3 distribution channels from 1 shared scanner
Detects 10+ AI-builder failure modes
Real-time scan results via Convex reactive queries
Problem
AI builders ship code fast, and that code routinely leaks API keys, skips auth checks, and breaks OWASP basics. Non-technical founders push insecure apps to production without knowing what they shipped.
Solution
A security scanner that runs against AI-generated apps before launch. Engineers run it as a CLI on their machine. Teams wire it into CI as a GitHub Action. Founders point the web dashboard at a deployed URL and get a graded report.
Impact
One TypeScript scanner package powers all three surfaces. Findings stream to a Convex-backed dashboard in real time. Paid plans run continuous scans and email the team when a regression lands.
What I built
- Turborepo monorepo: web app + CLI built on 3 shared packages (scanner, github-action, shared) so one TypeScript core powers every distribution surface
- Reactive scan dashboard built on Convex: findings update without polling
- GitHub Action that fails pull requests on critical findings, distributed via the GitHub Marketplace
- npm-distributed CLI with auto-update prompts and Clerk-based device auth
- Subscription billing via Polar.sh with usage-based tiers and Sentry-instrumented checkout
- Transactional email designed in React Email and sent through Resend
Stack
Next.js 16React 19TypeScriptConvexClerkPolar.shResendReact EmailSentryTurborepopnpmSpline