Built for the age of AI-generated code

Stop dangerous code
before it merges

Technical Debt Radar enforces architecture rules, detects runtime risks, catches performance anti-patterns, and ensures reliability standards — automatically on every pull request.

Not a code smell scanner. A PR safety gate for Node.js backends — catches what SonarQube, ESLint, and AI reviewers miss.

Run Your First Scan FreeGet Started Free

PR diffs only·AI-limited to 10 functions·Deleted in 24h·No tracking cookies

47
Detection Patterns
7
Architecture Presets
1,900+
Tests Passing
0
False Positives
technical-debt-radar — PR #247 Report
Debt Delta Score: +21 (High Risk)
Gate: ❌ BLOCKED — 3 critical violations

🔴 BLOCKING — Architecture
  domain → infrastructure violation
  src/orders/domain/order.entity.ts:12

🔴 BLOCKING — Runtime Risk
  fs.readFileSync in request handler
  src/orders/controllers/export.controller.ts:34

⚠️ PERFORMANCE
  Unbounded query on events (volume: XL — 1M+ rows)

🤖 AI INSIGHTS
  N+1 pattern detected — Suggestion: batch with WHERE IN

Fix 3 blocking issues to unblock this PR.
Proven on Real Codebases
14 real violations found. 0 false positives.

First scan on the most popular NestJS open-source repo nestjs-realworld-example-app

AI fix applied — all 14 violations resolved in one pass

Read the full case study
47
Detection Patterns
1,900+
Tests Passing
7
ORM Integrations
Why Technical Debt Radar

AI writes code fast.
Radar makes sure it's safe.

Cursor, Copilot, and Claude Code generate thousands of lines daily. Who checks if the architecture is intact? Who catches the event loop blockers? Radar does.

🏛️

Architecture Enforcement

Define your layers and modules in YAML. Radar blocks any PR that violates your architecture — domain importing infrastructure, circular dependencies, cross-module bypasses.

Runtime Risk Detection

11 Node.js patterns that crash production: sync file ops in handlers, catastrophic regex, event loop blockers. No other tool detects these in PR context.

📊

Volume-Aware Performance

Declare your table sizes (S to XXL). Radar knows that findMany() on a 50M-row table without pagination is catastrophic — even if it works in development.

🛡️

Reliability Checks

Unhandled promises, missing timeouts on external calls, empty catch blocks, retry without backoff. 8 patterns that prevent production failures.

🤖

AI-Powered Insights

Top 10 suspect functions analyzed by Claude Sonnet with your volume context. Gets N+1 patterns, algorithmic inefficiencies, and suggests exact fixes.

📈

Debt Delta Score

Every PR gets a single number: did this change make the system better or worse? Set a threshold: "no PR can add more than 15 debt points." Simple. Powerful.

Detection Engine

Five layers of protection

47 detection patterns across 5 categories. Deterministic rules decide. AI explains and extends.

01

Architecture Debt BLOCKS MERGE

Layer violations, circular dependencies, cross-module bypasses, forbidden frameworks in domain layer.

domain → infrastructurecircular dependencycross-module bypass
02

Runtime Risk Debt BLOCKS MERGE

Node.js event loop safety: 11 patterns including sync file ops, sync crypto, catastrophic regex, busy-wait loops, unhandled promises.

fs.readFileSyncsync cryptoReDoS regexbusy-wait loopJSON.parse unboundeddynamic Buffer.alloc
03

Performance Debt BLOCKS on XL/XXL

Volume-aware ORM analysis: 9 patterns. N+1 queries, unbounded fetches, missing pagination, fetch-all-filter-in-memory. Severity scales with your declared data volumes.

N+1 queryfindMany no limit (XL)nested includefetch + filterunfiltered countmissing pagination
04

Reliability Debt BLOCKS on Critical

Production failure prevention: 8 patterns. Fire-and-forget promises, missing timeouts, empty catch blocks, missing error logging, retry without backoff.

unhandled rejectionfire-and-forgetmissing timeoutempty catchmissing error loggingno backoff
05

Maintainability Debt WARNS

7 patterns: high complexity, dead code, unused exports, missing tests, code duplication, coverage drops, hotspot tracking. Monitored over time.

complexity spikedead codeunused exportsmissing testscode duplicationcoverage drop
How It Works

From install to enforcement in 5 minutes

1

Install the GitHub App

One click. Select your repos. Radar runs a free first scan and generates a shock report showing every issue in your codebase.

2

Define your architecture in radar.yml

Or use the auto-generated one. Declare layers, modules, dependency rules, data volumes, and runtime safety rules.

stack:
  language: TypeScript
  framework: NestJS
  runtime: node

rules:
  - deny: domain -> infrastructure
  - deny: controllers -> repositories

gates:
  block_merge:
    - debt_delta_score > 15
3

Open a PR — Radar analyzes in under 30 seconds

11 analyzers run across 3 phases. AI reviews top 10 suspect functions. Every violation shows the exact file and line.

4

Merge blocked until issues are fixed

Status check set to fail. Developer fixes violations. Radar re-analyzes. Green check. Merge allowed. Zero debt introduced.

