Inspiration
The rapid integration of AI and cloud services has led to a massive increase in hardcoded secrets and exposed sensitive data. As a self-taught independent developer focused on AI-driven security and privacy tools, I wanted to build a sovereign, localized solution that stops these leaks before they reach public layers. I realized that security operators needed more than just simple regex scanners; they needed intelligent agents capable of understanding context, mitigating risks instantly, and mapping these vulnerabilities directly to legal frameworks.
What it does
Sentinel Compliance is a high-performance, full-stack, multi-agent automated compliance auditing engine. It acts as an interactive multi-agent workspace for security operators, running behind a secure reverse-proxy gateway. The system utilizes three collaborative agents:
The Guardian (Diff Mitigation Agent): Detects vulnerable patterns, API credentials, and PII, automatically parsing incoming scripts to generate localized diff outputs with safe replacements.
The Architect (Topology Agent): Inspects dependencies and maps endpoints to construct interactive dependency blueprints.
The Scribe (Compliance Readout Agent): Curates official, multi-lingual security audits mapped to strict regulatory guidelines like GDPR Article 32, HIPAA, and SOC2.
How we built it
The application was built as a reactive full-stack architecture. I utilized TypeScript, React, and Vite for the frontend, combining it with an Express server on the backend. To ensure real-time updates without taxing the server, the UI is heavily driven by Server-Sent Events (SSE). The system evaluates uploaded files within sandbox environments, keeping vulnerable source scripts from ever being exposed to outer layers.
Challenges we ran into
One of the core challenges was orchestrating multiple AI agents to work synchronously. Processing a file required The Guardian to find the secrets, The Architect to map the dependencies, and The Scribe to write the report simultaneously. Additionally, implementing accurate, multi-lingual translations (English, German, and Spanish) for complex legal compliance attestations required careful prompt engineering and context handling.
Accomplishments that we're proud of
I am incredibly proud of the automated secret sanitization pipeline. Successfully implementing security protocols that instantly detect and redact database and payment API keys, like Stripe tokens and AWS credentials, is a massive win. Furthermore, wrapping this powerful engine in an "Elegant Dark Theme" with paired display typography, live action ledgers, and a clean grid structure makes the tool feel incredibly professional and intuitive to use.
What we learned
Building this deepened my understanding of formal cryptographic corporate attestation certificates and major compliance frameworks (GDPR, HIPAA, SOC2). It also pushed my skills in managing highly interactive, real-time data streams using Server-Sent Events and orchestrating multi-agent systems to perform distinct but collaborative roles.
Log in or sign up for Devpost to join the conversation.