Trust-Guardian

Inspiration

We were inspired by the growing threat of AI-generated spam, deepfakes, and scams flooding our digital lives. With Gmail inboxes becoming battlegrounds for malicious content, we wanted to build a guardian that could protect users in real-time. The Kiroween theme gave us the perfect opportunity to make cybersecurity feel less intimidating and more engaging—turning threat detection into a spectral experience where AI agents hunt digital demons.

What it does

Trust Guardian is an AI-powered email security platform that scans Gmail inboxes for threats using four specialized detection agents:

Spam Detector: Identifies unwanted promotional content using Hugging Face models Deepfake Detector: Catches synthetic/manipulated content and AI-generated text Toxicity Detector: Flags harmful language using Google's Perspective API Scam Detector: Detects phishing attempts and fraudulent schemes Users authenticate with Google OAuth, click "Scan Gmail Inbox," and watch as the platform analyzes their 50 most recent emails in real-time. Threats are highlighted with haunting red visuals, complete with confidence scores for each detection type. Users can batch-delete dangerous emails with one click, and the platform includes OCR scanning for extracting text from images, a competitive leaderboard with badges, and a fully customizable "haunting level" that controls both AI strictness and visual effects.

How we built it

Frontend: React 18 + TypeScript with Vite for blazing-fast development. Tailwind CSS powers the responsive design, while custom CSS animations create the spectral effects (ghost sprites, vapor trails, glitch effects, dynamic threat glows).

AI Detection: Four modular agents in src/agents/ using free-tier APIs (Hugging Face, Google Perspective, Replicate) with intelligent fallback to pattern-based detection when APIs are unavailable. Each agent returns standardized confidence scores (0-100) and threat levels.

Backend: Supabase handles authentication (Google OAuth), PostgreSQL database with Row Level Security, and real-time subscriptions for live leaderboard updates and notifications.

Gmail Integration: Google Gmail API via src/services/gmailService.ts fetches emails, analyzes them concurrently, and enables batch deletion (moves to trash, recoverable for 30 days).

MCP Server: Custom Model Context Protocol server (mcp-server/analyzer-server.js) enables concurrent batch analysis of multiple content streams.

Kiro Steering: Configuration file (.kiro/steering/trust-guardian-config.md) controls detection strictness (1-10) and visual haunting intensity (1-10), with real-time updates via localStorage and Supabase sync.

Challenges we ran into

API Rate Limits: Free-tier AI APIs have strict limits. We solved this by implementing intelligent fallback detection using regex patterns and heuristics that maintain 70-80% accuracy without external calls.

Gmail OAuth Scope: Getting the right permissions for reading and deleting emails required careful configuration of OAuth scopes and Supabase redirect URLs. We created detailed setup documentation to help others avoid this pitfall.

Real-time Performance: Analyzing 50 emails concurrently could freeze the UI. We implemented Promise.all() with proper error handling and loading states, plus a Zustand store for efficient state management.

Spectral Effects Balance: Making the UI "haunted" without being unusable required extensive testing. We added a haunting level slider (1-10) so users can dial effects up or down based on preference.

Accomplishments that we're proud of

Zero-cost deployment: Entire stack runs on free tiers (Vercel + Supabase + free AI APIs) Production-ready: Full authentication, database migrations, RLS policies, and deployment docs Modular architecture: Each AI agent is independent and swappable Accessibility: Works perfectly without API keys using fallback detection Gamification: Leaderboard with 6 badge tiers keeps users engaged Visual polish: Spectral effects that respond to threat levels in real-time What we learned AI Integration: How to orchestrate multiple AI models concurrently while handling failures gracefully. Pattern-based fallbacks taught us that simple heuristics can be surprisingly effective.

Real-time Systems: Supabase's real-time subscriptions are powerful but require careful management of listeners to avoid memory leaks.

UX Design: Security tools don't have to be boring. The haunted theme made threat detection feel engaging rather than anxiety-inducing.

OAuth Complexity: Third-party authentication requires meticulous configuration, but once working, provides seamless user experience.

What's next for Trust Guardian

Browser Extension: Real-time protection as users browse Gmail Advanced ML: Train custom models on user-reported threats for personalized detection Mobile App: Native iOS/Android apps with push notifications Video/Image Analysis: Expand deepfake detection to multimedia content API Platform: Let other developers integrate our detection agents Community Database: Crowdsourced threat intelligence sharing

Built With

• framer-motion
• google-gmail-api
• google-perspective-api
• hugging-face-api
• lucide-icons
• node.js
• react
• replicate-api
• supabase-(postgresql-+-auth-+-realtime)
• tailwind-css
• tesseract.js
• typescript
• vercel
• vite
• zustand