Cipher-AI

Crack the code — Decipher your legacy.

Comment

Inspiration

The idea for Cipher AI came from a frustrating reality I've witnessed countless times: companies inherit or acquire codebases that nobody understands. The original developers have moved on, documentation is either nonexistent or hopelessly outdated, and new team members spend weeks just trying to figure out what the code does before they can make any changes.

That's when it hit me: what if I could use AI not as a chatbot to answer questions about code, but as a reasoning engine that could actually understand entire systems? What if I could feed it a complete repository and get back structured intelligence—architecture diagrams, security analysis, documentation, even code fixes?

Gemini 3's massive context window made this possible. I realized I could build something that doesn't just analyze code—it transforms it from cryptic legacy into maintainable, documented, secured software.

What it does

Cipher AI is a complete code intelligence platform that transforms legacy repositories into actionable insights in under a minute.

Here's the workflow:

  1. Upload any repository - GitHub URL or ZIP file, no setup required

  2. Instant Analysis - Within 30 seconds, get:

    • Complete architecture diagram (generated as interactive Mermaid code)
    • System overview with tech stack summary
    • Critical security findings with severity levels
    • Quick wins for immediate improvements
    • Recommended next steps

  3. Deep Exploration - Navigate your codebase with:

    • Syntax-highlighted file viewer
    • Inline vulnerability detection
    • Context-aware code explanations

  4. AI-Powered Scans - Run three comprehensive analyses:

    • Security Vulnerabilities: AI-powered pattern recognition finds SQL injections, XSS risks, hardcoded credentials, and more
    • Technical Debt: Detects code smells and generates actual refactoring code with confidence scores
    • Dependency CVEs: Scans all dependencies against Google's OSV database for known vulnerabilities

  5. Auto-Generated Documentation - Generate comprehensive docs for every file:

    • Purpose and functionality
    • Inputs, outputs, and side effects
    • Dependencies and relationships
    • Security implications
    • Code examples

  6. AI Patches - Get actual code fixes:

    • Unified diff format with exact changes
    • Preview in split-view Monaco editor
    • Apply individually or in bulk
    • Export patched repository

  7. Professional Reports - Export everything as:

    • Board-ready PDF with all findings and recommendations
    • Patched ZIP with all fixes applied
    • Shareable documentation

How I built it

Building Cipher AI was a journey of turning Gemini 3 from a language model into a production-grade reasoning engine.

The Stack:

  • Frontend: Next.js 16 with App Router, React 19, TypeScript, Tailwind CSS v4
  • UI Components: Custom cyberpunk-inspired design with shadcn/ui primitives
  • Code Visualization: Monaco Editor for syntax highlighting, Mermaid.js for diagrams
  • Backend: Next.js API routes (serverless functions on Vercel)
  • AI: Google Gemini 3 (both Flash and Pro models)
  • Database: Upstash Redis (serverless KV store)
  • Validation: Zod schemas for type-safe API responses

The Architecture:

The key innovation was treating Gemini not as a chatbot but as a structured API. Here's how:

  1. Structured Outputs: Every Gemini request includes strict JSON schema definitions. I validate all responses with Zod schemas, ensuring machine-readable artifacts that power the UI without parsing ambiguity.

  2. Adaptive Thinking Levels: I implement variable reasoning depths:

    • ThinkingLevel.LOW for fast documentation generation
    • ThinkingLevel.MEDIUM for technical debt analysis
    • Deep reasoning for security vulnerability detection

This optimizes both speed and cost while maintaining quality.

  1. API Key Rotation: I built a keyring system that automatically rotates through multiple API keys when rate limits are hit. Zero downtime, seamless failover.

  2. Model Fallback: If Gemini Pro is unavailable or slow, the system automatically falls back to Flash and adjusts thinking levels. Resilience built-in.

  3. Serverless Persistence: Vercel's ephemeral filesystem meant I couldn't rely on /tmp storage in production. I built a chunked storage system in Redis:

    • Repositories are split into chunks (zip:id:chunk:0, zip:id:chunk:1, etc.)
    • Metadata stored separately (repo:id, analysis:id)
    • Automatic TTL (6 hours) for cleanup
    • No "file not found" errors in production

  4. Caching Strategy: All Gemini responses are cached in Redis by content hash. Documentation for a file? Generated once, cached forever (until code changes).

The Workflow Engine:

I built a multi-stage analysis pipeline:

  1. Upload → chunk and store in Redis
  2. Extract file tree and identify key files
  3. Generate overview (summary, risks, architecture) using Gemini with full repo context
  4. Index files by importance ranking
  5. Generate per-file documentation on-demand
  6. Run scans (parallelized for speed)
  7. Generate patches using Gemini's code understanding
  8. Export to PDF/ZIP

Challenges I ran into

1. Gemini Rate Limits

The biggest challenge was reliability. During testing, I'd hit rate limits constantly, causing the entire analysis to fail.

Solution: I built an automatic key rotation system. I created a KeyRing class that manages multiple API keys and tracks their rate limit status. When one key fails with a 429 error, it automatically tries the next. I also implemented exponential backoff with Retry-After header parsing. This turned Gemini from unreliable to production-grade.

2. Context Window Management

Even with Gemini's 2M token context, I couldn't just dump entire repositories—it was slow and expensive.

Solution: I implemented smart context selection. For overview analysis, I send:

  • Complete file tree (limited to ~80 most relevant files)
  • Full content of key files (entry points, configs)
  • Snippets of supporting files

This gives Gemini enough context to understand architecture without overwhelming it.

3. Serverless Storage

Vercel's serverless functions have ephemeral filesystems—uploaded files disappear between requests. Traditional approaches of saving to /tmp failed in production.

