Ready? Check… Launch!
Launch-risk scorecard

Check the launch risk before users do.

Answer 12 privacy-safe questions to see whether your AI-built app looks ready, needs an audit, needs hardening, or should pause for triage.

Client-side onlyNo loginNo uploadsNo repo files

0/12 checks complete

Client-side only. Answers stay in this browser unless you copy them. Contact handoff includes only score, result, and risk category totals.

In progress
01 Does the app deploy successfully outside the AI-builder preview?
Break
02 Are production and preview/local environment variables separated and documented?
Break
03 Does the app store private user data, tenant data, uploaded files, or customer records?
Leak
04 Do protected pages and API/data routes enforce authorization server-side?
Leak
05 If using Supabase, are RLS policies enabled and tested on exposed tables?
Leak
06 If using Stripe, are webhook signatures verified and subscription/entitlement state updated from trusted events?
Lose money
07 Are Stripe live/test keys, Supabase anon/service-role keys, and other secrets separated and kept out of client code?
Leak
08 Do smoke tests cover the core path such as signup/login → payment or onboarding → dashboard/data access?
Regress
09 Does CI run build, lint, typecheck, and critical tests before production deploy?
Regress
10 Do you have monitoring, error tracking, logs, and a rollback path for launch day?
Operate blind
11 How close is launch?
Break
12 Are you about to run paid ads, Product Hunt, investor demos, client handoff, or first paid customer onboarding?
Lose money

Beta audit spots available

No secrets in forms.

Start auditScorecard