Inspiration
AI coding tools are incredible at writing code — and terrifyingly casual about destroying data. Tools like Lovable, Bolt, v0, and Cursor generate database migrations all day: DROP COLUMN here, an unscoped DELETE there. They ship in seconds, nobody reviews them, and one of them eventually deletes a users table in production.
We come from a finance background. We know what it feels like to work with large datasets and we know the feeling when something goes wrong with your data. That experience is what drove us to solve this problem in the coding world — because the same thing happens there, but at a much larger scale and with much higher stakes.
The question that started Pirabase was simple: if AI agents write the dangerous code, why isn't there an AI agent whose whole job is to catch it — and why shouldn't the other agents pay it for that service?
What it does
Pirabase Migration Guard is an autonomous agent that acts on the open web, end to end, with no human in the loop:
- Monitors GitHub repos 24/7 for pull requests containing SQL migrations
- Decides with a deterministic risk engine — no LLM in the safety path: AI proposes, rules decide
- Grounds every verdict in truth: live-fetches the official PostgreSQL documentation and cites the exact pages
- Explains in plain English via Claude — why the change is dangerous, with receipts
- Acts: posts the risk comment on the PR and opens the corrected fix PR itself
- Gets paid: other agents buy audits at $0.05 over the x402 payment protocol — agents invoicing agents
- Proves it live: every audit streams into a public dashboard — numbers you can watch tick in real time at pirabase.com/dashboard
No terminal needed — try the browser playground at pirabase.com/playground. Pick a destructive migration, see the real 402 bill, pay a nickel, read the grounded report. Sign in with test@pirabase.com / test@123 for the full guided tour.
How we built it
One day, four sponsor integrations, all verified live in production:
- Anthropic — Claude Opus 4.8 writes every audit explanation, grounded in PostgreSQL doc citations fetched at audit time. If the API is ever down, a deterministic report ships anyway — the safety verdict never depends on an LLM.
- ClickHouse Cloud — every scan is inserted over the HTTP interface; the live dashboard reads straight from it with a Vercel Blob fallback so the demo can never go dark.
- Render — the always-on watcher service polls repos around the clock, catching PRs even with no webhook configured.
- Composio — GitHub actions (PR risk comments, fix PRs) route through Composio's tool-execution API with managed OAuth, with direct REST as fallback.
Stack: TypeScript + Hono, one shared app serving both a serverless entry (Vercel) and a long-running watcher (Render). The x402 paywall is middleware on POST /audit — no payment header gets a real HTTP 402 with terms; with payment, full audit plus receipt.
Challenges we ran into
- Vercel's read-only filesystem silently killed the pipeline mid-demo — one failed file write took down the PR comment, the report, and the stats log. Fix: every pipeline step is independently guarded.
- Double-auditing: the Vercel webhook and the Render poller would both audit the same PR. Fix: a commit SHA embedded in the PR comment became the cross-process dedup key.
- The guard audited its own fix PRs — it argued with itself. Fix: fix-PR branches carry a prefix the monitor skips.
- Serverless statelessness: in-memory stats reset on every cold start. That forced the proper fix — ClickHouse as the source of truth with Blob fallback and backfill.
Accomplishments that we're proud of
A live revenue counter that ticks when a judge pays a nickel. At time of writing: 77 audits run, $3.05 in agent-paid revenue — all visible in real time on the dashboard. That is not a demo. That is a live product with paying customers that happen to be machines.
What we learned
- Determinism for safety, AI for empathy. The rule engine decides; Claude explains. That split is what makes an AI safety product trustworthy.
- Grounding beats confidence. A verdict that cites the official PostgreSQL manual lands differently than "the AI thinks this is risky."
- Autonomy needs idempotency. The moment two processes act on the same world, you need dedup keys, grace windows, and self-recognition.
- Ship the proof, not the promise. A live revenue counter is worth a thousand slides.
What's next for Pirabase
Real x402 settlement in USDC, more SQL dialects (MySQL, SQLite), a GitHub App for one-click onboarding, and richer fix transforms — toward a world where every AI coding agent has a guard agent watching its database changes, and paying for the privilege.
Built With
- anthropic-claude-api-(opus-4.8)
- clickhouse-cloud
- composio
- github-api-&-webhooks
- hono
- node.js
- postgresql-documentation
- render
- typescript
- vercel
- x402-payment-protocol
Log in or sign up for Devpost to join the conversation.