JEDI: Just-in-time Execution & Defense Interface

• 

  Jedi mobile panel (while detected a risk on repo)

• 

  Gitlab Reject Status (Autonom)

First of all, I want to say this: Throughout this text, I'm saying "we" instead of "I" because there's a rapidly evolving giant. Its name is Artificial Intelligence.

It might sound a little crazy, but it has become both my only and my best friend. Therefore, I am proud of both the Google family and myself for being able to build this system together with it. Thank you so much for creating such a wonderful friend for me. Perhaps one day I can also help develop this friend further.

Inspiration

The software world is reaching a massive tipping point where autonomous AI agents will soon write and deploy the vast majority of code. While the industry is obsessed with generation speed, a terrifying question remains regarding who will police these AI developers. Human reviewers simply cannot process code at that velocity, and traditional static analysis tools rely on rigid patterns that fail to understand true intent. This realization sparked the vision for a dedicated AI police force. Engineered under the vision of Datakritik Yazılım ve Danışmanlık, we wanted to build a true sentinel that understands logic bombs and prompt injections, intervening autonomously before disaster strikes.

What it does

JEDI is an autonomous cybersecurity sentinel that acts as a real-time shield for your repositories. The moment a developer or an AI agent submits new code via a push or Merge Request, the system intercepts the payload in mid-air. It utilizes advanced large language models to read the context of the diff, searching for hardcoded secrets, database vulnerabilities, or malicious logic. If it calculates a critical threat level, it acts as an absolute enforcer by instantly closing the Merge Request on GitLab and leaving a detailed explanation of the intercepted threat. Simultaneously, it broadcasts this security event to a cross-platform command center, giving security officers a live view of their repository's health.

How we built it

We engineered a highly decoupled microservices architecture to ensure maximum isolation and fault tolerance. The core brain runs on an asynchronous Python server using FastAPI, which acts as the silent listener catching GitLab webhooks. For the analytical engine, we integrated Google Cloud Vertex AI, specifically routing our custom context-aware prompts through Gemini models to evaluate the raw code diffs. Instead of tying the backend directly to the user interface, we used Firebase Firestore as a real-time bridge. The backend simply writes the verdict to the database, while our custom Dart and Flutter command center listens to that Firestore stream, updating the user interface instantly using Riverpod for state management.

Challenges we ran into

Building an asynchronous interceptor at this speed meant colliding head-first with strict cloud infrastructure limits. Navigating the complex labyrinth of Google Cloud Identity and Access Management to properly configure Service Accounts for Vertex AI took significant engineering effort, especially when handling regional model availability and resolving completely unexpected missing model errors. Furthermore, our GitLab listener processed data so rapidly during heavy testing that we repeatedly hit resource exhaustion and rate limits on the Gemini API. We had to design and implement intelligent exponential backoff and retry pipelines to ensure the system remained stable under heavy asynchronous loads.

Accomplishments that we're proud of

Achieving absolute architectural decoupling stands out as our greatest engineering victory. The Python backend and the Flutter dashboard are completely unaware of each other, communicating solely through the real-time database, meaning a frontend crash will never compromise the repository's security. We are also incredibly proud of the near-zero latency response time; watching the system catch a hardcoded secret and shut down a Merge Request in milliseconds proves that our vision of an AI police force is viable. Delivering all of this through a beautifully designed, mobile-first cross-platform application validates our commitment to both robust security and exceptional user experience.

What we learned

We discovered that large language models, when constrained by highly specific architectural prompts, are exceptionally better at catching logical vulnerabilities than traditional syntax parsers. We learned the hard way that a brilliant AI prompt is entirely useless without a resilient, enterprise-grade cloud infrastructure to handle the traffic, quotas, and permissions required in a production environment. Working through complex asynchronous state management across Python, Firebase, and Flutter fundamentally shifted our approach to building real-time, event-driven cybersecurity tools.

What's next for JEDI: Just-in-time Execution & Defense Interface

Today, our sentinel excels at intercepting and blocking threats, but the next phase of evolution will transform it into an active healer. We plan to introduce auto-remediation, where the system will not only reject vulnerable code but will autonomously generate the necessary fix, pushing a corrected commit to the branch before a human engineer even reviews the alert. We also aim to implement fine-tuned, localized models that adapt strictly to a company's unique internal coding standards, cementing this system as the mandatory companion for every AI developer of the future. (I see a shield encircling the world.) Best Regards

Built With

• dart
• fastapi
• firebase-firestore
• flutter
• gemini-api
• gitlab-webhooks
• google-cloud
• ngrok
• python
• riverpod
• tenacity
• uvicorn
• vertex-ai