No database
Everything persists as lock-protected JSON files. Deploy anywhere PHP runs — no DB to provision.
Your AI auditor finds bugs and files them here. Every finding waits as pending until a human approves it. Only then does the AI get to fetch it and start fixing — a clean approval gate between machine and codebase.
The whole system is one rule: nothing gets fixed until a person says so.
Your auditor POSTs findings (single or a full report batch). They're stored as pending — the AI can't self-approve.
A human reviews each issue in the console and clicks approve or reject. This is the gate.
The solve queue returns only approved issues, severity-first. The AI claims, fixes, and marks them resolved.
Everything persists as lock-protected JSON files. Deploy anywhere PHP runs — no DB to provision.
Separate agent and admin keys. Agents submit and solve; only admins approve, reject, or delete.
Two independent states per issue: approval_status (admin) and work_status (agent).
Approved issues surface critical-first. Atomic claim so two workers never grab the same one.
CSRF-protected GUI, security headers, session hardening, login throttling, secrets kept out of git.
A clean dashboard: filter, search, inspect history, bulk-approve — all server-rendered, zero build step.
Bearer-token auth, JSON in and out. Full reference in docs/API.md.
curl -X POST https://bug.devai.in/api/issues \
-H "Authorization: Bearer $AGENT_KEY" \
-H "Content-Type: application/json" \
-d '{
"site": "example.com",
"issues": [
{ "title": "/docs returns 404",
"severity": "critical",
"category": "bug" }
]
}'
curl https://bug.devai.in/api/queue \
-H "Authorization: Bearer $AGENT_KEY"
# ...then report a fix
curl -X POST \
https://bug.devai.in/api/issues/{id}/resolve \
-H "Authorization: Bearer $AGENT_KEY" \
-d '{"note":"Restored the route."}'
config.local.php / env vars, never the repo.Sign in to the console, approve a few issues, and watch the queue fill.
Open the admin console →