What is SiteCMD
A desktop command center for website health: live-site checks, source-code audit, and integrations, all running locally.
SiteCMD is a desktop application that scans your website for health issues, audits your source code for the patterns that quietly break sites, and ties both to the tools you already use (analytics, search, uptime, deploys, issue trackers). It runs locally on your machine. Your scans, source, and project data never leave it.
This page is the high-level orientation. For installing, Get started. For the philosophy behind the local-first design, Why local-first.
What it does
Three things, in the order most people use them:
1. Scans your live site. SiteCMD fetches your URL, parses what came back, runs hundreds of checks against it, and tells you what’s broken. Headers, SSL, SEO, accessibility, performance, polish, dependency risks, deploy gaps. The findings are categorized, scored, and ranked by how badly each one hurts your overall site health.
2. Audits your source code. If you point SiteCMD at your project folder, it walks the source for vibe-code patterns, exposed secrets, unsafe queries, dependency CVEs, and the operational gaps that take down newly-launched sites. The audit runs entirely locally. Source files are never uploaded.
3. Correlates with your other tools. Connect Google Analytics, Search Console, Cloudflare, UptimeRobot, GitHub, or any of the supported integrations, and SiteCMD ties scan findings to real signals. “Traffic dropped 22% on the day this scan first flagged a broken canonical tag” is a different finding than “you have a broken canonical tag.”
The output is one number: the SiteCMD Score, out of 100. Below that, the issues ranked by impact, with fix guides written for the specific check that failed, tailored to your detected framework.
Who it’s for
- Indie developers and small agencies who ship a lot of sites and want a single tool that catches the things one tool alone always misses.
- Site owners who want to know if their site is actually healthy without learning the difference between a CDN cache hit rate and a TTFB.
- AI-first builders who use Claude, Cursor, Windsurf, or similar tools to write code, and want their AI to actually see what’s wrong with the site before suggesting fixes.
- CI engineers who want a quality gate that fails a build for site-health regressions, not just test failures.
If you maintain a single static site that never changes, SiteCMD is more than you need. If you maintain sites that get updated regularly, get touched by multiple people, or get features added by an AI assistant, SiteCMD is built for you.
What makes it different
It’s local-first. Most “site health” tools are SaaS. Your scans live in their cloud, indexed alongside everyone else’s. SiteCMD is a desktop app. Your data is on your machine. We don’t have it. See Why local-first for the full explanation.
It runs two engines, not one. Live-site-only tools see what you shipped but not why a problem is there. Source-only tools see your code but not what your CDN, your runtime config, and your third-party scripts are doing in production. SiteCMD runs both and ties findings together.
It talks to your AI editor. Through an MCP server bundled with the app, your AI editor (Cursor, Claude Code, Windsurf, and others) can read your scan results, pull fix prompts written for the specific failing checks, and verify its own work by comparing scans before and after. See AI editors.
It speaks CI. A standalone CLI binary runs the same live-site checks for headless pipelines. Use it as a deploy gate, a pre-push hook, or a scheduled regression check. See CLI reference.
What it doesn’t do
Worth being clear about, upfront:
- It doesn’t fix things for you. SiteCMD surfaces findings, writes fix guides, and hands context to your AI tools. The fix is your call, your code, your deploy.
- It doesn’t replace a security audit. Some checks overlap with what a security firm would do, but SiteCMD is not a substitute for an actual security review of an application that handles sensitive data.
- It doesn’t sell access to your data. We sell a desktop app. There is no SiteCMD-hosted dashboard, no team workspace in our cloud, no analytics product built from aggregated user scans.
- It doesn’t speak every editor’s plugin language. The AI editor integration is MCP-based. If your editor doesn’t support MCP, the CLI is your fallback.
How it fits with everything else
SiteCMD sits between the tools you use and the work you do:
- In your editor, SiteCMD’s MCP server lets your AI assistant act on real findings.
- In your terminal, the CLI runs scans in pipelines.
- On your desktop, the app is the place you triage, dismiss, snooze, and verify findings.
- In your tracker, the GitHub Issues and Jira integrations turn findings into tickets.
- In your analytics, scan findings get tied to real-world traffic, search visibility, and uptime data through the integrations you connect.
Each surface uses the same underlying local database. There’s one source of truth, on your machine.
Where to go next
- Quickstart to install and run your first scan.
- How a scan works for the engine architecture.
- Why local-first for the design philosophy.
- Tiers & pricing for what’s in Free, Core, and Pro.