A written technical assessment of your AI-generated or no-code MVP, sorted by business risk. Yours to keep — whether you hire me for the fix or walk away with the document.
An MVP audit is what a senior engineer does when someone drops a codebase in their lap and says "tell me what's in here and what's wrong with it."
You get a written report — typically 15 to 30 pages, structured by priority — that you can share with your investor, your next contractor, your board, or your first technical hire. Not a Slack message. Not a verbal debrief. A real document.
What I look for: the things AI coding tools and no-code platforms tend to miss. Authentication that's almost right. Schemas frozen on day one and brittle to change. "Defensive" error handling that swallows failures silently. Third-party integrations held together with string. Deployment pipelines that don't exist. Security misconfigurations that are one accidental keystroke from a data leak.
I audit against what's required for production — not what's possible in a sandbox. Security first, data integrity second, scaling and maintainability third. Always in that order.
Timeline: 1–2 weeks from discovery call to final deliverable.
Each category gets a score plus a short narrative. Categories that don't apply to your stack are marked and explained rather than silently skipped — if your MVP has no payment flow, you still get told why that's not in the findings.
Pricing is project-based, fixed before work starts, and agreed on the discovery call. The number depends on codebase size, infrastructure complexity, and how fast you need the result. No surprise invoices — if I think the engagement needs to expand (e.g., the codebase is twice as large as described on the call), we re-scope together before any additional work happens.
What you can count on: a discovery call is always free, you'll have a firm number before committing, and the audit deliverable is contractually yours whether or not you engage me for anything further.
Yes, it's yours to keep and share. The audit is written to be useful for non-technical readers and technical readers alike — you can hand it to an investor doing technical due diligence, to a new contractor, or to your first engineering hire as an onboarding document.
Same document, same call, same you deciding what to do next. If something is critical — a live data leak, an auth bypass — I'll tell you fast, outside the formal deliverable. I don't use the audit to pitch rescue work; that would be a conflict of interest. You own the findings and decide the next step.
I audit at expert level on PHP (Symfony), Node.js / TypeScript, React, and Python. I audit at a competent generalist level on most other mainstream stacks — enough to find the failure modes AI tools tend to introduce. If your stack is exotic (Elixir, Rust, obscure frameworks), I'll tell you honestly on the discovery call whether I'm the right auditor.
Read-only access to the repository is required. Production and infrastructure access (read-only, e.g., via an IAM role) is optional but recommended — it makes the deployment-readiness and observability findings significantly better. I'll never request write access during an audit.
A 30-minute discovery call, the setup of read-only access (usually a few minutes of someone's time), and a 60-minute walkthrough call at the end. Nothing else. You don't need to prepare documentation or clean up the codebase — I audit what's actually there.
Typically 1 to 2 weeks from the discovery call to the final deliverable. The audit itself is 3–5 working days; the rest is discovery, scoping, and the walkthrough call. Larger codebases or more complex infrastructure may extend timeline — I commit to a number before we start.
Fixed project price, agreed before work starts. Pricing depends on codebase size, infrastructure complexity, and urgency — which is why we scope it on the discovery call rather than listing a number on this page. No surprise invoices; if the engagement needs to expand, we re-scope together.
Want to see what an engagement like this looks like in practice? Read a real case study →
Free. 30 minutes. Tell me what the app does and what's breaking. I'll tell you honestly whether an audit is the right next step, and scope it on the call if it is.
Book a free call →