Codensei:Turn every bug into lesson

Students learn security by doing, not reading. Every bug becomes a personalized lesson.

Comment

Inspiration

Computer science education teaches students how to code, but rarely teaches them why secure code matters in the real world.

Most students learn vulnerabilities like SQL injection or broken authentication from textbooks, but they don’t get to see those issues inside their real GitHub projects — and they definitely don’t see the real consequences (data leaks, fines, career impact, trust loss).

We built CodeSensei to bridge that gap.

CodeSensei turns GitHub Pull Requests into an interactive security classroom: every bug becomes a structured lesson, every PR becomes practice, and learning becomes addictive through gamification (coins + streaks + leaderboards).

What it does

CodeSensei is an AI-powered Security Learning Platform for Students. It automatically reviews student PRs and transforms vulnerabilities into personalized learning modules.

✅ Key features

Real-time PR Analysis (GitHub App): When a student opens/updates a PR, CodeSensei automatically scans the code and posts a student-friendly summary comment.

Professor Mode Lessons: For every detected bug, CodeSensei generates a structured lesson with:

🧠 The Concept (simple explanation + analogy)

🔍 The Code Anatomy (why that exact line is risky)

📉 Real-world Disaster (historical breaches + impact)

🛠️ The Fix (corrected code + reasoning)

Career Wallet (Gamification): Students earn coins for fixing vulnerabilities and maintaining streaks.

Leaderboard: Students compete globally based on total coins earned and streak consistency.

Result: Students learn security by doing, not reading.

How we built it

We built CodeSensei using a production-style architecture designed for real GitHub workflows.

Frontend

Next.js 16 (App Router) with React + TypeScript

TailwindCSS + modern UI components

Professor Mode uses Markdown rendering + code highlighting

Backend

Next.js API Routes + Server Actions

PostgreSQL (Neon) + Prisma ORM

Full audit trail via Wallet + Transaction models

AI System

Gemini 2.5 Flash generates:

PR learning summaries (short + encouraging)

Professor Mode lessons (structured markdown)

DeepSeek via OpenRouter used for vulnerability detection / reasoning (multi-model pipeline)

Background Processing

GitHub webhooks timeout fast, and AI processing can take time — so we used:

Inngest to queue PR analysis as background jobs

Webhook responds instantly (<100ms) while processing continues async

Challenges we ran into

1) Webhook timeout & reliability

GitHub webhooks can time out quickly if your system takes too long. AI analysis often takes 10–30 seconds, so we moved the whole pipeline into Inngest background jobs to prevent failures.

2) AI hallucinations & trust

LLMs can generate incorrect assumptions or overly technical output. We improved reliability by:

strict formatting prompts

limiting outputs

retry logic + graceful fallback messages

3) Making lessons actually useful

“Vulnerability detected” isn’t enough — students need teachable feedback. We designed Professor Mode lessons to be:

short, structured, and visual

specific to the student’s code

connected to real-world breaches

4) Gamification design

We wanted the wallet system to be motivating but not complex. So we built a simple coin + transaction model (earn, streak, leaderboard) and kept advanced redeem rewards as roadmap.

Accomplishments that we're proud of

✅ Built a complete PR-to-Lesson pipeline that works end-to-end ✅ Delivered a production-style architecture with Inngest + Prisma + Neon ✅ Created a “Professor Mode” that explains vulnerabilities like a real instructor ✅ Built the Career Wallet system with transaction history + streak tracking ✅ Designed UI that makes security feel like a game, not a lecture

What we learned

Students learn faster from their own mistakes than generic tutorials. A real bug in a real PR creates instant curiosity and motivation.

Explainability matters more than raw detection. Tools that teach why it matters create long-term skill improvement.

Asynchronous architecture is required for AI workflows. Real GitHub integration is not possible without background jobs.

Gamification increases engagement. Coins, streaks and competition can turn security into a habit.

What's next for CodeSensei: Turn every bug into a lesson

We want to expand CodeSensei into a full “Security Career OS” for students:

🎯 Complete the Redeem System (AI hints, premium lessons, mock interviews)

🏅 Add Badges & Achievements (SQL Slayer, Auth Guardian, etc.)

👨‍🏫 Build an Instructor Dashboard for classrooms / bootcamps

🧪 Add a Safe Attack Simulation Mode (visual exploit replay for learning)

🧩 Create Curriculum Paths (Beginner → Intermediate → FinTech Ready)

🧠 VS Code Extension for real-time hints while coding

Built With

Share this project:

Updates