Then I discovered agentic coding and shipped it in 3 weeks.
What makes it different:
• Dual AI agents analyze every login in <300ms - Security Signals Agent: risk scoring (device, IP, geo, velocity) - Policy Compliance Agent: business rules (MFA policies, role enforcement) - Combined decision: allow/log/step-up/lock/deny
• Production-ready security - PKCE (RFC 7636), DPoP (RFC 9449) - MFA (TOTP + WebAuthn/Passkeys) - IP restrictions, rate limiting, audit trail
• EU digital sovereignty - GDPR native (data export, legal holds, retention policies) - EU hosting, no US Cloud Act exposure - Full audit trail (PostgreSQL + Redis Streams)
• Zero AI dependency - Deterministic fallback if AI timeouts - Conservative MEDIUM risk returned (safe default) - System keeps running without external LLM calls
• Modern stack - Backend: NestJS + TypeScript, LangChain/LangGraph - Frontend: React 19, hexagonal architecture, 91% test coverage - Deterministic fallback if AI timeouts (zero dependency)
Built as an alternative to Firebase Auth / AWS Cognito / Auth0 for companies that want control over their authentication infrastructure.
Architecture diagrams and screenshots in the repo.
Open to feedback and questions.