Sample deliverable

AI app rescue audit report.

This is a public sample of the report format used for a fixed-scope repo rescue or AI app stabilization pass. It shows the level of detail a client can expect without exposing private code, credentials, or customer data.

Project snapshot

The example project is a small AI support assistant with a web UI, a Python API, and a background ingestion job. The owner reports that setup is unreliable, one demo route crashes, and previous AI-assisted edits left unclear verification steps.

Business need: Make the demo runnable before a customer call.
Time box: One audit pass, then optional repair sprint.
Inputs: Sanitized repo link, failing command, expected demo route.
Output: Risk report, patch plan, verification commands, no-go list.

Diagnosis summary

High risk

Setup depends on undocumented environment variables.

The app reads model and vector-store configuration at import time, but the repository has no sample env file or startup guard. A missing key fails as a generic server crash instead of a clear setup error.

High risk

The demo route has no smoke test.

The route used in sales demos is not covered by a fast test or scripted smoke command, so every repair attempt relies on manual clicking and can regress without a visible signal.

Medium risk

Agent instructions are missing.

The repo does not explain which files are generated, which commands prove a change, or which actions require human approval. This makes future Codex work slower and riskier than necessary.

Low-cost repair plan

Add `AGENTS.md` with setup commands, test gates, generated-file boundaries, and no-go actions.
Add `.env.example` plus startup validation that returns a readable missing-config message.
Add one fast API smoke test for the demo route using fake model responses.
Add a `make smoke` or documented equivalent that proves the demo path without external credentials.
Record what was verified and what still requires client-side live testing.

Verification log sample

Setup: uv sync
Static check: ruff check app tests -> passed
Unit tests: pytest tests/test_demo_route.py -q -> 3 passed
Smoke: APP_ENV=demo uv run python scripts/smoke_demo.py -> passed
Not tested: production model key, live billing path, private customer data

The important part is not the exact toolchain. The deliverable names the commands that were actually run and separates local proof from anything that still depends on the client environment.

Client handoff

A paid audit would end with a short report, a patch plan, and an optional fixed-price repair quote. If repair work is approved, the next deliverable is a small pull request or patch bundle with the same verification format.

What changed and why it was low risk
Exact commands used for setup, tests, lint, build, or smoke checks
Known gaps that need client-side credentials or production access
Files or behaviors intentionally left untouched

Safe intake brief

To request this kind of audit, send a sanitized repo link, the failing command or route, the expected output, the deadline, and any platform constraints. Do not send production secrets, private keys, customer records, payment details, or instructions to bypass platform rules.

Need a report like this?

Open a quote request with the sanitized failure and the result you want. I will confirm whether it fits a fixed-scope audit or a small repair sprint.

Request a quote Read the checklist Back to services