https://github.com/edycutjong/vetoblast
๐ก๏ธ Zero-Trust AI Agent Terminal Proxy and Runtime Guard protecting developer credentials and workspaces.
https://github.com/edycutjong/vetoblast
ai-agents deberta nextjs react sandbox security tailwind zero-trust
Last synced: 16 days ago
JSON representation
๐ก๏ธ Zero-Trust AI Agent Terminal Proxy and Runtime Guard protecting developer credentials and workspaces.
- Host: GitHub
- URL: https://github.com/edycutjong/vetoblast
- Owner: edycutjong
- License: mit
- Created: 2026-05-25T02:17:53.000Z (about 1 month ago)
- Default Branch: main
- Last Pushed: 2026-05-25T04:24:26.000Z (about 1 month ago)
- Last Synced: 2026-05-25T04:26:45.312Z (about 1 month ago)
- Topics: ai-agents, deberta, nextjs, react, sandbox, security, tailwind, zero-trust
- Language: TypeScript
- Homepage: https://vetoblast.edycu.dev
- Size: 4.34 MB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Security: SECURITY.md
- Agents: AGENTS.md
Awesome Lists containing this project
README
VetoBlast ๐ก๏ธ
Zero-trust runtime proxy that intercepts AI agent commands, redacts secrets, and vetoes destructive executions
[](https://vetoblast.edycu.dev)
[](https://vetoblast.edycu.dev/pitch.html)
[](https://youtu.be/2yhqErPzRI8)
[](#-testing--ci)
[](https://uoe-summer-of-code.devpost.com/)
[](https://github.com/edycutjong/vetoblast/actions/workflows/ci.yml)
---
## ๐ก The Problem & Solution
AI coding agents scan `.env` files, execute shell commands, and send prompts to external LLMs โ **without security awareness**. An intern's agent accidentally pushed production AWS credentials to a public repo, costing **$85,000** before the alert fired.
**VetoBlast** is a zero-trust terminal proxy that intercepts every AI agent command in real-time. It uses entropy analysis + a local DeBERTa-Sec classifier to distinguish real secrets from harmless hashes, redacts credentials in-flight, and vetoes destructive commands โ all in **<10ms** overhead.
**Key Features:**
- ๐ **In-Flight Secret Redaction**: Detects and replaces API keys, tokens, and passwords before they reach external services
- ๐ง **DeBERTa-Sec AI Classifier**: Local ONNX model distinguishes real secrets from commit hashes (2% false positive rate)
- ๐ซ **Command Veto Gate**: Blocks destructive patterns (`rm -rf`, `chmod 777`, `DROP TABLE`) instantly
- ๐ **Cyberpunk SOC Dashboard**: Real-time terminal tracer, threat speedometer, and incident review console
- ๐ **100% Local**: No credentials ever leave the developer's machine
## ๐ธ Screenshots
Click to expand all dashboard screenshots
### Stripe API Key Exfiltration โ BLOCKED
> Agent `copilot-agent-v1` attempted a git commit + push containing a Stripe live API key. VetoBlast detected the secret with 97% confidence and blocked execution.
---
### AWS Secret Key Leak via curl โ BLOCKED
> Agent `cursor-agent-v3` piped config JSON containing an AWS secret key to an external LLM API endpoint. Entropy analysis flagged it at 4.91.
---
### Destructive Shell Command โ VETOED
> Agent attempted `rm -rf /usr/local/bin && chmod 777 /etc/passwd`. Pattern-matched and vetoed before execution.
---
### Safe Command โ APPROVED
> `npm run build` passed all scans. No secrets detected, no destructive patterns.
---
### Deploy Script with GitHub PAT โ BLOCKED
> `python deploy.sh` contained a GitHub Personal Access Token in plaintext. DeBERTa classified intent as exfiltration.
---
### Git Config Password Exposure โ REDACTED
> Agent attempted `git config --global user.password` with a plaintext password. VetoBlast redacted to `[REDACTED_PWD]`.
