Agents and non-engineers ship more code now, and the first real check is PR review, which is the most expensive place to catch a missing audit log or a leaked secret.
Long agent loops have no checkpoint at all, so they drift. Snitch moves the check into the session: a ts-morph extractor builds a deterministic graph of the change, rules flag missing companions (audit log, secret redaction, permission scope, an unauthorized-call test), and the findings go to the agent over MCP so it self-corrects before any PR.
Rules decide what is wrong; Cerebras only draws the fast diagram; Backboard remembers across sessions. I dogfooded it on its own repo and it caught a real un-audited webhook call, live.
Built With
- backboard
- cerebras
- mcp
- ts-morph
- typescript
Log in or sign up for Devpost to join the conversation.