12 min
CVE alert to committed fix, no context switch
Two CVEs detected and patched in 12 minutes
A push triggered a GitHub alert — 4 vulnerabilities, 2 high. Sentinel and Shipyard ran in parallel from the same session: one scored the CVEs, one found the safe upgrade. Patched, verified at zero vulnerabilities, committed, and pushed in 12 minutes with zero context switches.
Sentinel matched the alert to two real CVEs in path-to-regexp@8.3.0 — a CVSS 7.5 DoS and a 5.9 ReDoS — and traced the transitive chain through the MCP SDK. In parallel, Shipyard found the minimum safe version (8.4.0, no breaking changes) and the exact pnpm command. Two perspectives on one problem, one pass.
Claude patched both affected package directories, re-ran the audit to zero vulnerabilities, committed, and pushed — GitHub confirmed clean. The manual path is ~25 minutes across four tools and three context switches; here the vulnerability existed for 12 minutes instead of 12 days, and the session never left flow.
- Two audit agents in parallel: “how bad is it” and “how do I fix it safely”
- Detection to committed fix in one session — no ticket, no later
- ~25 min and 3 context switches collapsed to 12 min and zero
This is what Pro delivers.
Not features for their own sake — measurable leverage on every session.