A UK senior engineer producing a written diagnostic report for an AI-built application, with annotated codebase findings visible on screen.

AI App Diagnostic Audit

A senior UK engineer reviews your AI-built application: its codebase, security configuration, deployment setup, and architecture. You receive a written report with a clear fix, refactor, or rebuild recommendation and a scoped quote for the next step.

£495 (launch price; standard £750) · 3 to 5 working days · Read-only repository access only

Book the Diagnostic Audit — £495

What the Audit Covers

The Diagnostic Audit is a structured engineering review of your application across five areas. It is conducted by a senior consultant, not an automated scanner. The output is a written report that tells you what the application is doing wrong, how serious each issue is, and what the correct remediation path is.

1. Architecture and code quality

Is the application structured in a way that can be safely extended and maintained? Does the codebase show evidence of accumulated circular-fix debt — the pattern where multiple rounds of AI-prompted repairs have introduced regressions without resolving the root cause? Is the dependency tree coherent, or are there hallucinated packages or conflicting version requirements?

2. Security posture

Are API keys, secrets, or credentials exposed in client-accessible code or in the repository? Are Supabase Row Level Security policies configured correctly — neither over-permissive (all data accessible to any authenticated user) nor under-permissive (legitimate users locked out of their own data)? Are Firebase security rules reviewed? Is input validation present at API endpoints? Are there OWASP Top-10 vulnerabilities visible in the codebase?

3. Deployment configuration

Why is the application failing to deploy, or failing at runtime after deployment? We trace through the build logs, environment variable configuration, hosting platform settings, and framework output directory to identify the specific fault. For Vercel deployments in particular, the build-time versus runtime environment variable distinction is a recurring source of failure in AI-generated applications.

4. Authentication design

Are OAuth redirect URIs correctly configured for your production domain? Is the JWT refresh token flow implemented correctly? Are there authentication states that work in the tool's preview environment but fail under a custom domain? Authentication failures are one of the most common post-deployment issues in AI-built applications.

5. UK GDPR and regulatory awareness

For applications that handle personal data, we flag relevant UK GDPR considerations: lawful basis for data collection, consent mechanisms, data minimisation, third-party processor relationships, and data residency. For applications operating in regulated sectors (financial services, healthcare, legal), we note the applicable regulatory overlay (FCA, ICO, SRA, GDC, CQC) and the specific considerations it introduces.

What You Receive

  • Written report (8 to 10 pages). Structured findings across the five audit areas. Each finding is rated by severity (critical, high, medium, low). The report closes with a clear recommendation: fix, refactor, or rebuild, with the reasoning that supports it.
  • Loom video walkthrough. A 20 to 30 minute recorded walkthrough of the key findings, so you can replay it and share it with anyone who needs to understand the situation without reading the full report.
  • Annotated repository comments. Where findings relate to specific code locations, we annotate them directly in the repository as review comments, so you can see exactly where the issues are.
  • Scoped quote for next steps. If you choose to proceed with remediation, we provide a fixed-price quote based on the actual findings — not a generic estimate. The audit is what makes a reliable fixed price possible.

What the Audit Does Not Include

The Diagnostic Audit is an assessment, not a remediation. The following are explicitly out of scope:

  • Any code changes, fixes, or deployments
  • A comprehensive penetration test (the audit covers common vulnerability patterns; a full penetration test is a separate engagement)
  • Legal advice on GDPR compliance (we flag considerations; formal legal advice requires a solicitor)
  • Assessment of native mobile applications, firmware, or regulated medical software

The Process

  1. Complete the intake form. Describe your app, the stack you used to build it, what works, and what does not. If you have a deployed URL or error logs, include them.
  2. 20-minute triage call (free). We confirm the stack is within scope, discuss your timeline, and answer any questions about the process.
  3. Purchase the audit (£495). Payment by card via Stripe. You receive a confirmation and the instructions for granting repository access.
  4. Grant read-only access. Add us as a collaborator with view-only permissions on GitHub, GitLab, or Bitbucket. If you have no repository, a zip export is acceptable.
  5. Receive the report. Within 3 to 5 working days of access being granted, you receive the written report, the Loom walkthrough, and the scoped quote.

Credential and Access Security

We request read-only repository access only at the diagnostic stage. We never request production database credentials, live API keys, or write access to your repository for the audit itself.

Any credentials you share in the process are handled via a 1Password shared vault. We do not accept credentials via email, Slack, or any other plaintext channel. At the close of the engagement, we recommend rotating any credentials that were shared.

A mutual NDA is available on request before repository access is granted. A UK GDPR Data Processing Agreement is available for applications that handle personal data.

Pricing Context

The current launch price for the Diagnostic Audit is £495 (standard price: £750, exclusive of VAT).

UK senior developer day rates average £438 and reach £600 to £700 or above for specialists (YunoJuno, 2024). A dedicated senior engineering assessment at £495 is below the cost of a single day of UK developer time. The difference is that the audit delivers a specific, actionable output — a written report and a scoped recommendation — rather than open-ended billable hours.

A traditional UK code review from an established agency runs from £750 to £2,000. The AI App Diagnostic Audit is priced below that floor because we are assessing a specific and bounded problem — the prototype-to-production gap in AI-generated applications — rather than a full general-purpose code review.

Frequently asked questions

Can I share my repository privately rather than granting public access?+
Yes. We are added as a named collaborator with read-only permissions on your private repository. We do not require the repository to be made public at any point.
What if I built my app in Lovable or Bolt.new and there is no GitHub repository?+
Lovable and Bolt.new both support GitHub export. We can walk you through the export process on the triage call if needed. If export is not possible, a zip archive of the project files is an acceptable alternative.
Can I use the report to get quotes from other developers?+
Yes. The report is your document. You own it. Some clients use it to get competitive quotes from multiple providers; others use it internally to decide whether to continue building or pause the project. There is no restriction on how you use it.
What if the audit finds no serious issues?+
We will say so. If the application is sound and the remaining issues are minor configuration problems, the report will say that and provide instructions for resolving them without requiring further paid engagement. This outcome is less common than clients expect, but it does occur.
How is the audit price guaranteed?+
The Diagnostic Audit is fixed at £495 (the current launch price; the standard price is £750). The price does not change based on what the audit finds. The remediation quote produced by the audit is a separate, scoped price based on the actual findings.

Book the Diagnostic Audit

The most useful thing you can do with a broken AI-built application is understand what is actually wrong before spending money on a fix.

Or call +44 2033 550 558