Solution: I built a chunked storage system in Upstash Redis. Large ZIPs are split into 1MB chunks and stored with metadata. This solved persistence and enabled features like "re-analyze without re-upload."

4. Structured vs. Conversational AI

Gemini is trained for conversation, not structured data. Getting consistent JSON was hard.

Solution: I engineered prompts with explicit schema definitions, strict output format instructions, and Zod validation. If parsing fails, I retry with adjusted prompts (up to 3 attempts). This turned ~80% reliability into 99%+.

5. PDF Generation from Markdown

Exporting analysis as PDF seemed simple until I hit encoding issues. Code with special characters broke the PDF renderer.

Solution: I implemented WinAnsi sanitization for all code snippets, smart character mapping for unicode, and proper multiline formatting for Mermaid diagrams. The PDF now renders perfectly even with complex code.

6. Monaco Editor Performance

Loading large files (5000+ lines) in Monaco caused UI lag.

Solution: I implemented virtualization, lazy loading of syntax highlighting, and debounced updates for inline annotations. Files now load instantly.

Accomplishments that I'm proud of

1. Production-Grade AI Reliability

I didn't just use Gemini—I engineered a reliable interface to it. Key rotation, model fallback, adaptive thinking levels, and structured validation mean Cipher AI works consistently, even under stress. This is what production AI looks like.

2. Real Code Transformation

Most AI code tools stop at analysis. Cipher AI generates actual fixes as unified diffs, validates them, and applies them to real repositories. Watching it automatically fix a SQL injection vulnerability with correct parameterized queries felt like magic.

3. Sub-Minute Analysis

Analyzing 15,000 lines of code with full architecture understanding, security scanning, and documentation generation in under 60 seconds. Traditional tools take days. Senior engineers take weeks.

4. Serverless Architecture

I built chunked storage, stateless analysis, and Redis-based persistence that works flawlessly on Vercel's serverless infrastructure. No databases, no traditional servers, just functions and KV storage.

5. Beautiful, Unique UI

I designed a cyberpunk-inspired interface that doesn't look like GitHub or VS Code—it has its own identity. Neon cyan accents, corner-accent cards, inline threat visualizations. It looks like a tool hackers would actually want to use.

6. End-to-End Workflow

Upload → Analyze → Document → Scan → Patch → Export. The entire workflow works seamlessly. You can actually transform a legacy codebase into production-ready software in one sitting.

What I learned

Technical Lessons:

  1. AI Engineering ≠ Prompt Engineering: Building production AI systems requires thinking about reliability, fallback strategies, structured outputs, and validation—not just crafting clever prompts.

  2. Context is King: Gemini's massive context window is powerful, but you need to be strategic about what you feed it. Smart context selection beats brute-force approaches.

  3. Serverless Constraints Drive Innovation: Vercel's ephemeral filesystem seemed like a limitation but forced me to build a better architecture with Redis chunking. Constraints breed creativity.

  4. Structured Outputs Unlock Possibilities: The moment I got Gemini returning validated JSON instead of free-form text, everything changed. I could build real features on top of AI, not just display its responses.

Product Lessons:

  1. Show, Don't Tell: Demoing a real SQL injection being detected and auto-fixed is worth more than explaining how the algorithm works.

  2. Speed Matters: 30-second analysis isn't just convenient—it changes how people think about code review. It goes from "batch process" to "instant insight."

  3. Visual Impact: Architecture diagrams, threat level bars, inline code annotations—humans are visual. Making data beautiful makes it actionable.

Personal Growth:

This project pushed me to think like an engineer, not just a developer. I had to consider reliability, scalability, error handling, monitoring, and user experience simultaneously. I learned that building with AI is fundamentally about building around AI—the infrastructure matters as much as the model.

What's next for Cipher AI

Short Term (Next Month):

  1. GitHub Integration: Direct repository connection without downloading—authenticate with GitHub, select repos, automatic re-analysis on push.

  2. Team Collaboration: Share analyses with teammates, comment on findings, assign issues, track fix progress.

  3. CI/CD Integration: GitHub Actions workflow that runs Cipher AI on every PR and blocks merges if critical vulnerabilities are found.

  4. Custom Rules Engine: Let users define their own security patterns and coding standards for domain-specific analysis.

Medium Term (3-6 Months):

  1. Multi-Language Deep Dive: Enhanced support for Python, Java, Go, Rust with language-specific vulnerability patterns.

  2. Historical Analysis: Track code health over time—see how technical debt evolves, when vulnerabilities were introduced, which refactorings worked.

  3. AI Pair Programming Mode: Real-time analysis as you code in VS Code extension—inline suggestions, live vulnerability detection, context-aware documentation.

  4. Compliance Reports: Generate SOC 2, ISO 27001, and GDPR compliance reports based on code analysis.

Long Term (Vision):

  1. Organization-Wide Intelligence: Analyze all repositories in an organization, map dependencies between services, find cross-cutting security issues.

  2. Automated Security Patches: Not just generate patches—create pull requests automatically, run tests, and merge if safe.

  3. Architecture Evolution Assistant: Use historical analysis to suggest architectural improvements based on actual code patterns and team behavior.

  4. Knowledge Base Generation: Transform code understanding into company wiki—onboarding docs, architecture decision records, dependency maps, all auto-generated and kept in sync.

The ultimate vision: Every company's legacy code becomes an asset, not a liability. Cipher AI should make inherited codebases feel like well-documented, freshly-written software—because I used AI to bridge the gap between what was and what should be.

I'm just getting started. Let's crack the code.

Built With

Share this project:

Updates