Skip to content

Vishwa-docs/reefguard-coral-hackathon

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ReefGuard — Revenue-Aware Release Risk Agent

ReefGuard is a Coral-powered enterprise release-risk agent for Track 1: Enterprise Agent. It answers: “Is this release safe to ship, who is at risk, what might break, and what should we do next?”

ReefGuard demo screenshot

Problem

Release approval evidence is scattered across pull requests, CI, runtime errors, revenue systems, support tickets, feature flags, runbooks, SBOMs, vulnerability feeds, policies, owner maps, and incident history. Teams either ship with partial context or spend hours pasting data between tools.

What ReefGuard Does

  • Produces a deterministic 0-100 Release Confidence Score.
  • Shows customer and revenue blast radius before rollout.
  • Joins SBOM and vulnerability data for dependency risk.
  • Detects sibling bug candidates and missing regression tests.
  • Checks release policy controls and approval gaps.
  • Routes reviewers, incident owners, and support escalation owners.
  • Generates read-only action drafts: Slack incident watch, support brief, rollout plan, rollback checklist, monitoring plan, regression test plan, reviewer request, and compliance exception draft.
  • Provides a self-running judge demo at /demo.
  • Provides a submission asset center at /submission.

Why Coral Is Essential

All core retrieval runs through coral sql --format json. ReefGuard does not read JSONL files directly in app logic and does not call GitHub, Sentry, Stripe, Slack, or other APIs directly. The seeded demo data is installed into Coral as file-backed source specs, then queried as SQL tables.

Best Coral Query

queries/release_blast_radius.sql joins:

  • demo_github
  • demo_sentry
  • demo_posthog
  • demo_intercom
  • demo_stripe
  • demo_launchdarkly

That query maps changed files → risk area → related runtime errors → product usage → support tickets → paid customers → feature flags.

For judges, queries/judge_friendly_join.sql is shorter and joins exactly the headline sources:

  • GitHub-like PR data
  • Sentry-like runtime errors
  • Stripe-like customers/revenue
  • Slack-like incident memory

Sources Connected

demo_github, demo_sentry, demo_posthog, demo_stripe, demo_intercom, demo_slack, demo_launchdarkly, demo_docs, cyclonedx_sbom, demo_osv, demo_service_map, demo_codeowners, demo_test_coverage, demo_repo_graph, demo_policies, demo_audit_logs, demo_approvals, demo_expertise, demo_release_history, demo_metrics.

Architecture

flowchart LR
  User["Release lead"] --> UI["Next.js UI"]
  UI --> Agent["Deterministic Release Risk Agents"]
  Agent --> CoralCLI["Coral CLI wrapper"]
  CoralCLI --> CoralSQL["Coral SQL"]
  CoralSQL --> Sources["20 file-backed Coral source specs"]
  Sources --> Rows["Evidence rows"]
  Rows --> Scoring["Explainable scoring"]
  Scoring --> Report["Score, blast radius, SQL evidence, action pack"]
Loading

Demo Flow

  1. Open http://localhost:3000.
  2. Use the high-risk scenario: reef-retail/api#142.
  3. Click Analyze Release Risk.
  4. Show the score, agent command center, Coral SQL tab, blast radius, revenue, security, impact graph, sibling bugs, test matrix, compliance, owners, incident replay, and action pack.
  5. Open /demo?autoplay=true&scenario=high-risk for the self-running 2-3 minute judge flow.

Setup

pnpm install
pnpm coral:setup
pnpm dev

Open http://localhost:3000.

If Coral is missing:

brew install withcoral/tap/coral
# or
curl -fsSL https://withcoral.com/install.sh | sh

Tests

pnpm coral:test
pnpm lint
pnpm typecheck
pnpm test
pnpm build
pnpm test:e2e

Full validation:

pnpm validate

Video

pnpm video:all

Outputs:

  • dist/submission/video/reefguard-demo-2m30s.mp4
  • dist/submission/video/reefguard-short-60s.mp4
  • dist/submission/video/reefguard-demo-recording.webm
  • dist/submission/screenshots/

Docker

docker build -t reefguard .
docker run --rm -p 3000:3000 --name reefguard reefguard
curl http://localhost:3000/api/health

Or:

docker compose up --build

Deployment

This project is Docker-first because Coral runs locally inside the app container.

Verified public deployment:

Fly.io:

flyctl auth login
flyctl launch --name reefguard-coral --dockerfile Dockerfile
flyctl deploy

Railway:

railway login
railway init
railway up

Render:

  • Create a Web Service.
  • Use Docker environment.
  • Build from this repo.
  • Set NODE_ENV=production and CORAL_CONFIG_DIR=/app/.coral-config.
  • Expose port 3000.

Security And Read-Only Model

ReefGuard never mutates external systems. It does not send Slack messages, create GitHub comments, close support tickets, or trigger rollbacks. Every action is a copyable draft. The repo includes .env.example only; no real secrets are committed.

Hackathon Rule Alignment

Requirement ReefGuard alignment
Original project Built as an original Coral hackathon submission.
Track 1 Enterprise Agent Solves enterprise release-risk analysis.
Coral central All core retrieval uses Coral SQL.
Cross-source JOINs Flagship query joins 6 sources; judge query joins 4 headline sources.
Source specs 20 file-backed Coral source specs, including custom CycloneDX SBOM.
Demo-ready UX Dashboard, autoplay demo route, SQL workbench, submission center.
Reproducible setup pnpm coral:setup, tests, Docker, docs, and submission bundle.
Safety Read-only draft recommendations only.

Judging Criteria Mapping

  • Potential impact: reduces release risk for customer-facing enterprise systems.
  • Creativity and originality: revenue-aware release risk agent with Coral SQL evidence and source-spec proof.
  • Learning and growth: custom source specs, multi-source SQL, Dockerized Coral runtime, programmatic video pipeline.
  • Technical implementation: Next.js, TypeScript, deterministic agents, tests, Docker, 20 Coral schemas.
  • Aesthetics and UX: polished dashboard, readable demo, Coral Workbench, visual impact graph.
  • Best use of Coral: visible SQL joins power the core workflow.

Bounties

  • Source Spec Bounty: custom file-backed CycloneDX SBOM source spec documented in docs/SOURCE_SPEC_BOUNTY.md.
  • Captain’s Log: reproducible guide in docs/CAPTAINS_LOG.md.
  • Tell the Tale: social posts in docs/SOCIAL_POSTS.md.

Originality Statement

ReefGuard is an original project built for the WeMakeDevs Pirates of the Coral-bean hackathon. The demo data is fictional. Implementation, UI, docs, source specs, and scripts were created for this submission.

No-Secrets Statement

No production credentials or real customer data are committed. Optional live integrations must remain read-only and use least-privilege tokens.

About

Revenue-aware release risk agent powered by Coral SQL

Topics

Resources

Stars

0 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors