Skip to content
auditor
DE
All reports

Sample reports

Auditing this repo

Production-ready. All seven applicable audits scored A− to A (90–94), zero P0, exactly one P1; the only real residual risks concern the supply-chain trust model the product sells, not a live exposure.

Target
marcelrapold/auditor
Run date
2026-06-17
Master tracker
#97
See the full run (#97)

Scorecard

Phase 0 selected 7 applicable audits; each lens scored independently.

documentationA94accessibilityA93performanceA92securityA91repoA−90frontendA−90infrastructureA−900 P0 · 1 P1

Declared not applicable

Phase 0 named these out of scope — with a reason — rather than skipping them silently.

  • api

    No route.ts / Server Actions — fully static.

  • data

    No database, schema, or ORM.

  • ai-llm

    Prompts run in the external agent; no in-repo runtime.

  • compliance-privacy

    No forms, auth, or PII beyond Vercel Analytics.

Headline findings

A slice of the backlog, rendered natively. Open any issue to check the evidence on GitHub.

P1

/de served the document with <html lang="en">

frontend
Evidence
web/app/layout.tsx:71
Before
/ and /de → <html lang="en">
After
/de → <html lang="de">
View issue #81
P2

CHECKSUMS.txt is not verified in CI

securityinfrastructurerepo
Evidence
CHECKSUMS.txt · .github/workflows
Before
Promises "verify-before-execute" — not enforced
After
A CI gate verifies checksums on every run
View issue #82
P2

~17 hand-maintained version pins with no single source of truth

repo
Evidence
scattered v0.5.0 pins across the repo
Before
Each pin edited by hand, drift-prone
After
One source of truth, bumped by script
View issue #83
P2

EN metadata hardcoded "German GitHub issues"

frontend
Evidence
web/lib/site.ts
Before
English copy claimed German-only output
After
Copy reflects German or English output
View issue #84

Cross-audit dedup

The payoff of running the audits together: the same gap found by several lenses, merged into one backlog item with every citation kept.

"CHECKSUMS.txt is not verified in CI"

Found independently by:repoinfrastructuresecurity

Found independently by the repo, infrastructure, and security lenses and merged into a single backlog item — all three citations kept. The version-pins half was split off as its own fix.

View issue #82

How this run worked

Recon selected the applicable audits, a specialist swarm ran them in parallel, findings were cross-pollinated and deduped, and every P0/P1 had to survive independent skeptics before it reached the report.

See the full run (#97)Six phases, every time