Built for the age of AI-generated code

Stop dangerous code
before it merges

Technical Debt Radar enforces architecture rules, detects runtime risks, catches performance anti-patterns, and ensures reliability standards — automatically on every pull request.

Get Early Access See How It Works

Debt Categories

Detection Patterns

<30s

PR Analysis

1,300+

Tests Passing

technical-debt-radar — PR #247 Report

Debt Delta Score: +21 (High Risk)

Gate: ❌ BLOCKED — 3 critical violations

🔴 BLOCKING — Architecture

domain → infrastructure violation

src/orders/domain/order.entity.ts:12

🔴 BLOCKING — Runtime Risk

fs.readFileSync in request handler

src/orders/controllers/export.controller.ts:34

⚠️ PERFORMANCE

Unbounded query on events (volume: XL — 1M+ rows)

🤖 AI INSIGHTS

N+1 pattern detected — Suggestion: batch with WHERE IN

Fix 3 blocking issues to unblock this PR.

Why Technical Debt Radar

AI writes code fast.
Radar makes sure it's safe.

Cursor, Copilot, and Claude Code generate thousands of lines daily. Who checks if the architecture is intact? Who catches the event loop blockers? Radar does.

🏛️

Architecture Enforcement

Define your layers and modules in YAML. Radar blocks any PR that violates your architecture — domain importing infrastructure, circular dependencies, cross-module bypasses.

⚡

Runtime Risk Detection

11 Node.js patterns that crash production: sync file ops in handlers, catastrophic regex, event loop blockers. No other tool detects these in PR context.

📊

Volume-Aware Performance

Declare your table sizes (S to XXL). Radar knows that findMany() on a 50M-row table without pagination is catastrophic — even if it works in development.

🛡️

Reliability Checks

Unhandled promises, missing timeouts on external calls, empty catch blocks, retry without backoff. 8 patterns that prevent production failures.

🤖

AI-Powered Insights

Top 10 suspect functions analyzed by Claude Sonnet with your volume context. Gets N+1 patterns, algorithmic inefficiencies, and suggests exact fixes.

📈

Debt Delta Score

Every PR gets a single number: did this change make the system better or worse? Set a threshold: "no PR can add more than 15 debt points." Simple. Powerful.

Detection Engine

Five layers of protection

47 detection patterns across 5 categories. Deterministic rules decide. AI explains and extends.

Architecture Debt BLOCKS MERGE

Layer violations, circular dependencies, cross-module bypasses, forbidden frameworks in domain layer.

domain → infrastructurecircular dependencycross-module bypass

Runtime Risk Debt BLOCKS MERGE

Node.js event loop safety: 11 patterns including sync file ops, sync crypto, catastrophic regex, busy-wait loops.

fs.readFileSyncsync cryptoReDoS regexJSON.parse unbounded

Performance Debt BLOCKS on XL/XXL

Volume-aware ORM analysis: N+1 queries, unbounded fetches, missing pagination. Severity scales with your declared data volumes.

N+1 queryfindMany no limit (XL)nested includefetch + filter

Reliability Debt BLOCKS on Critical

Production failure prevention: unhandled promises, missing timeouts, empty catch blocks, retry without backoff.

unhandled rejectionmissing timeoutempty catchno backoff

Maintainability Debt WARNS

Complexity growth, large functions, coverage drops, hotspot tracking. Monitored over time, trends visible in dashboard.

complexity spikecoverage drophotspot file

How It Works

From install to enforcement in 5 minutes

Install the GitHub App

One click. Select your repos. Radar runs a free first scan and generates a shock report showing every issue in your codebase.

Define your architecture in radar.yml

Or use the auto-generated one. Declare layers, modules, dependency rules, data volumes, and runtime safety rules.

stack:
  language: TypeScript
  framework: NestJS
  runtime: node

rules:
  - deny: domain -> infrastructure
  - deny: controllers -> repositories

gates:
  block_merge:
    - debt_delta_score > 15

Open a PR — Radar analyzes in under 30 seconds

11 analyzers run across 3 phases. AI reviews top 10 suspect functions. Every violation shows the exact file and line.