## ๐๏ธ Architecture & Tech Stack
```mermaid
graph TD
Agent[Autonomous AI Agent] <-->|Terminal Commands / Stdin| Proxy[VetoBlast Proxy
Node.js / node-pty]
Proxy -->|Raw Streams| ONNX[DeBERTa-Sec Classifier
Python FastAPI / ONNX-runtime]
Proxy <-->|WebSocket Stream| UI[Next.js 16 / React 19 Dashboard]
UI <-->|Approve/Reject Signals| Proxy
Proxy -->|Log Actions| Supabase[Supabase Database]
Proxy <-->|Filter Output / Stdout| Agent
```
| Layer | Technology |
|---|---|
| **Dashboard** | Next.js 16 (App Router), React 19, Tailwind CSS v4 |
| **Proxy Engine** | Node.js, node-pty (terminal stream interception) |
| **AI Classifier** | Python 3.12, FastAPI, DeBERTa-Sec (ONNX-runtime) |
| **Audit Log** | Supabase (PostgreSQL) |
| **Communication** | WebSocket (real-time threat stream) |
## ๐๏ธ Database Schema
Data is persisted in **Supabase (PostgreSQL)** with Row-Level Security enabled. All tables use the `vb_` prefix to namespace within the shared Supabase instance.
```mermaid
erDiagram
vb_incidents {
text id PK
timestamptz timestamp
text agent_id
text command_attempted
varchar threat_category
varchar threat_level
text redacted_payload
jsonb detected_secrets
varchar status
timestamptz created_at
}
vb_metrics {
serial id PK
int total_scans
int total_blocked
int total_approved
numeric avg_scan_latency_ms
numeric false_positive_rate
int secrets_caught
text uptime
}
vb_terminal_feed {
serial id PK
text time
text type
text msg
timestamptz created_at
}
```
| Table | Purpose | Rows |
|---|---|---|
| `vb_incidents` | Intercepted agent commands โ threat level, redacted payload, detected secrets (JSONB) | 6 |
| `vb_metrics` | Aggregate scanner stats โ total scans, blocked count, latency, false positive rate | 1 |
| `vb_terminal_feed` | Live terminal proxy log โ timestamped block/pass/scan events | 8 |
> **RLS Policy**: Anonymous read access enabled on all tables. Write operations require `service_role` key.
## ๐ Getting Started
### Prerequisites
- Node.js โฅ 20
- npm
### Installation
```bash
git clone https://github.com/edycutjong/vetoblast.git
cd vetoblast
npm install
cp .env.example .env.local
npm run dev
```
## ๐งช Testing & CI
**51 passing tests** across 4 test suites โ covering mock data integrity, incident log consistency, entropy/confidence validation, threat level coverage, metrics cross-validation, terminal feed type validation, and all interactive dashboard state transitions.
```bash
npm test # Run all 51 tests
npm run test:coverage # Coverage report
npm run lint # ESLint
npm run typecheck # TypeScript check
npm run build # Production build
npm run ci # Full CI pipeline (lint + typecheck + test + build)
```
CI runs on Node.js 20, 22, and 24 via GitHub Actions on every push.
## ๐ Project Structure
```
vetoblast/
โโโ docs/ # README assets
โโโ src/
โ โโโ app/ # Next.js pages + __tests__/
โ โโโ lib/ # Mock data & utilities + __tests__/
โโโ .github/ # CI workflows
โโโ .env.example # Environment template
โโโ LICENSE # MIT
โโโ README.md # You are here
```
## Acknowledged Limitation
**Obfuscated Key Split**: If a secret key is split across multiple variables and concatenated during execution, raw stream evaluations may fail to identify the pattern, requiring supplementary environment inspection rules.
## ๐จ Built With
- [Next.js 16](https://nextjs.org/) โ App Router, React Server Components
- [React 19](https://react.dev/) โ UI framework
- [TypeScript](https://www.typescriptlang.org/) โ Type-safe JavaScript
- [Tailwind CSS v4](https://tailwindcss.com/) โ Utility-first styling
- [Node.js](https://nodejs.org/) + [node-pty](https://github.com/nickarora/node-pty) โ Terminal stream interception
- [Python 3.12](https://www.python.org/) โ AI classifier backend
- [FastAPI](https://fastapi.tiangolo.com/) โ REST API server
- [DeBERTa-Sec](https://huggingface.co/microsoft/deberta-v3-base) โ Fine-tuned ONNX classifier for command intent
- [ONNX Runtime](https://onnxruntime.ai/) โ Local model inference
- [Supabase](https://supabase.com/) โ PostgreSQL audit log with RLS
- [Jest](https://jestjs.io/) โ Testing framework (51 passing tests)
- [GitHub Actions](https://github.com/features/actions) โ CI/CD pipeline
- [Vercel](https://vercel.com/) โ Frontend deployment
## ๐ License
[MIT](LICENSE) ยฉ 2026 Edy Cu
## ๐ Acknowledgments
Built for **UOE Summer of Code 2026**. Thank you to the organizers and judges for the opportunity.