How much of your codebase did the second author write?
Find out before someone with a term sheet does. A five-day, fixed-price independent audit of the newest risk category in software — scored for the people who ask the question: boards, buyers, and enterprise security reviews.
Four risk classes. One score.
AI-code risk is not "AI wrote bad code." Much of it is excellent. The risk is structural: Provenance Gap (nobody can say what the machine wrote), Duplication Debt (the 8× clone problem), Comprehension Collapse (code no one on payroll fully understands), and Confidence Inversion (dashboards that get greener as assurance gets weaker). The audit measures all four against stage benchmarks and returns a one-page scorecard your board can read in three minutes.
| Measured | Method |
|---|---|
| Provenance share | Commit-forensics and tooling-trace analysis: what fraction of the codebase is machine-authored, and where. |
| Duplication index | Clone detection scored against the GitClear-documented 8× market drift and stage benchmarks. |
| Security classes | Targeted review of the vulnerability families AI introduces at a documented ~45% rate. |
| Comprehension map | Structured interviews: which subsystems can current staff actually explain and extend? |
| Test assurance | Who wrote the tests — and do they assert requirements or merely the implementation? |
Eight questions. One honest band.
A two-minute self-assessment against the audit's screening criteria. It is not an audit — it tells you whether you need one.
$6,500 founding · five days · one scorecard
Provenance map, duplication index, security review, comprehension map, test-assurance read — scored, benchmarked, board-ready.