Merge blocked until issues are fixed

Status check set to fail. Developer fixes violations. Radar re-analyzes. Green check. Merge allowed. Zero debt introduced.

Track trends over time

Dashboard shows health score, violation trends, hotspot files, and debt trajectory. Architecture drift visible before it's too late.

Architecture as Code

Your architecture, in one file

radar.yml is the single source of truth for your system's intent. Define it once, enforce forever.

radar.yml

data_volumes:

orders: L # 100K–1M rows

events: XL # 1M–50M rows

measurements: XXL # 50M+ rows

runtime_rules:

block: [sync-fs-in-handler, sync-crypto]

warn: [unbounded-json-parse]

gates:

block_merge:

- debt_delta_score > 15

Works With Your Stack

5 frameworks. 7 ORMs. 7 architecture presets.

Frameworks

NestJSExpressFastifyKoaHapi

ORMs

PrismaTypeORMSequelizeMongooseDrizzleKnexMikroORM

Architecture Presets

DDDHexagonalCleanLayeredMVCEvent-DrivenFeature-Module

Pricing

Simple, transparent pricing

Start free. Upgrade when you need AI and team features. No credit card required.

Free

Unlimited scans, warn mode

✓Unlimited scans
✓PR comments (warn mode)
✓GitHub Action
✓Basic dashboard

Get Started Free

Solo

$15/mo

PR blocking + AI fixes for indie devs

✓PR merge blocking
✓50 AI credits/mo
✓AI auto-fix
✓Scan summaries
✓Radar badge

Join Waitlist

Common questions

Sonar detects code smells and bugs. Radar governs architecture, detects runtime risks (event loop blockers), enforces volume-aware performance rules, and checks reliability patterns. Radar sits above Sonar — it doesn't replace it, it governs what Sonar cannot.

That's exactly why Radar exists. AI tools like Cursor and Copilot generate code without understanding your architecture, runtime environment, or data volumes. Radar catches the violations they introduce before the code reaches production.

Every rule has an exception mechanism with expiry dates. You can temporarily allowlist specific files and rules. All runtime risk patterns are scope-aware — they only flag sync operations inside request handlers, not in build scripts or CLI tools.

TypeScript and JavaScript are fully supported. Frameworks: NestJS, Express, Fastify, Koa, Hapi. ORMs: Prisma, TypeORM, Sequelize, Mongoose, Drizzle, Knex, MikroORM. Architecture presets: DDD, Hexagonal, Clean, Layered, MVC, Event-Driven, Feature-Module. Java, Python, and Go support is coming in V2.

Under 10 seconds for deterministic analysis (all 5 categories). Under 30 seconds with AI analysis included. First full repo scan completes in under 5 minutes for repos up to 500K lines of code.

Only PR diffs are temporarily analyzed. At most 10 function bodies are sent to the AI engine per PR — no secrets, no full files. Code snippets are deleted within 24 hours. Repository access tokens are encrypted at rest with read-only permissions.

Yes. Run radar scan --format ai-prompt to get a report optimized for AI assistants. Paste it into Claude Code or Cursor and say "fix these." All issues include exact file paths, line numbers, and fix instructions.

Yes. Upgrades take effect immediately with prorated billing. Downgrades take effect at the end of your current billing period, so you keep all features until then.

AI-powered features (auto-fix, PR comments, cross-file analysis) are disabled until credits reset next billing period. Deterministic features (CLI scan, PR gate, dashboard) continue working normally.

We accept credit/debit cards via Stripe and PayPal. Enterprise customers can pay by invoice.

Ready to stop dangerous code
from reaching production?

Join the waitlist. Be first to get access when we launch.

Join the Waitlist View Documentation

Stop dangerous codebefore it merges

AI writes code fast.Radar makes sure it's safe.