PreFlight - Stop AI agent from breaking database security & architecture

by
PreFlight is a local AST-based security gate that guards your codebase against AI hallucinations. AI coding agents often "quietly" skip critical security protocols like Supabase Row-Level Security (RLS) or leak server-only logic. PreFlight parses your code's AST in real-time, mapping your architectural dependencies to catch these structural drifts. Currently in public beta. Open-source, local-first, and built for developers who want to keep the speed of AI without the security debt.

Add a comment

Replies

Best
Maker
📌
Hey everyone! I’m Avenassh, and I’m incredibly excited to finally share PreFlight with you all. The Problem: Like many of you, I've been using AI agents (Claude, Codex etc.) to build faster. But I noticed a pattern: while AI is amazing at scaffolding, it often silently ignores architectural boundaries—like skipping Supabase RLS policies or leaking server-only logic into client components. Standard linters weren't catching these structural "logic" bugs, and I was spending more time auditing AI code than writing it. The Solution: I built PreFlight to act as a local, AST-based security gate. It parses your code using Tree-sitter to build a Quantized Code Property Graph, allowing it to "understand" your data flow and architectural constraints. When your AI agent attempts to write code that violates those constraints, PreFlight flags it in real-time. What I learned: Building this taught me that we need a new layer of "Governance" for AI coding. We are entering an era of "vibe coding," but we need concrete tools to ensure that speed doesn't come at the cost of security. PreFlight is currently in Beta and I’m looking for any and all feedback. Have you ever had an AI agent "silently" break your backend or security policies? I’d love to hear about the edge cases you've run into—let's discuss in the comments.