RouteGuard: Offline AI-Powered API Security

RouteGuard is a developer-first security tool designed to protect Node.js APIs from critical OWASP Top 10 vulnerabilities right in the IDE or CI/CD pipeline. Traditional security tools often rely on complex cloud setups, dynamic testing that requires running applications, or sending proprietary source code to external LLMs. RouteGuard solves this by combining the speed of deterministic static analysis with the deep contextual understanding of a local AI agent. It features two complementary engines: a lightning-fast deterministic scanner powered by a custom ESLint plugin that performs intra-file taint-analysis to catch BOLA (IDOR), mass-assignment, SSRF, SQL injection, and path traversal in milliseconds. For more complex business logic flaws, it employs a local IBM Granite 3.3 2B AI agent. Because the AI runs entirely offline, no source code or data ever leaves the developer's machine. The AI engine specifically hunts for nuanced vulnerabilities like broken authentication, function-level authorization bypasses, business flow abuse, and unsafe API consumption. RouteGuard integrates seamlessly into developer workflows via a CLI, an ESLint plugin, an MCP (Model Context Protocol) server for use with Claude Desktop or Cursor,and a local Vite/React web dashboard to review findings. By catching vulnerabilities at write-time, RouteGuard empowers developers to build secure APIs from the ground up without compromising privacy or development velocity.