Step · 01
Install the GitHub App
Visit github.com/apps/quanterios-firewall and authorise the repos you want to gate. Read-only by default; opt into write access only for inline-comment posting.
# nothing to install locally
# the GitHub App is enoughQuickstart · 5 minutes
Install the Crypto Debt Firewall in 5 minutes.
Free for every developer, on every repo. Five steps. No credit card. No platform onboarding. The Firewall scans every pull request and blocks non-compliant crypto before merge.
Step · 02
Add the policy file
Drop a .quanterios/policy.yaml at the root of your repo. Default policy blocks AES-CBC, RSA-PKCS1, MD5, SHA-1, weak primes, and custom-crypto patterns.
policy:
block:
- weak-iv
- custom-crypto
- md5
warn:
- rsa-2048Step · 03
Open a pull request
Push a PR. The Firewall scans the diff with rule-based scanning and the AI Auditor; posts inline comments on findings; blocks merge if policy is violated.
$ git checkout -b token-rotation-fix
$ git commit -m 'rotate token'
$ git push origin HEADStep · 04
Review the verdict
The Firewall posts a status check (Block / Pass / Warn) on the PR with cited findings. Suggested fixes appear inline. Merging is gated on policy.
✗ merge blocked
→ src/auth/token.py:42
random.randint() not crypto-safe
fix: use AESGCMStep · 05
Iterate or override
Apply the suggested fix or override with documented exception. Overrides are logged with the requester, the reason, and the policy clause involved.
# documented exception
quanterios.override:
asset: token.py:42
reason: 'staging-only · TODO migrate'That's it.
Email developers@quanterios.com if anything is unclear. We respond within one business day.