This product was not featured by Product Hunt yet. It will not be visible on their landing page and won't be ranked (cannot win product of the day regardless of upvotes).
Hey guys, I wanted to share the launch of my side project: Zorv. What it is: An autonomous security agent that doesn't just alert you about npm/python CVEs—it bumps the package, runs your tests, uses an LLM to write the code fixes for any breaking API changes, and opens a clean PR once tests pass. Why I built it: I got tired of Dependabot PRs sitting in backlogs because a minor/major version bump broke a test and nobody had time to fix it.
Bumping vulnerable dependencies (like Dependabot does) is easy. The hard part is when a major upgrade breaks your test suite, and now someone has to manually refactor code.
I wanted to automate this with an LLM agent, but I had a massive security constraint: How do you safely execute AI-generated code and run test suites without giving it access to the host runner or environment variables?
Here is the architecture I built:
The Loop: The agent bumps the dependency, runs the test suite, captures the error log on failure, and feeds it to an LLM to rewrite the breaking API call. It loops up to 10 times until tests pass.
The Sandbox: To prevent the LLM (or a malicious package) from executing a directory traversal or exfiltrating env secrets, the entire install/test sequence runs inside a hardened Bubblewrap Linux sandbox built into a Docker image.
The Configuration: It's 100% self-hosted. It runs as a single Docker container locally or inside a GitHub Actions pipeline, using your own LLM API keys (OpenAI, Claude, Azure, etc.) so source code never leaves your infrastructure.
I ran into some weird issues with WSL2/Docker user namespaces requiring unconfined seccomp profiles, but got it working stably.
If you're interested in the setup or the GitHub Action workflow template, let me know. I've packaged it into a CLI tool called Zorv (zorv.openyf.dev).
Would love to get feedback on the sandboxing approach or hear how you guys manage automated breaking dependency upgrades!
No comment highlights available yet. Please check back later!
About Zorv on Product Hunt
“ Autonomous AI CVE Patcher for Node.js & Python”
Zorv was submitted on Product Hunt and earned 6 upvotes and 1 comments, placing #88 on the daily leaderboard. Hey guys, I wanted to share the launch of my side project: Zorv. What it is: An autonomous security agent that doesn't just alert you about npm/python CVEs—it bumps the package, runs your tests, uses an LLM to write the code fixes for any breaking API changes, and opens a clean PR once tests pass. Why I built it: I got tired of Dependabot PRs sitting in backlogs because a minor/major version bump broke a test and nobody had time to fix it.
Zorv was featured in Developer Tools (514k followers), Artificial Intelligence (471k followers) and GitHub (41.3k followers) on Product Hunt. Together, these topics include over 195k products, making this a competitive space to launch in.
Who hunted Zorv?
Zorv was hunted by youssef. A “hunter” on Product Hunt is the community member who submits a product to the platform — uploading the images, the link, and tagging the makers behind it. Hunters typically write the first comment explaining why a product is worth attention, and their followers are notified the moment they post. Around 79% of featured launches on Product Hunt are self-hunted by their makers, but a well-known hunter still acts as a signal of quality to the rest of the community. See the full all-time top hunters leaderboard to discover who is shaping the Product Hunt ecosystem.
Want to see how Zorv stacked up against nearby launches in real time? Check out the live launch dashboard for upvote speed charts, proximity comparisons, and more analytics.
youssef