fix tasks across the same fleet: a session writes the patch, the Conductor re-checks the work before it counts as done, and everything lands as reviewable diffs in the source control panel with a full git graph. For sensitive repos, toggle auto-accept off, or press shift+tab to put a single terminal in a stricter permission mode and approve each action yourself. The same fleet also works well for reviewing a large PR from several angles at once.
Loom is built the way it audits
The app holds itself to the standard it helps you enforce:
- Provider keys live only in the OS keychain, never in config files.
- A secret-path deny-list blocks reads and writes of credential files.
- Outbound requests go through an SSRF-guarded Rust HTTP proxy.
- Every file, git, and shell operation is checked against a workspace authorization registry.
- No telemetry, and no account beyond your Claude login.
The whole app is Apache-2.0 and public on GitHub, so you can audit the auditor.
Questions
Auditing with a fleet.
Can a session read my .env or keys?
Loom enforces a secret-path deny-list on both reads and writes, so credential files stay out of reach of every file operation it mediates. Your own provider keys are stored in the OS keychain only.
Does my code leave my machine?
Code goes to the model providers you configured and nowhere else. Loom itself sends no telemetry, has no analytics, and requires no account beyond your Claude login. You pay providers directly.
How do I keep the audit hands-on?
Every session is a real terminal you can watch or type into, and permission modes are per terminal. Run the read-heavy survey on auto-accept, then hand-approve the fix tasks if you prefer.
Hand it the work.
Walk away.
macOS, Linux, and Windows. Around 13 MB. Free and open source.