5

Track trends over time

Dashboard shows health score, violation trends, hotspot files, and debt trajectory. Architecture drift visible before it's too late.

Architecture as Code

Your architecture, in one file

radar.yml is the single source of truth for your system's intent. Define it once, enforce forever.

radar.yml
data_volumes:
  orders: L        # 100K–1M rows
  events: XL       # 1M–50M rows
  measurements: XXL # 50M+ rows

runtime_rules:
  block: [sync-fs-in-handler, sync-crypto]
  warn: [unbounded-json-parse]

gates:
  block_merge:
    - debt_delta_score > 15
Works With Your Stack

5 frameworks. 7 ORMs. 7 architecture presets.

Frameworks
NestJSExpressFastifyKoaHapi
ORMs
PrismaTypeORMSequelizeMongooseDrizzleKnexMikroORM
7 Architecture Presets
DDD
Domain-Driven Design with bounded contexts
Hexagonal
Ports & adapters architecture
Clean
Uncle Bob's clean architecture
Layered
Presentation → Business → Data
MVC
Model-View-Controller
Event-Driven
Event sourcing & CQRS
Feature-Module
NestJS feature modules
10 Pre-configured Rule Packs
NestJS + Prisma (DDD)NestJS + Prisma (Relaxed)NestJS + TypeORMExpress + Mongoose (MVC)Express + SequelizeFastify + Prisma (Clean)Performance-FocusedReliability-FocusedSecurity-FocusedNestJS Starter

Install with one command: radar pack install nestjs-prisma-ddd

Try It Now

Try it in 10 seconds — no account needed

Works on any Node.js project. First scan is free, no login required.

$npx technical-debt-radar scan .

After your free scan, create a free account for 5 scans/month.

Pricing

Simple, transparent pricing

Start free. Upgrade when you need AI and team features. No credit card required.

Free
$0

5 scans/month, warn mode

  • Unlimited scans
  • PR comments (warn mode)
  • GitHub Action
  • Basic dashboard
Get Started Free
Solo
$15/mo

PR blocking + AI fixes for indie devs

  • PR merge blocking
  • 50 AI credits/mo
  • AI auto-fix
  • Scan summaries
  • Radar badge for README
Start for Free
MOST POPULAR
Pro
$49/mo

For small teams shipping fast

  • Unlimited repos
  • 500 AI credits/mo
  • AI PR comments
  • GitLab support
  • Architecture graph
  • 10 Rule Packs
  • Policy editor
  • Export radar.yml
Start for Free
Team
$99/mo

For growing teams that need analytics

  • Everything in Pro
  • 1,800 AI credits/mo
  • Team analytics Soon
  • Priority support
  • 10 orgs
Start for Free
COMING Q2 2026
Enterprise
$299/mo

For large teams with compliance needs

  • Everything in Team
  • 5,000 AI credits/mo
  • SSO & SAML Soon
  • Self-hosted option Soon
  • SLA guarantee Soon
  • Compliance certs Soon
Coming Q2 2026
View detailed feature comparison →
FAQ

Common questions

Sonar detects code smells and bugs. Radar governs architecture, detects runtime risks (event loop blockers), enforces volume-aware performance rules, and checks reliability patterns. Radar sits above Sonar — it doesn't replace it, it governs what Sonar cannot.
That's exactly why Radar exists. AI tools like Cursor and Copilot generate code without understanding your architecture, runtime environment, or data volumes. Radar catches the violations they introduce before the code reaches production.
Every rule has an exception mechanism with expiry dates. You can temporarily allowlist specific files and rules. All runtime risk patterns are scope-aware — they only flag sync operations inside request handlers, not in build scripts or CLI tools.
TypeScript and JavaScript are fully supported. Frameworks: NestJS, Express, Fastify, Koa, Hapi. ORMs: Prisma, TypeORM, Sequelize, Mongoose, Drizzle, Knex, MikroORM. Architecture presets: DDD, Hexagonal, Clean, Layered, MVC, Event-Driven, Feature-Module. Java, Python, and Go support is coming in V2.
Under 10 seconds for deterministic analysis (all 5 categories). Under 30 seconds with AI analysis included. First full repo scan completes in under 5 minutes for repos up to 500K lines of code.
Only PR diffs are temporarily analyzed. At most 10 function bodies are sent to the AI engine per PR — no secrets, no full files. Code snippets are deleted within 24 hours. Repository access tokens are encrypted at rest with read-only permissions.
Yes. Run radar scan --format ai-prompt to get a report optimized for AI assistants. Paste it into Claude Code or Cursor and say "fix these." All issues include exact file paths, line numbers, and fix instructions.
Yes. Upgrades take effect immediately with prorated billing. Downgrades take effect at the end of your current billing period, so you keep all features until then.
AI-powered features (auto-fix, PR comments, cross-file analysis) are disabled until credits reset next billing period. Deterministic features (CLI scan, PR gate, dashboard) continue working normally.
We accept credit/debit cards via Stripe and PayPal. Enterprise customers can pay by invoice.

Ready to stop dangerous code
from reaching production?

Start protecting your codebase today. Free forever, no credit card required.

Get Started FreeView Documentation

PR diffs only·AI-limited to 10 functions·Deleted in 24h·No tracking cookies