Services / Software Audit Codename Spark · ~1–2 weeks

A software audit that ends the guessing. Spark.

A software audit is a short, fixed engagement where one senior engineer looks at what you have, or what you are about to build, and tells you the truth. You walk away with a salvage-or-rebuild call, a risk, security, and AI-exposure map, a real scope, signed acceptance criteria, and a number for the return. It runs in about one to two weeks, and the fee is credited in full to the build that follows.

01 / What it is

The audit removes technical uncertainty before you commit a budget.

Most non-technical teams are stuck on the same question. Is this codebase worth saving, or is it cheaper to rebuild. Is this vendor quote fair. Is the AI feature safe to ship. You cannot answer that without an engineer you trust, and hiring one to find out is the whole problem. The audit is that engineer, for one to two weeks, with a fixed price and a written verdict at the end.

The salvage-or-rebuild call

We read the code, the infrastructure, and the way it was built, then we give you a clear recommendation: keep it and fix it, keep part of it, or start over. We show our reasoning so you can check it. This is the call most teams overpay to avoid making, because the wrong answer costs months.

A risk, security, and AI-exposure map

We map where the work is fragile. Security holes, data handling, dependencies, and the specific failure modes that AI introduces into a system. AI writes more code faster, and it also writes more vulnerabilities faster. We look for the ones it tends to leave behind. The output is a readiness map against a real framework, not a vague list of worries.

Scope, acceptance criteria, and quantified ROI

We turn the verdict into a plan you can act on: the scope of the build worth doing, the signed acceptance criteria that define done, and a quantified return so the spend has a number next to it. If we are a fit and you are a fit, we say so. If we are not, we say that too.

02 / The value guarantee

Find 10x the fee, or it is free.

For teams we have pre-screened as a fit, we put a number on it. We find at least ten times the audit fee in value you agree is real, or the audit costs you nothing.

01

Value you agree is real

The 10x is not our number. It is the value you look at and confirm, in your own context. Risk avoided, cost recovered, revenue unblocked.

Your sign-off, not ours
02

Or it is free

If we cannot show you ten times the fee in value you accept, you do not pay for the audit. The risk of the audit sits with us, not you.

For pre-screened fits

A short qualification gate sits before any build, so we only take work we can stand behind. Start a conversation and we will tell you within a day if the audit fits.

03 / Timing and price

One to two weeks. Then credited back.

The audit is fixed in both directions. A fixed window, and a fixed price that does not stay spent.

  1. 01

    Fixed window

    About one to two weeks from start to written verdict. Short enough to decide on, long enough to be right.

    ~1–2 weeks
  2. 02

    Fixed price

    Quoted up front, in writing, before we start. You know the cost of certainty before you buy it.

    Quoted up front
  3. 03

    Credited to the build

    If you go ahead with the build, the full audit fee is credited to it. You only pay for the audit once, and it pays for itself.

    100% credited

04 / Who it is for

  1. 01

    You have software and you do not know if it is healthy.

    • You inherited a codebase and cannot tell if it is solid or a liability.
    • A previous agency or freelancer left, and you need a second read.
    • Something feels slow, fragile, or expensive, and you want the cause named.
  2. 02

    You are about to spend on a build and want certainty first.

    • You have a vendor quote and no engineer to check whether it is fair.
    • You want a real scope and a number for the return before you commit budget.
    • You are buying or investing and need technical due diligence you can trust.
  3. 03

    You are shipping AI and need to know it is safe.

    • You have an AI feature or agent and worry about what it could do wrong.
    • You need a security and AI-exposure read before customers touch it.
    • You want to be audit-ready against a framework, not hoping for the best.

05 / What you walk away with

Concrete deliverables, written down, that are yours to keep whether or not you build with us.

  • A salvage-or-rebuild recommendation, with the reasoning shown
  • A risk, security, and AI-exposure map against a real framework
  • A scope for the build worth doing, sized and prioritized
  • Signed acceptance criteria that define what done means
  • A quantified ROI, so the spend has a number next to it
  • A buyer-fit read: an honest yes, no, or not yet

The audit is the first step of how we work. See how we build, or read what happens next in the build itself. Start a conversation and we reply within a day.

06 / Common questions

What is a software audit?

A software audit is a short, fixed engagement where a senior engineer reviews your code, infrastructure, and AI exposure, then gives you a clear verdict. Ours runs about one to two weeks and ends with a salvage-or-rebuild call, a risk and security map, a scope, signed acceptance criteria, and a quantified ROI.

How long does the audit take and what does it cost?

About one to two weeks from start to written verdict. The price is fixed and quoted up front, in writing, before we start. If you go ahead with the build, the full audit fee is credited to it, so you only pay for it once.

What is the value guarantee?

For teams we pre-screen as a fit, we guarantee we will find at least ten times the audit fee in value you agree is real, or the audit is free. The 10x is value you confirm in your own context, not a number we assert.

Can the audit serve as technical due diligence before an acquisition or investment?

Yes. The audit gives you an independent read on a codebase you are buying into or investing in: its health, its security and AI exposure, what it would cost to fix or rebuild, and a quantified view of the risk. It is the engineer's opinion you need when you do not have one in-house.

Do you check AI and security risk specifically?

Yes. AI writes more code faster, and it writes more vulnerabilities faster too. We map the security holes and the specific failure modes that AI introduces, and we measure readiness against a real framework. We make you audit-ready against that framework. We do not promise you will never be attacked or breached.

What happens after the audit?

You own the verdict and the deliverables either way. If the work is worth doing and we are a fit, the audit rolls into the build, with the fee credited and the signed acceptance criteria already agreed. See the build for fixed price, fixed deadline, and client-owned code from day one.

Last updated June 2026 · Talk with Felipe

Your build

Taking on new builds

Have something in mind?

Tell us what you're making. We reply within a day with a fixed price and a date.

Start a conversation See the work