Ship Fix · $4K to $15K by scope

Fix the dangerous findings before your users or an attacker do.

I take the critical and urgent findings from your Ship Check and fix them. Fixed scope, days not weeks. You get a re-runnable proof that each one is actually closed, not just marked done. You see the scope and the price before anything starts.

Book a Ship Fix call Get a Ship Check first, $299

No report yet? Start free with a Leak Check →

T1-03 · fix closedresolved
Tables readable by the anon role your frontend uses
was critical · now closed · proof re-runs green
before the fix · read-only query
SELECT relname FROM pg_class
WHERE relrowsecurity = false;
→ 4 tables exposed: orders, sessions, profiles, events
after the fix · same query, re-run
→ 0 tables exposed. row-level security enforced.
red before, green after. re-run it yourself, any time.
What gets fixed

The findings that actually leak users, money, or trust.

Not a vague triad. These are the concrete, dangerous things an AI-built app ships with when nobody checked. We fix the ones your Ship Check found in your app.

finding

Exposed database access

Tables your frontend can read or write with the anonymous key, because row-level security was never turned on. This is the finding that leaks every user record at once.

finding

Broken or missing auth

Login that can be bypassed, sessions that never expire, endpoints that trust a value the browser can change. Anywhere the app assumes a request is who it claims to be.

finding

Secrets in the client bundle

API keys, service tokens, or admin credentials shipped inside the JavaScript your users download. Anyone can open dev tools and read them.

finding

Unguarded admin routes

Admin pages and internal endpoints reachable by anyone who knows or guesses the URL, with no real check on who is allowed in.

finding

Missing rate limits

Signup, login, and expensive endpoints with no throttle, so one script can hammer them, run up your bill, or brute-force a password.

finding

Load and abuse failures

The things that fall over the first time real traffic or a bad actor shows up: unbounded queries, no input validation, no guard on the paths that cost you money.

How it works

Fixed scope. You know the plan before I touch anything.

01

We start from your Ship Check report

The ranked report already names what is dangerous and proves each finding. If you do not have one yet, we run it first so we are fixing real risks, not guessing.

02

We agree the critical fixes and the scope

We pick the findings that actually matter, write down exactly what gets fixed, and you see the scope and the price before any work starts. No open-ended retainer.

03

I fix them, and I own every critical change

Agents do the volume so the work moves in days, not weeks. A senior engineer reviews and owns every change that touches your data, your auth, or your money. Nothing dangerous ships on autopilot.

04

You get proof each fix is actually closed

For every finding, a re-runnable check that was red before and runs green after. Plus the patches or PRs. You can re-run the proof yourself, any time, and confirm it is still closed.

What you get

Closed findings, real code, and proof it held.

You do not just get told it is fixed. You get the changes, in your repo, with a check you can re-run to confirm each finding is closed and stays closed.

The fixed findings

Every critical and urgent finding we scoped, closed. Not marked done in a spreadsheet, actually closed and shown closed.

The patches or PRs

The real code changes, in your repo, reviewable. You keep everything. No black box, no lock-in.

A re-runnable proof per fix

The same check format from your Ship Check: the exact query or request, red before, green after. Re-run it whenever you want to confirm the fix held.

A short handoff note

Plain English: what was wrong, what changed, and anything you should keep an eye on. Written for the founder, not the compiler.

Price and scope

You see the scope and the price before anything starts.

Most Ship Fix projects run $4K to $15K, scoped to what your Ship Check found. Fewer findings, smaller scope, lower price. We agree the exact list and the number up front. No hourly meter, no scope creep, no surprise invoice.

Ship Fix · fixed scope$4K to $15K
Scoped from your Ship Check
the ranked findings, not a guess
Priced before any work
you approve the number first
Days, not weeks
agents do volume, senior owns critical
Proof per fix
re-runnable, red before, green after
Patches or PRs in your repo
you keep everything, no lock-in
the price is the whole project, agreed up front. not a retainer, not an hourly meter.

Close the dangerous findings before someone else finds them.

Have a Ship Check report? Bring it, we scope from it. No report yet? Start with the free Leak Check and see what is exposed right now.

Book a Ship Fix call Start with the free Leak Check
free Leak Check → Ship Check $299 → Ship Fix $4K to $15K → Continuum ongoing