OAuthSentry

Showcase
,
1

PROJECT: OAuthSentry
TRACK: Vercel Workflow SDK + AI SDK 6 + Chat SDK

TAGLINE: Find AI tools that breach you first.

DESCRIPTION: OAuthSentry is a production-ready security agent that continuously scans OAuth apps, third-party AI integrations, and npm dependencies against LIVE threat intelligence feeds (NVD, GitHub Security Advisories, OSV). It automatically files Linear tickets and posts Slack alerts for critical findings—enabling security teams to detect and remediate supply-chain risks before they become breaches.

Built entirely with Vercel’s latest stack: Next.js 16, AI SDK 6, Workflow SDK, and Chat SDK. Zero fake data—every threat feed, every CVE, every integration is real and production-ready.

INSPIRED BY: The April 2026 Vercel/Context.ai incident where a compromised OAuth app with excessive permissions (calendar, drive, email scopes) was used to pivot into employee systems.

20 FEATURES IMPLEMENTED:

TIER 1: CORE SECURITY FEATURES

  1. Real-Time Dashboard Metrics — Live asset count, critical/high/medium severity breakdown

  2. Severity Breakdown Chart — Visual bar showing threat distribution

  3. Remediation Tracking — Open → In Progress → Resolved with date picker

  4. Interactive Demo Mode — 5 realistic findings load instantly, no setup required

  5. Threat Intelligence Attribution — Real CVEs with CVSS scores and NVD/GitHub links

TIER 2: ADVANCED ANALYSIS

  1. Risk Timeline — Visual progression showing how threats escalate (Low → Medium → Critical)
  2. Remediation Scorecard — Resolution rate %, average fix time, efficiency metrics
  3. Risk Factor Scoring Breakdown — Transparent scoring: Compromise History, Access Vector, Affected Consumers, Vendor Trust
  4. Automated Remediation Recommendations — 7 step-by-step action items per finding
  5. Team Collaboration — Comments section with @mentions and ticket linking

TIER 3: ENTERPRISE FEATURES

  1. Export Reports — Premium multi-page PDF with executive summary, tables, and analysis + TXT/JSON
  2. Risk Comparison — Side-by-side comparison of top 5 assets by risk score
  3. False Positive Flag — Mark findings to exclude from metrics
  4. API Documentation — Complete REST API docs at /api-docs with curl examples
  5. Scheduled Scan Reports — Daily/weekly/monthly scans with email recipients and Vercel Cron

BONUS FEATURES:

  1. Linear Integration — One-click ticket filing with full finding context
  2. Slack Integration — Rich alerts with “View in App” buttons 18. Live IOC Feed — Real-time threats from NVD, GitHub Security, OSV (sidebar)
  3. Dark/Light Theme — System-aware with manual toggle 20. Premium Alert Modals — Custom styled notifications (no browser alerts)

WHAT MAKES THIS PRODUCTION-READY:

  • Real Integrations (not mocked):
  • Linear tickets actually created in your workspace
  • Slack alerts actually posted to your channel
  • Live CVE data from NVD, GitHub Security Advisories, OSV
  • Upstash Redis for scheduled scan persistence
  • Vercel Cron for automated daily scans
  • Enterprise-Grade Architecture:
  • Durable workflows via Workflow SDK (survive restarts)
  • Multi-platform chat via Chat SDK (Slack, Teams, Discord ready)
  • 9 production API endpoints with proper error handling
  • TypeScript strict mode throughout
  • Responsive design (mobile to desktop)

Security & Compliance:

  • Premium PDF reports for compliance audits
  • Remediation tracking with full audit trail
  • Team collaboration with @mentions
  • False positive management
  • Risk timeline for incident forensics

TECH STACK:

Frontend:

  • Next.js 16 (App Router, React Server Components)

  • React 19 with Suspense boundaries

  • Tailwind CSS 4 + shadcn/ui components

  • Dark/Light theme with next-themes

Backend & AI:

  • AI SDK 6 with Vercel AI Gateway

  • Workflow Development Kit (durable workflows)

  • Chat SDK (multi-platform bot support)

  • 9 API routes with Zod validation

Integrations:

  • Linear API (ticket filing)

  • Slack Webhooks (rich alerts)

  • Upstash Redis (scheduled scan storage)

  • Vercel Cron (automated execution)

Data Sources:

  • NVD (National Vulnerability Database)

  • GitHub Security Advisories

  • OSV (Open Source Vulnerabilities by Google)

DEMO INSTRUCTIONS:

  1. Visit https://oauthsentry.vercel.app

  2. Click “Demo Mode” — 5 realistic findings load instantly

  3. Expand Context.ai finding — see all 3 tabs (Overview, Analysis, Actions)

  4. Configure Settings — add Linear API key and Slack webhook

  5. File a ticket — watch it appear in Linear

  6. Send an alert — watch it appear in Slack

  7. Export PDF — download premium compliance report

  8. Visit /api-docs — explore the REST API

LINKS:

2

it is Zero to Agent Hackathon project check out!