Skip to content

Karthik321-coder/ProofPilot-AI

Repository files navigation

ProofPilot AI

🚀 Evidence-grade fraud and incident operations OS for teams that need to turn suspicious activity into explainable decisions, verifiable evidence, and audit-ready reports.

ProofPilot AI ingests suspicious events, scores risk with deterministic rules, opens investigation cases, tracks live progress, detects shared-device/IP fraud rings, verifies a tamper-evident evidence ledger, and produces analyst-ready reports.

✨ Why It Exists

Fraud, trust-and-safety, fintech, marketplace, and SaaS operations teams often have plenty of alerts but weak proof. ProofPilot focuses on the missing middle:

  • What happened?
  • Why is it risky?
  • Which entities are connected?
  • Which evidence supports the decision?
  • Can the evidence chain survive audit review?

🧠 Core Capabilities

  1. ⚡ Suspicious event ingestion API with strict Zod validation.
  2. 🧮 Deterministic TypeScript risk engine with explainable reason codes.
  3. 🚨 Automatic critical case creation for high-risk activity.
  4. 📡 Live investigation stream with 4-second UI refresh.
  5. 🧭 Pipeline progress: New Event -> Risk Score -> Case Created -> Ledger Record -> Report Ready.
  6. 🗄️ DynamoDB-backed event repository with query-first access patterns.
  7. 🔎 Latest event API: GET /api/events/latest.
  8. 👤 Entity timeline API: GET /api/events/entity/[entityId].
  9. 🔥 Severity feed API: GET /api/events/severity/[severity].
  10. 🕸️ Fraud ring detector for shared account, device, IP, and case patterns.
  11. 📊 Dashboard analytics with Recharts.
  12. 🧩 React Flow entity graph.
  13. 🧾 Case detail timeline with linked evidence and analyst notes.
  14. 🛡️ Tamper-evident SHA-256 evidence ledger.
  15. ✅ Global ledger verification with exact broken-record reporting.
  16. 🧪 Simulate Tamper and Restore Valid Chain demo controls.
  17. 🤖 Controlled case copilot with structured deterministic fallback.
  18. 📝 Analyst brief generation.
  19. 🧠 Suspicious pattern summary.
  20. ✅ Recommended next actions.
  21. 💬 Customer-support-safe summary.
  22. 📄 Compliance-style HTML report generation.
  23. 🖨️ Print-friendly report preview.
  24. 🧯 Server-side generation cap: 1 to 1000 events per request.
  25. 🚦 Rate limiting for ingest and generation routes.
  26. 🔐 Server-side AWS SDK usage only.
  27. 🩺 System health page without secret exposure.
  28. 🧱 Future-ready Aurora DSQL/PostgreSQL schema.
  29. 🔍 Future OpenSearch zero-ETL architecture story.
  30. 🌊 Future DynamoDB Streams + Lambda processor story.
  31. 🧪 Vitest coverage for risk, ledger, generator, reports, API contracts, and Diamond features.
  32. 🚀 Vercel-ready Next.js App Router deployment.

🏗️ Architecture

Current live path:

flowchart LR
  Judge[Judge / Analyst Browser] --> App[Vercel Next.js App]
  App --> API[API Routes]
  API --> DDB[(DynamoDB ProofPilotEvents)]
  API --> Risk[Risk Engine]
  Risk --> Cases[Case Creation]
  Cases --> Ledger[Evidence Ledger]
  Ledger --> UI[Live UI Feed]
  Ledger --> Reports[Report Generator]
Loading

DynamoDB access patterns:

  • PK = ORG#org_northstar_pay
  • SK = EVENT#timestamp#eventId
  • GSI1PK = ENTITY#entityId
  • GSI1SK = EVENT#timestamp
  • GSI2PK = RISK#CRITICAL
  • GSI2SK = timestamp#eventId

Future expansion is documented but not falsely claimed as live:

  • DynamoDB Streams for near-real-time change capture.
  • AWS Lambda risk processor for event-driven processing.
  • OpenSearch zero-ETL for search and analyst queries.
  • Aurora DSQL/PostgreSQL for strongly consistent relational workflow storage.

🛠️ Tech Stack

  • Next.js App Router
  • React 19
  • TypeScript strict mode
  • Tailwind CSS import plus custom enterprise CSS
  • Zod validation
  • AWS SDK v3 DynamoDB adapter
  • Recharts
  • React Flow via @xyflow/react
  • Drizzle schema definitions
  • Vitest
  • ESLint flat config

🚀 Local Setup

npm install
npm run dev

Open http://localhost:3000.

🔐 Environment Variables

Copy .env.example to .env.local when using live adapters:

DATABASE_URL=
AWS_REGION=
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
DYNAMODB_EVENTS_TABLE=ProofPilotEvents
NEXT_PUBLIC_APP_URL=http://localhost:3000
NEXT_PUBLIC_DEMO_MODE=true

Never commit .env, .env.local, AWS credentials, database passwords, or screenshots with visible secrets.

📡 API Highlights

GET /api/events/latest?limit=50
GET /api/events/entity/acct_00?limit=50
GET /api/events/severity/critical?limit=50
GET /api/investigation-stream?limit=12
POST /api/demo/generate-events
POST /api/ingest
POST /api/ledger/verify
POST /api/ledger/tamper
POST /api/ledger/restore
POST /api/cases/[id]/ai-brief

🧪 Quality Gates

npm run typecheck
npm run lint
npm run test
npm run build

🎬 Demo Flow

  1. Open /demo.
  2. Generate suspicious events.
  3. Open /stream and watch realtime pipeline progress.
  4. Open /entities and inspect the fraud ring graph.
  5. Open the latest critical case.
  6. Generate the controlled analyst brief.
  7. Verify the ledger.
  8. Simulate tamper and confirm the exact broken record.
  9. Restore the valid chain.
  10. Generate a report.
  11. Open /architecture and /system-health.

🧭 Production Notes

ProofPilot is designed so the demo works without credentials while live adapters activate only from server-side environment variables. The system health page reports readiness without exposing secrets. For a full production launch, add organization auth, RBAC, hashed API keys, tenant isolation tests, durable rate limiting, observability, and least-privilege IAM policies.

📚 More Docs

About

Resources

Security policy

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages