Preflight

Preflight is a deterministic environment scanner with a Rust CLI, Axum-powered local dashboard, and optional cloud sync. It inspects runtimes, databases, ports, GPUs, and remote hosts, then writes a canonical .preflight/scan.json contract that downstream tooling and the dashboard consume without divergence. The /branding directory contains the canonical SVG wordmark shared by the dashboard, CLI output, and docs so there are no binary assets required.

Installation

From crates.io

cargo install preflight-cli

From source

cargo install --path core --locked

From release archives (curl | tar)

Release assets are published for macOS (arm64 + x86_64) and Linux (x86_64 + aarch64):

• preflight-macos-arm64.tar.gz
• preflight-macos-x86_64.tar.gz
• preflight-linux-x86_64.tar.gz
• preflight-linux-aarch64.tar.gz

Download the matching tarball, verify the .sha256 file, then extract directly into your PATH:

curl -L "$PREFLIGHT_TARBALL_URL" | tar -xz
sudo install -m 0755 preflight /usr/local/bin/preflight

Replace PREFLIGHT_TARBALL_URL with the direct link to the release asset for your platform.

Build the dashboard bundle

The CLI serves the built Vite assets from web/dist. Build once per update:

cd web
npm install
npm run build
cd ..

CLI commands

• preflight scan — run a local scan and write .preflight/scan.json deterministically.
• preflight scan --json — emit the scan envelope to stdout in addition to writing the contract.
• preflight dashboard — start the Axum server, serve web/dist, and open http://localhost:8787.
• preflight sync — upload .preflight/scan.json to your cloud endpoint (Pro). Requires PREFLIGHT_API_URL and PREFLIGHT_API_KEY.
• preflight simulate / simulate-proposed — model changes before running them.
• preflight watch, deps, doctor, security, and more for specialized workflows.

Dashboard

preflight dashboard starts the embedded Axum server at http://localhost:8787 and mounts the Vite bundle from web/dist under /dashboard/. Set PREFLIGHT_DASHBOARD_DIST to point at a built web/dist directory when running the installed binary from outside the repo. The backend exposes:

• GET /api/state — parsed scan.json plus risk summaries.
• GET /api/mtime — deterministic timestamp and fingerprint for cache busting.
• GET /ws/updates — websocket updates when a new scan is detected.

Cloud sync (Pro)

Synchronize local scans to Supabase or another hosted endpoint:

export PREFLIGHT_API_URL=https://your-api.example.com
export PREFLIGHT_API_KEY=service_role_key
preflight sync

Reference API (see cloud/api.rs and cloud/supabase.sql):

• POST /upload — store host and payload (the contents of scan.json).
• GET /history — list recent scans.

Determinism and security

• scan.json keys are ordered, fingerprints are stable, and re-running on an unchanged machine produces identical output.
• Remote scans retain hardened SSH defaults from the security patch while continuing to validate against scan.schema.json.
• Dashboard reads from the same contract to avoid drift.

Release pipeline

GitHub Actions builds release artifacts for macOS (ARM + Intel) and Linux (x86_64 + ARM64), tars the preflight binary, and publishes SHA256 checksums. Install via tarballs or cargo install preflight-cli.

Documentation

• Getting started
• Install guide
• Scan output contract
• CLI reference
• Pricing
• Plugins

Landing page

The site/ directory contains a static marketing page ready for Vercel deployment with hero, features, install instructions, pricing, and GitHub links.