AI News HubLIVE
In-site rewrite2 min read

Show HN: OSS Tests to Fix AI Gen Code. 110 Test for Major API – Supabase, Auth0

api-doctor is an open-source CLI tool that scans AI-generated code for incorrect API integrations using 110 deterministic AST rules. It covers security, correctness, reliability, and integration issues for providers like Supabase, Auth0, and Firebase. Unlike AI-based tools, it gives the same output every time, making it easy to test AI code.

SourceHacker News AIAuthor: Reuben_Santoso

Uh oh!

There was an error while loading. Please reload this page.

Notifications You must be signed in to change notification settings

Fork 3

Star 30

BranchesTags

Open more actions menu

Folders and files

NameName

Last commit message

Last commit date

Latest commit

History

49 Commits

49 Commits

assets

assets

skills/api-doctor

skills/api-doctor

src

src

.gitignore

.gitignore

CLAUDE.md

CLAUDE.md

LICENSE.md

LICENSE.md

README.md

README.md

package.json

package.json

pnpm-lock.yaml

pnpm-lock.yaml

tsconfig.json

tsconfig.json

tsup.config.ts

tsup.config.ts

vitest.config.ts

vitest.config.ts

Repository files navigation

api-doctor scans AI-generated code for bad API integrations.

Deterministic AST rules. Not a prompt. Same input, same output, every time.

→ Full story and examples at apidoctor.co

output.mp4

Quick Start

Scan your project

npx @api-doctor/cli .

Or install as an agent skill (Claude Code, Cursor, Windsurf)

npx @api-doctor/cli install

📦 Supported Providers

Provider Rules

Resend 13 rules

Supabase 12 rules

Auth0 4 rules

Firebase 20 rules

Lovable 4 rules

Browserbase 11 rules

OpenAI Computer Use 7 rules

TipTap 11 rules

ElevenLabs 10 rules

Twilio 9 rules

OpenAI Realtime 9 rules

Full rule catalogs live in the GitHub repo under src/providers//README.md.

What it catches

Rules cover four categories: security (CWE/OWASP mapped), correctness (wrong endpoints), reliability (production failure modes), and integration (wiring gaps).

Category What it means Examples

Security Issues that expose you to compromise. Mapped to CWE and OWASP audits. Hardcoded API keys, secrets in the client bundle, webhooks read before signature verification

Correctness Wrong endpoint or API for the job. Marketing email via batch send, missing unsubscribe links, test domain in production

Reliability Production failure modes the provider docs warn about. Missing idempotency keys, batch limits not enforced, error codes not mapped

Integration Wiring gaps your agent won't add on its own. No tags, no request ID logging, bare from address instead of "Name "

Why deterministic matters

You can't test AI code with AI. api-doctor breaks that loop. Same rules, same output, every time. Not a model call. Not a prompt.

Telemetry

api-doctor sends anonymous usage data to PostHog so we can see whether the tool is helping developers catch real bugs.

What we collect:

CLI version, Node.js version, platform

Run context: local, CI, or agent

Which API SDKs were detected (e.g. resend, supabase) — provider names only

Which rules fired — rule names only, no code

Score and finding counts

Score delta between runs on the same project (stored locally in that project's .api-doctor/run-history.json)

A hashed project identifier (project_hash) — SHA-256 of the scanned directory path, not the path itself

Sanitized error messages and stack traces on unexpected crashes (paths redacted)

What we never collect:

Your code or file contents

Raw file paths or project names

Email, name, or any personally identifying information

A random anonymous ID is stored at ~/.api-doctor/install-id. Per-project run history is stored at /.api-doctor/run-history.json. Both stay on your machine — only the event data above is sent to PostHog.

Opt out:

npx @api-doctor/cli . --no-telemetry npx @api-doctor/cli install --no-telemetry

Or set API_DOCTOR_TELEMETRY=0 or DO_NOT_TRACK=1 in your environment.

Help

New provider? Open an issue

MIT © Qualty

About

AI compiles hallucinated code that pass. This fixes it before accepting it. 100% Deterministic

www.apidoctor.co

Topics

api

doctor

skills

linter

code-review

agents

abstract-syntax-tree

ai-tools

Resources

Readme

License

MIT license

Uh oh!

There was an error while loading. Please reload this page.

Activity

Custom properties

Stars

30 stars

Watchers

0 watching

Forks

3 forks

Report repository

Contributors

Uh oh!

There was an error while loading. Please reload this page.

Languages

TypeScript 100.0%