Argus

Argus bridges the gap between engineering speed and legal safety by automatically catching compliance violations in pull requests, so teams can fix risks early and deploy with confidence.

Comment

Argus: Project Story

Inspiration

Today, building software is easier than ever. The barrier to entry for startups has plummeted, allowing lean teams to ship products at breakneck speed. But while everyone is focused on rapid iteration and getting to market, very few have the bandwidth, or the dedicated personnel, to worry about compliance.

Every team we’ve worked on moves fast. Pull requests get opened, reviewed, and merged. Then, weeks later, someone from legal or security drops into Slack: “Wait, this affects EU users. Did we run a risk assessment?” Compliance traditionally happens after the merge, when it’s painful, convoluted, and awkward. We kept asking two questions: Why doesn’t this check happen at the PR stage automatically before the code ships? And why do the existing tools for managing these issues lack the modern, intuitive design needed for quick decision-making?

Argus was born to bridge this gap. We wanted to build an end-to-end ecosystem: an automated GitHub check that prevents non-compliant code from shipping, paired with a centralized, "single pane of glass" dashboard that transforms overwhelming compliance data into actionable insights.

What it does

Argus is a comprehensive compliance and security platform that operates directly in the developer workflow while providing high-level visibility for enterprise teams.

  • Automated PR Reviews: A GitHub App that reads code changes, identifies data lineage, and checks intent against relevant laws like CCPA, the EU AI Act, and BIPA.
  • Contextual Decisions: Argus issues a Merge, Block, or Escalate decision directly in GitHub. Each decision includes official legal citations and concrete next steps.
  • Top-Level KPIs: A quick-glance dashboard overview of overall compliance health, risk scores, and critical metrics across the organization.
  • Actionable Issue Breakdown: Detailed views categorizing active issues by severity, department, or type, alongside interactive charts for analyzing compliance posture over time.
  • Team-Specific Action Items: In-depth reports on specific breaches with metadata, related policies, and tabbed interfaces to delegate mitigation tasks across departments.
  • Historical Legal Archive: Acts as a centralized audit trail for legal and security teams. It maintains a permanent, searchable record of all past compliance flags, the exact statutes cited, and the concrete steps taken to resolve them, providing indisputable evidence of regulatory adherence over time.

How we built it

We architected Argus to balance a robust, AI-driven compliance pipeline with a highly polished, developer-friendly interface.

  • Backend & Compliance Pipeline: Built on Node.js with Express. Every PR runs through a six-stage pipeline: parsing the GitHub webhook, classifying intent with OpenAI, searching official legal sources via Tavily, querying a Neo4j graph for data lineage, synthesizing a verdict with GPT-4o, and enforcing it via the GitHub Checks API.
  • Frontend Framework: React powered by Vite for fast builds and snappy hot module replacement.
  • Styling & Design System: Tailwind CSS was utilized to implement a strict, premium B2B Enterprise Design System.
  • Data Visualization: Recharts for rendering interactive, responsive data visualizations.
  • Database & Services: Designed around Supabase for scalable backend services, authentication, and data management, running without over-engineered microservices.

Challenges we ran into

  • Multi-Agent Coordination: We had to build and coordinate four distinct sub-agents to generate the four different types of specialized reports. Ensuring they ran concurrently and reliably without dropping context was a major architectural hurdle.
  • Data Formatting & Integration: Bridging the gap between the backend and frontend was difficult. We had to ensure the complex data extracted from the backend PR pipeline was perfectly formatted and cleanly received by the frontend dashboard hooks.
  • Version Control Conflicts: Because our team was moving fast across very different stacks, we faced severe merge conflicts between the frontend UI code, the agent/sub-agent reporting logic, and the GitHub PR flow integration.
  • UI/UX Density: Designing an interface that is clean and visually appealing but also data-rich enough to be genuinely useful for enterprise teams required constant iteration and careful state management.
  • Trustworthy Legal Citations: Limiting the AI's search results strictly to official government and legal domains was difficult but necessary to ensure we cited actual statutes rather than blog posts.

Accomplishments that we're proud of

  • End-to-End Workflow: Creating a seamless user experience that delivers immediate, contextual reports directly within the GitHub PR, while simultaneously populating a clean, centralized dashboard for a complete organizational compliance overview.
  • Actionable Intelligence: Generating highly detailed reports with legitimate, concrete action points. We didn't just want teams to be aware of issues; we wanted to empower them to actually remediate them.
  • Successful Sub-Agent Orchestration: Seamlessly coordinating the four specialized sub-agents to generate tailored, detailed reports that align with the specific priorities of different organizational teams.

What we learned

  • Pipelines over Prompts: Compliance works better as a structured pipeline. Breaking it into intent, research, evidence, and decision made the output significantly more reliable and easier to debug.
  • Developer Experience is Paramount: Posting decisions directly on the PR with concrete next steps makes compliance a tool teams actually use, rather than a hurdle they ignore.
  • The Power of a Design System: Committing to semantic colors, consistent layouts, and strict typography early on dramatically improved the maintainability and velocity of our frontend work.

What's next for Argus

  • Targeted Code Patches: Currently, our engineering report highlights non-compliant code in GitHub and offers English-language suggestions for fixes. Next, we want to introduce automated, targeted software patches (similar to Claude Code Security) that are generated instantly for human review.
  • Customizable & Hierarchical Dashboards: Allowing users to build custom dashboard views tailored to their specific use cases. We also plan to introduce hierarchical issue breakdowns (e.g., filtering by specific teams or applications) so teams can focus strictly on the vulnerabilities that affect their workflow.
  • Ticketing System Integration: Connecting Argus seamlessly with Jira and other ticketing platforms to automatically create and assign actionable tasks based on the reports we generate.
  • Expanded Coverage: Adding more jurisdictions and configurable risk thresholds so teams can choose when Argus should warn versus block, alongside tailoring the platform for highly regulated, industry-specific sectors.

Built With

Share this project:

Updates