Last month I was debugging an unrelated issue and noticed one of my endpoints was returning the full table schema and a list of user emails as objects. It should have been returning just an ID.
That endpoint had been live for months. It returned 200. The UI worked. I never looked at the actual response body.
Static analysis can't catch what's actually being sent over the wire at runtime. That's when I started building Brakit. I wanted a tool that does three things:
1. See everything. Every HTTP request and response, every database query, every external fetch, grouped by what the user actually did. "Checkout" → 3 requests → 6 queries → 1 Stripe call.
2. Automatic checks. 8 security rules and 13 performance rules scanning every response in real time. If an endpoint is leaking PII, exposing stack traces, or running the same query 14 times in a loop, brakit flags it.
3. Cross-session regression tracking. If an endpoint gets slower or fires more queries after a refactor, you see it before your users do.
It also has a built-in MCP server. Type "fix brakit findings" in Cursor or Claude Code and the AI gets full runtime context: every request, query, and issue.
Most observability tools catch these problems in production. Brakit catches them on your machine, during development, before you ship.
npx brakit install
One command. Then run your app normally. Dashboard at localhost:3000/__brakit.
Tested on Next.js + Prisma + PostgreSQL and MySQL. Brakit is designed to be framework agnostic. Adding support for a new framework is a single adapter file.
speak2aditya•1h ago
That endpoint had been live for months. It returned 200. The UI worked. I never looked at the actual response body.
Static analysis can't catch what's actually being sent over the wire at runtime. That's when I started building Brakit. I wanted a tool that does three things:
1. See everything. Every HTTP request and response, every database query, every external fetch, grouped by what the user actually did. "Checkout" → 3 requests → 6 queries → 1 Stripe call.
2. Automatic checks. 8 security rules and 13 performance rules scanning every response in real time. If an endpoint is leaking PII, exposing stack traces, or running the same query 14 times in a loop, brakit flags it.
3. Cross-session regression tracking. If an endpoint gets slower or fires more queries after a refactor, you see it before your users do.
It also has a built-in MCP server. Type "fix brakit findings" in Cursor or Claude Code and the AI gets full runtime context: every request, query, and issue.
Most observability tools catch these problems in production. Brakit catches them on your machine, during development, before you ship.
One command. Then run your app normally. Dashboard at localhost:3000/__brakit.Tested on Next.js + Prisma + PostgreSQL and MySQL. Brakit is designed to be framework agnostic. Adding support for a new framework is a single adapter file.
Open source (MIT). Everything runs locally.
Demo: https://www.youtube.com/watch?v=IqTmlyIo3Mo GitHub: https://github.com/brakit-ai/brakit Site: https://brakit.ai
Would you add something like this to your dev workflow? What security rules or framework support would matter most to you?