Third-Party AI & OAuth Risk Agent
Find the third-party AI tool that breaches you before it does
- About
- Problem Statement
- Features
- Tech Stack
- Getting Started
- API Documentation
- Architecture
- Deployment
- Troubleshooting
- Contributing
- License
- Contact
OAuthSentry is a production-ready security agent that continuously scans your organization's OAuth apps, third-party AI integrations, and npm dependencies against live IOC threat feeds. High-risk findings automatically file Linear tickets and send Slack alerts in real-time. Built for security teams protecting against supply-chain attacks and compromised AI tool integrations.
After the April 2026 Vercel/Context.ai incident where a compromised OAuth app pivoted into employee Google Workspace accounts, security teams need continuous monitoring of:
- OAuth apps with excessive permissions
- Third-party AI integrations with admin scopes
- Malicious npm packages (typosquats, backdoors)
- Vendor trust changes and abandoned projects
| Feature | Description |
|---|---|
| π AI-Powered Scanning | Scan OAuth apps, npm packages, and SaaS tools using GPT-4o-mini |
| π Risk Scoring | 0β100 scoring with IOC matching and detailed reasoning |
| π« Linear Integration | Auto-file tickets for critical findings |
| π¬ Slack Alerts | Rich Block Kit messages with actionable remediation steps |
| β° Scheduled Scans | 24/7 monitoring persisted in Upstash Redis |
| π‘ Live Threat Feed | Real-time intel from NVD, OSV, and GitHub Security Advisories |
| π PDF Export | Comprehensive reports with executive summaries |
| π Dark/Light Mode | Beautiful UI with theme toggle |
| π§ͺ Demo Mode | Instantly load realistic findings without API calls |
| β‘ Real-time Streaming | NDJSON streaming of scan results |
- Framework: Next.js 16 App Router
- Styling: Tailwind CSS v4
- UI Components: shadcn/ui
- Type Safety: TypeScript
- AI SDK: Vercel AI SDK 6
- Model: OpenAI GPT-4o-mini (via AI Gateway)
- Workflows: Vercel Workflow Development Kit (WDK)
- Storage: Upstash Redis
- APIs: REST & GraphQL
- Linear: GraphQL API for ticket filing
- Slack: Incoming Webhooks for alerts
- Threat Feeds: NVD, OSV, GitHub Security Advisories
- Hosting: Vercel
- Cron: Vercel Cron Jobs
- Node.js 18+
- pnpm or npm
- Vercel account (for deployment)
- OpenAI API key (via Vercel AI Gateway)
-
Clone the repository
git clone https://github.com/Hayredin950/oauthsentry.git cd oauthsentry -
Install dependencies
pnpm install # or npm install -
Configure environment variables Create a
.env.localfile:# Required β Vercel AI Gateway AI_GATEWAY_API_KEY=your_vercel_ai_gateway_key # Optional β Linear integration LINEAR_API_KEY=your_linear_api_key # Optional β Slack integration SLACK_WEBHOOK_URL=https://hooks.slack.com/services/YOUR/WEBHOOK/URL # Required for scheduled scans β Upstash Redis KV_REST_API_URL=your_upstash_redis_url KV_REST_API_TOKEN=your_upstash_redis_token # Optional β App URL for links in alerts NEXT_PUBLIC_APP_URL=https://your-deployment.vercel.app
Note: Linear and Slack keys can also be configured at runtime through the Settings dialog β no redeployment needed!
-
Run the development server
pnpm dev # or npm run dev -
Open the application Navigate to http://localhost:3000
Full API documentation available at: https://oauthsentry-phi.vercel.app/api-docs
| Method | Path | Purpose |
|---|---|---|
POST |
/api/scan |
AI-powered streaming scan (NDJSON) |
GET |
/api/threat-feed |
Live threat intelligence |
POST |
/api/actions/file-ticket |
Create Linear issue |
POST |
/api/actions/send-alert |
Send Slack alert |
GET/POST/PUT/DELETE |
/api/scheduled-scans |
Manage scan schedules |
User clicks "Run Scan"
β
POST /api/scan with asset list
β
AI analyzes each asset against IOC feeds + advisories (streaming)
β
RiskFinding[] streamed to dashboard in real-time
β
User clicks "File ticket" β POST /api/actions/file-ticket
β
Linear issue created via GraphQL API
β
User clicks "Send alert" β POST /api/actions/send-alert
β
Rich Block Kit message posted to Slack webhook
oauthsentry/
βββ app/
β βββ layout.tsx # Root layout + ThemeProvider
β βββ page.tsx # Main dashboard
β βββ globals.css # Tailwind v4 + design tokens
β βββ api-docs/page.tsx # API documentation
β βββ api/
β βββ scan/route.ts # AI scan agent
β βββ threat-feed/route.ts # Threat intel feed
β βββ actions/
β β βββ file-ticket/
β β βββ send-alert/
β βββ scheduled-scans/
β βββ workflow/
βββ components/
β βββ ui/ # shadcn/ui components
β βββ hero.tsx
β βββ risk-scanner.tsx
β βββ risk-results-table.tsx
β βββ ...
βββ lib/
β βββ types.ts
β βββ linear-client.ts
β βββ risk-knowledge.ts
β βββ ...
βββ public/
βββ package.json
βββ tsconfig.json
βββ vercel.json
-
Deploy via Vercel CLI
vercel
-
Set environment variables in Vercel Project Settings β Environment Variables.
-
Required Integration: Add Upstash for Redis via Vercel Marketplace for scheduled scans.
The vercel.json includes a Cron job that fires /api/scheduled-scans/execute every 15 minutes to run due schedules.
| Issue | Solution |
|---|---|
| Scan not running | Verify AI_GATEWAY_API_KEY is set |
| Linear tickets not created | Check Linear API key in Settings or env var |
| Slack alerts not posting | Ensure Slack Webhook URL is configured |
| Threat feed empty | External APIs may be rate-limited β auto-retry enabled |
| Scheduled scans failing | Confirm Upstash Redis integration is active |
| Build errors | Run pnpm build locally to debug TypeScript issues |
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Distributed under the MIT License. See LICENSE for more information.
Hayredin - hayredin.950@gmail.com
Project Link: https://github.com/Hayredin950/oauthsentry
Live Demo: https://oauthsentry-phi.vercel.app
Built with β€οΈ by Hayredin
Β© 2026 OAuthSentry. All rights reserved.