signal.repairs
AI-powered software supply chain black swan early warning & auto-repair system
Built for DeveloperWeek New York 2026 Hackathon — targeting Tower Pipeline Challenge, Nimble Agentic App, and name.com Domain Roulette prizes.
What it does
Most security scanners check known CVEs. Signal.repairs watches for the weak signals that precede catastrophic failures — the kind that take down production before any CVE is filed:
| Threat | Example |
|---|---|
| DMCA takedown waves | GitHub removes 8,000 repos overnight |
| Maintainer burnout | XZ Utils-style silent abandonment |
| Source map leaks | Unobfuscated TypeScript exposed in prod bundles |
| AI code pollution | Autonomous refactors silently remove 1,200 API endpoints |
| Sandbox removal | vm2 disables security isolation in patch release |
| Billing fraud | Hidden headers inflate API token usage |
| Maintainer transfer | Ownership handed to unknown actor |
You drop in your package.json or requirements.txt. In under 60 seconds you get:
- A risk score for every dependency
- Live threat signals pulled from the real web via Nimble
- A Claude AI executive threat assessment
- Copy-paste repair commands for each critical issue
Architecture
package.json upload
│
▼
FastAPI backend
├── npm/PyPI registry metadata fetch (concurrent)
├── Nimble Web Intelligence crawl
│ ├── Bing SERP: DMCA notices, maintainer news
│ ├── GitHub DMCA repository scrape
│ └── npm release anomaly detection
├── Risk scoring engine
└── Claude AI threat assessment (claude-opus-4-8)
│
▼
Next.js 14 report dashboard
├── Overview: risk score gauge + AI summary
├── Dependencies: expandable risk table
├── Live Signals: Nimble real-time feed
└── Repair Actions: one-click fix commands
Tower Pipeline (runs every 15 min)
└── Continuous background crawl → dbt transform → signal store
Stack
- Frontend: Next.js 14, Tailwind CSS, TypeScript
- Backend: FastAPI (Python), httpx async
- AI: Anthropic Claude (claude-opus-4-8) for threat assessment
- Web Intelligence: Nimble Web Intelligence API — SERP + page extraction
- Pipeline: Tower — scheduled serverless Python, every 15 minutes
- Domain: signal.repairs via name.com
Quick Start
# 1. Clone
git clone https://github.com/YOUR_USERNAME/signal-repairs
cd signal-repairs
# 2. Configure keys
cp .env.example .env
# Fill in your API keys in .env
# 3. Install frontend deps
cd frontend && npm install && cd ..
# 4. Install backend deps
cd api && pip install -r requirements.txt && cd ..
# 5. Start everything
bash start.sh
Open http://localhost:3001 — drag in any package.json to scan.
For an instant demo (no file needed): http://localhost:3001/report/demo
API Keys needed
| Key | Where to get |
|---|---|
NIMBLE_API_KEY |
nimbleway.com |
TOWER_API_KEY |
tower.dev |
ANTHROPIC_API_KEY |
console.anthropic.com |
See .env.example for the full template.
Tower Pipeline
The background pipeline runs on Tower at amazing-mountain-161 every 15 minutes:
tower-app/
├── Towerfile # schedule = "*/15 * * * *"
└── main.py # 4-stage pipeline: crawl → dbt → AI → persist
Live dashboard: app.tower.dev/amazing-mountain-161
Project Structure
signal-repairs/
├── api/ # FastAPI backend
│ ├── agents/ # Nimble web intelligence agent
│ ├── services/ # analyzer, risk scoring, Claude AI, repair generator
│ └── main.py
├── frontend/ # Next.js 14 app
│ └── src/app/
│ ├── page.tsx # Landing + upload
│ └── report/[id]/ # Risk report dashboard
├── tower/ # Tower pipeline utilities
├── tower-app/ # Tower deployment (Towerfile + main.py)
├── .env.example # Key template
└── start.sh # One-command startup
Log in or sign up for Devpost to join the conversation.