Inspiration

AI tools have made it much easier for anyone to build and ship AI agents. But the safety gap has not disappeared. Many agents can call tools, access files, touch customer data, trigger workflow actions, or expose sensitive prompts before anyone has checked whether they are actually safe to deploy.

A-DAP-T was inspired by that gap: if everyone can ship AI agents faster now, builders also need a practical way to avoid shipping them blind.

What it does

A-DAP-T is a deployment-readiness scanner for AI-agent and GenAI application projects.

Users can scan a public GitHub repository, upload a ZIP project, or run built-in demo scans. A-DAP-T then checks for common AI-agent deployment risks such as prompt injection exposure, hardcoded secrets, unsafe tool permissions, missing human approval gates, sensitive data exposure, and weak auditability.

The product workflow is:

Scan → Prove → Patch → Compare → Gate

After scanning, A-DAP-T generates a safety score, category risks, findings, static attack-path simulations, patch previews, saved reports, before/after comparison, and a deployment gate decision. It also includes DAP, a report-aware assistant that helps users understand what to fix first.

How we built it

The frontend is built with Next.js, React, TypeScript, and custom CSS, deployed on Vercel. The backend is built with Python and FastAPI, deployed on Render.

Firebase Authentication handles sign-in and protected scanning flows. Firestore stores saved reports so users can reopen, delete, and compare previous scans. Gemini is used for report explanation and the DAP assistant, but the core scanning, scoring, and deployment gate logic are rule-based and deterministic.

The scanner safely loads GitHub repositories and ZIP uploads as text only. It does not execute uploaded code. The backend then runs AI-agent-specific checks, builds structured findings, generates static proof paths, creates patch previews, and evaluates whether the project should be allowed, reviewed, or blocked before deployment.

Challenges we ran into

The biggest challenge was keeping the product focused. It would have been easy to turn A-DAP-T into a generic vulnerability scanner, but the stronger product direction was AI-agent deployment safety.

We also had to balance technical depth with a usable demo. Features like attack simulation, patch previews, report comparison, and deployment gating needed to feel real without overclaiming that the tool replaces a full security audit.

Another challenge was integration. The project moved from an earlier static frontend into a Next.js frontend while keeping authentication, saved reports, backend scanning, DAP, and report comparison working together. Deployment configuration on Vercel also required debugging because the frontend lives inside a subdirectory.

Accomplishments that we're proud of

We shipped a working product that someone can open and use, not just a prototype or pitch deck.

A-DAP-T supports authenticated scanning, GitHub repository scanning, ZIP upload scanning, saved report history, report deletion, before/after report comparison, static attack-path explanations, patch previews, deployment gate decisions, and a report-aware assistant.

We are especially proud of the full workflow: a user can scan a risky AI-agent project, understand why it is risky, see what to fix, re-scan an improved version, compare progress, and get a deployment decision.

What we learned

We learned that shipping a product is not just about adding features. It is about making the workflow understandable.

A high-scope project like this forced us to think through product positioning, frontend UX, backend architecture, authentication, deployment, performance, and failure states. We also learned that AI should not be used blindly in safety-critical flows. In A-DAP-T, AI explains the report, but deterministic scanner and gate logic control the actual findings and deployment verdict.

We also learned how important observability and user behavior are after deployment, which is why adding Novus.ai fit naturally into the project.

What's next for A-DAP-T

Next, we would turn A-DAP-T into a more complete AI-agent deployment safety platform.

Future improvements include deeper framework-specific scanning, MCP/tool manifest analysis, richer policy packs, team workspaces, Firestore-backed project grouping, GitHub Action integration, SARIF export, more precise patch generation, and stronger benchmark testing against real agent repositories.

The long-term goal is to make A-DAP-T a practical safety checkpoint for teams shipping AI agents into production.

Built With

  • custom-css
  • fastapi
  • firebase-authentication
  • firebase-firestore
  • gemini-2.5-flash
  • github-repository-scanning
  • next.js
  • novus.ai
  • pydantic
  • python
  • react
  • render
  • typescript
  • uvicorn
  • vercel
  • zip-upload-scanning
Share this project:

Updates