TheSpider Documentation
Security & bug audit platform — models run on your machine, the brain lives server-side. One image, two modes (SaaS + on-prem).
TheSpider
A multi-tenant security & bug audit platform. A thin Rust agent runs models locally on your checkout; a Bun brain-server owns config, prompts, parse/fingerprint/dedupe, triage, and the web UI. Your source code never leaves the machine — only findings sync.
New here? Skip the setup entirely — paste this into Claude Code, Cursor, or any AI agent, answer three questions, and it installs, enrolls, and runs your first audit for you:
one prompt, zero setup
Get me started with TheSpider: https://thespider.xyz/startup.md
What you can do
The whole client surface
Four commands. One config file. Everything else is brain-side.
run an audit
thespider-agent login # paste the enrollment code
thespider-agent run --once # claim → run models → submit
thespider-agent gate --campaign <id> # pass / fail
Minimal local config
Server, token, project, and model→command bindings. That is the entire client footprint.
~/.thespider/config.toml
server = "https://thespider.xyz"
token = "keychain:thespider"
project = "shipstream/thespider"
[[model]]
code = "sonnet"
command = "bash runners/opencode-runner.sh {prompt_path} anthropic/claude-sonnet-4-6"
timeout_seconds = 900