Vibe Audit
9 of 10 case-study slots: same audit at $99 in exchange for a public before/after

The leaks Cursor and Lovable miss.

AI codegen ships fast. It also ships RLS policies that look right but don't scope, auth flows that work in dev and break in prod, and Stripe webhooks that swallow errors. One human pass before launch catches most of it.

What you'll share with me

Read-level access to a few things. Nothing that lets me change your prod state. After checkout I'll send a quick onboarding email with the exact steps for each.

Required (the 80% audit)
  • Database read access — Supabase: invite matt@uxcontinuum.com as Read-only (Project Settings → Team). Other DBs: connection string with read-only role, or schema dump.
  • Repo read access — GitHub: read collaborator. GitLab/Bitbucket: equivalent. Or a zip if private.
  • Test login — a real user account so I can probe auth flows from the user side. Throwaway email is fine.
  • Live URL — the production link.
  • What you're worried about — 1-2 sentences on what feels brittle. Or a Loom of the broken behavior. Speeds the audit dramatically.
  • Auth provider — if not Supabase Auth: Clerk, Auth0, Firebase, NextAuth, custom — name + dashboard link if relevant.
Optional (deeper passes)
  • Stripe — a Restricted key (Developers → API keys → Create Restricted Key, read-only on Webhooks + Events). Lets me check signature verification and idempotency.
  • Hosting platform — Vercel, Netlify, Fly.io, Cloudflare: read access for env var hygiene + build logs.
  • Env var names (not values) — fastest way to spot secrets leaking into the client bundle.
  • Error monitoring — Sentry, LogRocket, Datadog, etc: read access lets me see what's actually breaking in prod, not just what could break.
  • README / setup docs — anything that explains how the app is meant to work; surfaces gaps between intent and reality.

Don't send: service_role key, STRIPE_SECRET_KEY, production database exports. Anything labeled "secret" or "live" — I don't need it and I don't want it.

Reply within 24 hours from matt@uxcontinuum.com.

Not ready to book? Start with the free checklist: Free 5-minute pre-launch security checklist →