YC Hackathon

Code Health is an autonomous code-auditing platform that connects to a GitHub repo, scans it for bugs and security vulnerabilities, and opens ready-to-merge pull requests with the fixes.

problem

Code review and security auditing are slow, manual, and easy to defer. Exposed API keys, unauthenticated endpoints, and client-side auth bypasses slip into production constantly, not because they're hard to understand, but because no one has time to comb every file. The bottleneck isn't knowing how to fix these issues; it's catching them in the first place, and then doing the tedious work of writing and shipping the patch.

solution

Code Health closes that loop end to end. Connect a GitHub repository and the platform indexes the entire codebase into a shared, pgvector-backed context store that every agent can read from. A LangGraph orchestrator then coordinates a team of specialized agents, scanners that hunt for vulnerabilities, a tester that validates behavior, and a fixer that writes patches, each operating over the same shared understanding of the code. The auditing agent analyzes a web app in under 60 seconds, using LLM-driven reasoning over the application's structure to surface three distinct classes of exploitable vulnerabilities: exposed API keys, unauthenticated endpoints, and client-side authentication bypasses. For each issue it produces a clear problem statement, not just a flag. From there, an iterative fixer/tester feedback loop generates a targeted patch, validates it, and refines until it holds. The result is pushed straight to GitHub as a ready-to-merge pull request with a clean diff, turning a finding into a reviewable fix without a human writing the patch by hand. What normally takes hours of review happens in minutes.

Code Health was built at the Y Combinator Full Stack Hackathon, where I was selected among 250 participants from a pool of over 10,000 applicants. The challenge was to design and ship a genuinely working MVP in a 24-hour window.

I worked on architecting the multi-agent system in LangGraph, a set of specialized agents sharing a single pgvector-indexed view of the codebase so they could reason about it collectively rather than in isolation. The hardest and most rewarding part was making the agents actually act: wiring the fixer and tester into an iterative loop that didn't just identify a bug but generated a patch, checked it, and opened a real pull request on GitHub through the API.

A lot of the work under the hood was unglamorous but essential, tightening how the agents parsed and associated data across the system, handling errors gracefully, and getting analysis fast and focused enough to demo reliably under pressure. Taking the concept from an empty repo to a live flow, connect GitHub, scan, generate a fix, watch a PR appear on GitHub, inside a single day was the real test, and getting it across the finish line made the constraint feel worth it.

Check it out: