DebtWatch

Inspiration

New teammates often struggle to understand a large GitHub repo quickly, and security-style checks create noise without good triage. I wanted one place to see the repo clearly and spot risky patterns without drowning in alerts, based on how hard onboarding felt early in my career.

What it does

DebtWatch scans GitHub repos for secrets and vulnerability-shaped patterns, then uses AI to help filter obvious noise. It explains repos with Markdown summaries and optional infographics. Analytics and History help you review past runs. Sign-in is through Auth0; GitHub access uses Token Vault on the server so tokens are not stored casually in the client.

How I built it

Frontend: React, Vite, Auth0 SPA SDK, deployed on Vercel from the frontend folder. Backend: Express and TypeScript on Render from the backend folder, with Octokit for GitHub and Google Gemini for reasoning and image output. One GitHub repo, two deploy targets, environment variables wired for production builds.

Challenges I ran into

Callback URL mismatch until Auth0 entries matched the app’s redirect exactly (including trailing slash rules). CORS until FRONTEND_URL on Render matched the live Vercel origin. “Cannot reach API” in production when VITE_API_URL was missing at build time, so the bundle pointed at localhost. Free Render cold starts also made the first request feel slow or flaky until we understood the behavior.

Accomplishments that I am proud of

End-to-end Token Vault flow for GitHub-backed scans, a clear split between scan and explain, and multimodal explain with text plus generated visuals. Shipping a monorepo cleanly to Vercel and Render with sane env and health checks.

What I learned

How Vite inlines VITE_* at build time, why Auth0 URI lists must match character for character, and how CORS ties the browser, Vercel, and Render together. Reading Token Vault docs before coding saved a lot of rework.

What's next for DebtWatch

Stronger export and sharing of reports, finer control over scan scope and limits, optional CI hooks or PR comments, and continued tuning of false positives and model choice for cost and latency.

Built With

Submitted to

Authorized to Act: Auth0 for AI Agents

Created by

I designed and built DebtWatch end to end: a React frontend for sign-in, repo input, scan and explain flows, and client-side history/analytics, plus a Node/Express backend that talks to GitHub and Google Gemini. I integrated Auth0 for authentication and wired Auth0 Token Vault so the server can use each user’s GitHub access safely instead of sharing one static token. I implemented the security scan path (pattern detection plus AI triage) and the explanation path (markdown summaries and optional visual output). I set up configuration and deployment patterns (for example Render for the API and Vercel for the SPA), documented environment variables, and handled CORS, errors, and rate-limit cases so the app is usable in development and production.

Amrutha Junnuri

Updates

Amrutha Junnuri posted an update — Apr 13, 2026 09:16 PM EDT

DebtWatch dev log

Scan results - copy & PDF

Copy and Download as PDF on the Scan complete card (rich HTML + plain text + pdfmake PDF).

Upload scanning

Signed-in zip and folder uploads; same scan/explain pipeline, auth + limits on /api/scan/upload.

Explain exports

Copy + Download as PDF for repository overview (aligned with scan export UX).

Duplicate / overlapping APIs

Architecture findings: route extraction (common frameworks), identical route duplicates, model pass for semantic duplicates, involvedFiles for multi-file fix suggestions.

Deploy

Latest main reflected on Vercel (frontend) and Render (API); source: github.com/Amrutha-J822/DebtWatch.

Log in or sign up for Devpost to join the conversation.

Amrutha Junnuri started this project — Apr 07, 2026 12:29 AM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.