AdaL Security Guard

AI security reviewer that blocks risky `git push`es and auto-comments findings on every commit — one-line install, no API keys.

Comment

Inspiration

Every developer has done it: pushed an API key by accident, merged a PR that silently removed an auth check, or shipped a SQL injection because the diff "looked fine" at 2 AM. Existing tools fall into two camps:

  • Static scanners (regex/AST) — fast but dumb. They miss data-flow bugs and drown you in false positives.
  • PR-time AI reviewers — smart but late. By the time CI runs, the bad code is already on the remote, and reviewers have to wade through a comment thread. We wanted a reviewer that's as smart as a senior engineer and as early as possiblebefore the code ever leaves your machine. So we plugged AdaL into the one git hook everyone runs but no one loves: pre-push. ## What it does AdaL Security Guard is a one-line install that turns every git push into an AI security review:
  • Intercepts the push, extracts the diff (added and removed lines).
  • Sends it to AdaL with a prompt to act as a strict security reviewer.
  • Returns a verdict — PASS or BLOCK — with severity-tagged findings.
  • Fail-closed: any Critical/High issue aborts the push.
  • Auto-comments: posts the full review as a commit comment on GitHub via the gh CLI, so the team sees the analysis right next to the code. It catches the usual suspects (SQLi, secrets, command injection, path traversal, weak crypto) and — uniquely — flags risky deletions: removed auth guards, dropped input validation, deleted SECURITY.md, etc. ## How we built it The whole system is three moving parts:
  • install.sh — one curl-piped script that verifies prerequisites (Node ≥ 20, git), installs @sylphai/adal-cli, triggers AdaL login, and drops a pre-push hook into .git/hooks/.
  • The pre-push hook — pure bash. It reads the ref list from stdin, builds a diff, sends it to adal -q "<prompt>" --yolo, parses the VERDICT: line, and decides whether to allow the push.
  • The comment poster — a backgrounded subshell that polls GitHub for the pushed SHA and posts the review via gh api repos/:owner/:repo/commits/:sha/comments once the commit is visible on the remote. The prompt is the secret sauce. We split it into two categories — new vulnerabilities (added lines) and risky deletions (removed lines) — and forced AdaL to output a machine-parseable VERDICT: first line, followed by human-readable findings. That single contract is what lets a 30-line bash script gate every push reliably. ## Challenges we ran into
  • Secrets reaching GitHub anyway. During testing, GitHub's push protection blocked our push because a prior commit leaked a Stripe key — AdaL had passed the latest diff, but the secret was already baked into history. Lesson: per-diff review can't catch what was already committed. We added docs explaining this gap and recommending push-protection in tandem.
  • CI auth dead end. We initially built a GitHub Actions workflow that ran AdaL on every PR. It worked locally but failed in CI: AdaL CLI uses session auth, not API keys, so headless CI can't authenticate. We pivoted to a pre-push hook + auto commit comments — same UX (review on GitHub), no CI secrets needed.
  • gh api posting at the wrong moment. Our first comment-posting attempt ran during the pre-push hook — but the commit doesn't exist on GitHub yet at that point (HTTP 422: No commit found). The fix: spawn a backgrounded subshell that polls for the SHA on the remote and posts once it lands, while the hook returns immediately so the push isn't blocked.
  • Multi-line bodies in gh api. -f body="$body" mangles newlines silently. Switching to --field body=@- with stdin piping fixed it.
  • Non-TTY environments. When AI agents (or CI bots) call git push, there's no terminal. We routed all output to stderr + a log file so the review is visible to humans and agents reading subprocess output. ## What we learned
  • Pre-push is an underused integration point. It's the last moment you can cheaply prevent a mistake without involving anyone else.
  • Verdict-first prompting (force the LLM to output a parseable line before the prose) is a tiny prompt-engineering trick that makes downstream automation trivial.
  • Async commenting beats sync commenting. Decoupling "did the push succeed?" from "did the comment post?" makes the system robust to network blips and GitHub's eventual-consistency on commit visibility.
  • Fail-closed defaults matter. If AdaL crashes, no verdict, or output is malformed → block the push. Silent passes are worse than no tool at all. ## What's next
  • Edit-in-place commit comments so re-pushes update one comment instead of spamming a thread.
  • Local-only mode with a tiny TUI for solo devs who don't use GitHub.
  • Codebase-aware review — let AdaL load SECURITY.md and recent commits for context before judging the diff.
  • An Expert Pack: same install pattern, different reviewers — PerfReviewer (N+1, slow regex), StyleReviewer, LicenseReviewer.

Built With

Share this project:

Updates