SentinelAI

AI-powered enterprise security auditing for modern codebases. Detect deep logic flaws, enforce compliance, and auto-patch vulnerabilities using a Multi-Agent RAG architecture.

Comment

💡 Inspiration

Modern software development moves at lightning speed, but security tooling has lagged behind. Traditional Static Application Security Testing (SAST) tools rely heavily on rigid regular expressions and pattern matching. This creates massive friction: developers get bombarded with useless false-positive alerts, and the scanners completely miss deep business-logic flaws or authorization bypasses because they check files in isolation. We wanted to build a security auditor that reads code like a Senior Security Engineer.

⚙️ What it does

SentinelAI is a revolutionary multi-agent security auditing tool. Instead of searching for known bad strings, it builds a deep, semantic understanding of your entire repository. It maps out authentication flows, database schemas, and API routing. By simulating real-world attack paths, it finds complex, multi-step vulnerabilities.

Core Features:

  • 🧠 Context-Aware AI Analysis: Uses a local RAG pipeline to understand how files interact.
  • 🖥️ Dual Interfaces: Choose between a hacker-style Terminal UI (TUI) or a beautiful Web Dashboard.
  • 📜 Native Compliance Engines: Automatically checks code against OWASP Top 10, HIPAA, GDPR, PCI-DSS, SOC2, and CWE.
  • 🛠️ 1-Click Remediation: Generates .patch files to automatically fix the vulnerabilities it finds.
  • 📦 Automated SBOMs: Generates CycloneDX Software Bill of Materials instantly.
  • 💬 Interactive Code Chat: Chat directly with your codebase's security context after an audit.

🏆 How we built it (MLH Gemini.exe 2.0 Integration)

We built SentinelAI specifically for the MLH Gemini.exe 2.0 Hackathon (AI Agents Track - Problem Statement #4: Code Review Crew). Here is how we utilized the Gemini ecosystem:

  1. Semantic Code Search: We use Gemini Embedding models to tokenize and vectorize repositories into our local ChromaDB instance.
  2. Multi-Agent Security Engine: Instead of one monolithic prompt, Gemini powers distinct agents that cross-reference multiple files to find chained vulnerabilities.
  3. Automated Remediation Agent: A specialized Gemini agent that writes highly accurate .patch files to fix bugs.

Our backend is built in Python using FastAPI for WebSocket streaming to the frontend. The TUI is built using the Textual framework, and initial secret scanning is handled by Gitleaks.

🚧 Challenges we ran into

Handling massive codebases without blowing up the LLM context window was incredibly difficult. We had to implement a robust Retrieval-Augmented Generation (RAG) pipeline using ChromaDB so the Multi-Agent engine only receives the exact code chunks relevant to the specific security rule it's evaluating.

🏅 Accomplishments that we're proud of

Successfully generating standard, git-applicable .patch files directly from the LLM outputs. It transitions the tool from just complaining about bugs to actively fixing them for the developer. We are also extremely proud of the dual-interface (TUI and Web UI) syncing via WebSockets.

📖 What we learned

We learned how to deeply integrate Google's Gemini models with local vector databases to create semantic understanding of complex code logic, rather than just basic natural language processing.

🚀 What's next for SentinelAI

We plan to introduce deeper CI/CD integrations (e.g., automatically posting PR comments on GitHub with suggested fixes) and support for even more compliance frameworks.

Built With

Share this project:

Updates