What ShipFix catches before launch

Representative reports for AI-built apps. Static scans are safe for the hosted MVP; live defensive checks require authorization and Pro access.

Production-readiness score 42/100

Critical

Launch blocker

Stripe webhook grants access from a checkout success redirect

Evidence

src/app/scan/[id]/checkout/success/route.ts updates plan without a verified webhook event.

Fix prompt preview

Remove redirect fulfillment. Persist subscription state only from verified Stripe webhook events and add an idempotency test.

Production-readiness score 58/100

Warning

Launch blocker

AI generation route has no quota or cost guard

Evidence

app/api/generate/route.ts accepts arbitrary prompt length and model from the client.

Fix prompt preview

Add server-side model allowlist, per-user rate limits, max prompt size, and tests for rejected over-limit requests.

Production-readiness score 64/100

Warning

Launch blocker

Order mutation is missing an ownership check

Evidence

app/api/orders/[id]/route.ts updates by order id without filtering by the current user.

Fix prompt preview

Require an authenticated user, scope order lookup by owner id, and add a regression test where another user cannot mutate the order.

Production-readiness score 71/100

Info

Launch blocker

Runtime URL still references localhost

Evidence

.env.example documents a local URL but the deployment checklist forgot the public URL.

Fix prompt preview

Document the production app URL, wire callback URLs through env config, and add a deployment checklist item.

Start with a safe static scan. ShipFix masks secrets and reports evidence before asking you to upgrade.