DEV Community

Cover image for I Built a Free AI Architect to Stop Spaghetti Code in GitHub Actions
Pau Dang
Pau Dang

Posted on

I Built a Free AI Architect to Stop Spaghetti Code in GitHub Actions

Let’s be honest: reviewing Pull Requests for architectural flaws is exhausting.

While ESLint is great at yelling at you for missing semicolons, it won’t say a word if a junior developer writes business logic directly inside an Express route, or tightly couples a Mongoose model to a Controller. Over time, this leads to spaghetti code that becomes impossible to maintain.

I got tired of repeating the same architectural advice in code reviews, so I decided to build a robot to do it for me.

Meet ArchGuard AI — an open-source, Zero-Trust AI Architect that audits your PRs for structural flaws. And the best part? It's completely free for the community.

What Does ArchGuard AI Do?

Unlike traditional coding assistants that just auto-complete lines of code, ArchGuard acts as a Senior Architect. When a PR is opened, it looks at the diff and flags deep design flaws:

  • Tight Coupling: Catching direct database calls in presentation layers.
  • Security Flaws: Spotting hardcoded secrets and Mass Assignment vulnerabilities.
  • 1-Click Refactors: It doesn't just complain; it generates the exact refactored code (separating logic into Services and Repositories) directly into a GitHub PR comment, ready to be merged.

Here is an example of what it catches:
If a junior developer writes a controller like this:

// ❌ DANGER: Mass Assignment & Tight Coupling
async processPayment(req, res) {
  // Bypassing logic and passing raw user input directly to the DB!
  const newPayment = await PaymentModel.create(req.body); 
  return res.status(201).json(newPayment);
}
Enter fullscreen mode Exit fullscreen mode

Traditional linters will say this code is fine. ArchGuard AI will flag this PR, explain the Mass Assignment vulnerability, and automatically generate the refactored Service/Repository structure for you to apply with 1-click.

Why is it Free? (And How We Built It)

We believe enterprise-grade code review should be accessible to everyone. We sponsored and built the infrastructure using Cloudflare Workers AI, which allows us to run state-of-the-art open-weight models (like Llama 3) entirely on the edge.

Because of this serverless architecture, we can offer the tool to the community without requiring you to plug in a paid OpenAI API key or worry about subscription fees.

The Zero-Trust Security Model

If you're working on proprietary software, you shouldn't be sending your raw source code to random third-party endpoints.

ArchGuard AI is built with Zero-Trust principles:

  • No API Keys Required: It uses GitHub's OpenID Connect (OIDC) to securely authenticate your GitHub Actions runner with our Cloudflare Gateway.
  • Zero-Data Retention: The Edge worker processes your Git diff in RAM and discards it instantly. No caching, no model training.
  • BYOK Support: If you work at a bank and need absolute control, you can use the Bring Your Own Key (BYOK) mode to bypass our gateway entirely and route the analysis directly to your own private LLM endpoint.

Try it out!

You can add ArchGuard to your Node.js/TypeScript (or any language) project in literally 30 seconds. Just drop this into .github/workflows/archguard.yml:

name: ArchGuard AI Architectural Review

on:
  pull_request:
    types: [opened, synchronize]

jobs:
  archguard-review:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write # Required for ArchGuard to publish PR comments
      contents: read       # Required to read the PR diff
      id-token: write      # Required for Zero-Trust OIDC Authentication
    steps:
      - name: Run ArchGuard AI Auditor
        uses: archguard-labs/action@main  # Replace @main with @v1.x tags for stable production environments
        with:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          # CUSTOM_PROMPT: "Optional: Reject any PR that uses Vue Mixins or hardcodes SQL queries."
Enter fullscreen mode Exit fullscreen mode

I’d love to hear your thoughts! Check it out on the GitHub Marketplace and let me know how it handles your team's code in the comments below.

Top comments (0)