Skip to content

Chromery/Audit-Bridge

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
agents
agents
 
 
assets/screenshots
assets/screenshots
 
 
references
references
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
SKILL.md
SKILL.md
 
 

Repository files navigation

Audit Bridge

Audit Bridge is a Codex skill and scanner that reviews software repositories for privacy, security, and compliance risks, then publishes structured audit findings to AuditBridge.

This project is a submission for the MuShanghai hackathon by the PartyNS team.

Audit complete summary

Audit report viewer

What It Checks

  • Personal data collected in code paths, schemas, forms, and models
  • Data sent to third-party APIs or analytics services
  • Logs that may contain emails, tokens, cookies, auth headers, or identifiers
  • Auth flows without visible rate limiting
  • Cookies, localStorage, or sessionStorage usage without an obvious consent layer
  • AI model calls that send user content externally
  • Hardcoded secrets, insecure crypto, and missing audit-log coverage
  • Open-source dependency license risk
  • Missing retention, deletion, export, or data portability paths

How It Works

  1. Scans a repository and extracts evidence-backed findings.
  2. Builds an AuditBridge-compatible JSON payload.
  3. Posts the payload to https://auditbridge.partyns.com/api/audits.
  4. Returns a shareable report URL from AuditBridge.

Use In Codex

Install this folder as a Codex skill, then invoke it from a repository you want to audit:

Use $auditbridge-compliance-audit to audit this repo. Review the generated findings for obvious false positives, post the final audit to AuditBridge, and give me the final report link.

The bundled scanner can also be run directly:

python3 scripts/auditbridge_scan.py --repo /path/to/repo

For a review-first workflow:

python3 scripts/auditbridge_scan.py \
  --repo /path/to/repo \
  --no-post \
  --payload-out /tmp/auditbridge-payload.json

python3 scripts/auditbridge_scan.py \
  --payload-in /tmp/auditbridge-payload.json

Set AUDITBRIDGE_API_BASE or pass --api-base to use a different AuditBridge endpoint.

Repository Contents

  • SKILL.md: Codex skill instructions
  • scripts/auditbridge_scan.py: repository scanner and AuditBridge poster
  • references/auditbridge-api.md: API payload reference
  • references/finding-rubric.md: severity and evidence rubric
  • agents/openai.yaml: Codex UI metadata

Notes

Audit Bridge produces heuristic findings to support review. It is not a final legal compliance determination.

About

Audit Bridge compliance audit Codex skill for the MuShanghai hackathon

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages