Enterprise-grade autonomous AI system that performs comprehensive web application audits through OpenAI function calling and Chrome DevTools MCP integration. Delivers actionable performance and security insights with executive-level reporting.
βββββββββββββββββββ ββββββββββββββββββββ
β Web Interface ββββββ FastAPI β
β Jinja2 + HTML βββββΆβ /audit β
β Templates β β REST API β
βββββββββββββββββββ ββββββββββββββββββββ
β β²
βΌ β
ββββββββββββββββββββ
β Audit Service β
β Business Logic β
β β
ββββββββββββββββββββ
β β²
βΌ β
ββββββββββββββββββββ βββββββββββββββββββββββ
β LLM Client β β MCP Tool Client β
β OpenAI API βββββΆβ JSON-RPC β
β GPT-4o-mini ββββββ Communication β
β 3-Phase Calls β β β
ββββββββββββββββββββ βββββββββββββββββββββββ
β β² β β²
β β βΌ β
β β βββββββββββββββββββββββ
β β β Chrome DevTools β
β β β MCP Server β
β β β (Node.js Process) β
β β β β
β β β Browser Tools: β
β β β β’ navigate_page β
β β β β’ performance_* β
β β β β’ evaluate_script β
β β β β’ take_screenshot β
β β βββββββββββββββββββββββ
βΌ β
ββββββββββββββββββββ
β Complete Report β
β Technical + β
β Executive Data β
ββββββββββββββββββββ
Phase 1: Function Calling
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β OpenAI Call #1: Tool Selection β
β βββββββββββββββββββ βββββββββββββββββββββββββββββββββββ β
β β System Prompt βββββΆβ AI selects browser tools β β
β β Web Audit Expertβ β β’ navigate_page β β
β β Persona β β β’ performance_start_trace β β
β βββββββββββββββββββ β β’ evaluate_script β β
β β β’ take_screenshot β β
β βββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββ
β Execute MCP Tools β
β Chrome DevTools β
β Browser Automation β
βββββββββββββββββββββββ
β
βΌ
Phase 2: Structured Analysis
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β OpenAI Call #2: Technical Audit Report β
β βββββββββββββββββββ βββββββββββββββββββββββββββββββββββ β
β β Tool Results βββββΆβ AI analyzes browser data β β
β β β’ Performance β β β’ Core Web Vitals extraction β β
β β β’ Security β β β’ Vulnerability assessment β β
β β β’ Network β β β’ Technical recommendations β β
β βββββββββββββββββββ β β’ Structured JSON output β β
β βββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
Phase 3: Executive Summary
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β OpenAI Call #3: C-Suite Business Impact β
β βββββββββββββββββββ βββββββββββββββββββββββββββββββββββ β
β β Technical Audit βββββΆβ AI creates executive summary β β
β β Results β β β’ Business impact assessment β β
β β β β β’ ROI estimates & timelines β β
β β β β β’ Risk prioritization β β
β β β β β’ Investment recommendations β β
β βββββββββββββββββββ βββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββ
β Complete Report β
β Technical + Exec β
β Dual-Audience Value β
βββββββββββββββββββββββ
- Single Input: Provide only a target URL
- Zero Configuration: Self-configuring AI analysis
- Real Browser Data: Live Chrome DevTools integration
- Executive Interface: Enterprise-grade web dashboard
- Performance Metrics: Core Web Vitals, Lighthouse scores, TTFB analysis
- Security Assessment: OWASP Top 10, security headers, vulnerability scanning
- Business Impact: Risk-prioritized recommendations with ROI analysis
- AI-Powered Insights: Three-phase OpenAI analysis with executive reporting
- Dual-Audience Reports: Technical details + C-suite business summaries
- FastAPI Backend: Enterprise-ready REST architecture
- CI/CD Pipeline: Automated quality gates and SLO enforcement
- Executive Reporting: C-suite ready dashboards and insights
- Batch Processing: Multi-site auditing capabilities
| Tool/Agent | Function | Technology | Output |
|---|---|---|---|
| navigate_page | Load website and capture metrics | Chrome DevTools MCP | Navigation data, page info |
| performance_start_trace | Begin performance measurement | Chrome DevTools API | Core Web Vitals tracking |
| performance_stop_trace | End performance measurement | Chrome DevTools API | Performance metrics |
| evaluate_script | Run JavaScript for security checks | Chrome DevTools Runtime | Security headers, HTTPS |
| list_network_requests | Analyze HTTP requests and headers | Network domain API | Security headers, performance |
| take_screenshot | Visual page state capture | Page.captureScreenshot | Visual validation |
| list_console_messages | Monitor JS errors/warnings | Runtime.consoleAPICalled | Error detection |
| π€ AI Audit Agent | Comprehensive web analysis | OpenAI 3-Phase + MCP | Technical + Executive Reports |
- Core Web Vitals (LCP, FID, CLS, INP)
- Lighthouse Performance Score
- Time to First Byte (TTFB)
- First Contentful Paint (FCP)
- Time to Interactive (TTI)
- Resource optimization analysis
- Console error detection
- HTTPS validation and TLS configuration
- Security headers (CSP, HSTS, X-Frame-Options)
- OWASP Top 10 vulnerability scanning
- Network request security analysis
- Certificate validation
- Attack surface analysis
- Python 3.9+ with pip
- Node.js 20+ (for Chrome DevTools MCP server)
- OpenAI API Key with GPT-4 access
- OpenAI: GPT-4o integration with function calling
- FastAPI: High-performance web framework
- Pydantic: Data validation and settings management
- Uvicorn: ASGI server for production deployment
- Jinja2: Template engine for web interface
- Chrome DevTools MCP: Browser automation protocol
# Clone repository
git clone <repository-url>
cd Ai-hackathon
# Configure environment
echo "OPENAI_API_KEY=your-key-here" > .env
# Build and start (single command)
make docker-up
# Other Docker commands
make docker-down # Stop containers
make docker-clean # Remove containers and images
make docker-logs # Show container logs
make docker-fix # Nuclear reset for Docker issues# Clone repository
git clone <repository-url>
cd Ai-hackathon
# Install dependencies
make install
# Configure environment
echo "OPENAI_API_KEY=your-key-here" > .env
# Start the application
make run# Access professional dashboard
open http://localhost:9000# Direct API call
curl -X POST "http://localhost:9000/audit" \
-H "Content-Type: application/json" \
-d '{"url": "https://example.com"}'
# API documentation
open http://localhost:9000/docs# Direct API usage
import requests
response = requests.post("http://localhost:9000/audit",
json={"url": "https://your-target-site.com"})
result = response.json()
print(f"Performance Score: {result['performance']['lighthouse_score']}")
print(f"Security Risk: {result['security']['risk_level']}")
print(f"Executive Summary: {result['executive_summary']['business_impact']}")
print(f"Investment Priority: {result['executive_summary']['investment_priority']}")- Pre-deployment validation with real browser data
- Performance regression detection
- Security compliance verification
- CI/CD integration with FastAPI endpoints
- SLO monitoring with automated thresholds
- Incident prevention through proactive scanning
- Enterprise-grade audit intelligence
- Risk assessment with business impact quantification
- Strategic planning with performance investment ROI
- Backend: FastAPI, Python 3.9+
- AI/LLM: OpenAI GPT-4o with function calling
- Browser Automation: Chrome DevTools MCP + Node.js
- Frontend: Jinja2 templates, HTML/CSS
- Data Validation: Pydantic schemas
- Protocol: JSON-RPC for MCP communication
- Clean dependency injection
- Three-phase AI analysis pipeline
- Real-time browser integration
- Executive-grade reporting
- Multi-stage builds: Optimized Alpine Linux images
- Service orchestration: Docker Compose with health checks
- Development workflow: Streamlined Make commands
- Production ready: Proper networking and volume management
# Development
make install # Install dependencies
make run # Start application locally
make stop # Stop application
make clean # Clean build artifacts
# Docker
make docker-up # Build and start containers
make docker-down # Stop containers
make docker-clean # Remove containers and images
make docker-logs # Show container logs
make docker-fix # Nuclear reset for Docker issuesStatus: Production Ready | License: MIT | Built with: FastAPI, OpenAI, Chrome DevTools MCP
Enterprise-grade web auditing with executive-level intelligence ποΈmance web framework
- Pydantic: Data validation and settings management
- Uvicorn: ASGI server for production deployment
- Jinja2: Template engine for web interface
- Chrome DevTools MCP: Browser automation protocol
# Clone repository
git clone <repository-url>
cd AiHackanton
# Configure environment
echo "OPENAI_API_KEY=your-key-here" > .env
# Build and start with Docker
make docker-build
make docker-up
# Other Docker commands
make docker-down # Stop containers
make docker-clean # Remove containers and images
make docker-logs # Show container logs# Clone repository
git clone <repository-url>
cd AiHackanton
# Create virtual environment
python3 -m venv .venv1
source .venv1/bin/activate # On Windows: .venv1\Scripts\activate
# Install Python dependencies
pip install -r requirements.txt
# Install Node.js dependencies (for Chrome DevTools MCP)
npm install -g @modelcontextprotocol/server-chrome-devtools
# Configure environment
echo "OPENAI_API_KEY=your-key-here" > .env
# Start the application
make run
# OR manually: PYTHONPATH=. python src/app/main.py# Start everything
make docker-up
# Access web interface
open http://localhost:9000# Access professional dashboard
open http://localhost:9000# Direct API call
curl -X POST "http://localhost:9000/audit" \
-H "Content-Type: application/json" \
-d '{"url": "https://example.com"}'
# API documentation
open http://localhost:9000/docs# Direct API usage
import requests
response = requests.post("http://localhost:9000/audit",
json={"url": "https://your-target-site.com"})
result = response.json()
print(f"Performance Score: {result['performance']['lighthouse_score']}")
print(f"Security Risk: {result['security']['risk_level']}")
print(f"Executive Summary: {result['executive_summary']['business_impact']}")
print(f"Investment Priority: {result['executive_summary']['investment_priority']}")AiHackanton/
βββ ποΈ src/ # Production backend
β βββ app/ # FastAPI application
β β βββ routes/ # API endpoints
β β β βββ audit.py # Web audit REST endpoint
β β β βββ health.py # Health check endpoint
β β βββ main.py # FastAPI app setup & configuration
β βββ business/ # Core audit logic
β β βββ audit_logic.py # AuditService orchestration
β βββ clients/ # External service clients
β β βββ llm_client.py # OpenAI GPT-4o-mini integration
β β βββ mcp_tool_client.py # Chrome DevTools MCP client
β β βββ service_factory.py # Dependency injection factory
β βββ config/ # Configuration management
β β βββ config.py # Application settings (Pydantic)
β β βββ logging_config.py # Multi-file logging setup
β βββ schemas/ # Pydantic data models
β β βββ requests.py # API request validation
β β βββ responses.py # Audit response structure
β βββ prompts/ # LLM prompt templates
β β βββ prompts.py # OpenAI system & user prompts
β βββ helpers/ # Utilities and validators
β β βββ exceptions.py # Custom exception classes
β β βββ validators.py # URL validation logic
β βββ middleware/ # HTTP middleware
β β βββ logging_middleware.py # Request/response logging
β βββ utils/ # Utilities and tools
β βββ logger.py # Centralized logging setup
β βββ log_context.py # Correlation ID & performance tracking
β βββ mcp_tools_exporter.py # MCP tools documentation utility
βββ π frontend/ # Web interface
β βββ templates/ # Jinja2 HTML templates
β β βββ base.html # Base template layout
β β βββ index.html # Landing page
β β βββ dashboard.html # Audit dashboard
β β βββ report.html # Audit results display
β βββ static/ # Static assets
β β βββ css/ # Stylesheets
β β βββ js/ # JavaScript files
β β βββ images/ # Image assets
β βββ routes/ # Web routes
β βββ web.py # Frontend route handlers
βββ π logs/ # Application logs
β βββ app.log # General application logs
β βββ error.log # Error and exception logs
β βββ metrics.log # Business metrics (METRIC level)
β βββ debug.log # Development debugging logs
βββ .env # Environment variables
βββ pyproject.toml # Project configuration & dependencies
βββ README.md # Project documentation
- Pre-deployment validation with real browser data
- Performance regression detection
- Security compliance verification
- CI/CD integration with FastAPI endpoints
- SLO monitoring with automated thresholds
- Incident prevention through proactive scanning
- Enterprise-grade audit intelligence
- Risk assessment with business impact quantification
- Strategic planning with performance investment ROI
- Backend: FastAPI, Python 3.9+
- AI/LLM: OpenAI GPT-4o-mini with function calling
- Browser Automation: Chrome DevTools MCP + Node.js
- Frontend: Jinja2 templates, HTML/CSS
- Data Validation: Pydantic schemas
- Protocol: JSON-RPC for MCP communication
- Clean dependency injection
- Single-agent AI analysis
- Real-time browser integration
- Executive-grade reporting
Status: Production Ready | License: MIT | Built with: FastAPI, OpenAI, Chrome DevTools MCP
Single-agent web auditing with enterprise-grade intelligence π€
Enterprise-grade web auditing with executive-level intelligence ποΈ