Faultmark
v0.1 - early accessfaultmark.dev
AI-Powered Code Review

Find bugs

before your

users do.

Three AI agents debate your code. One verified fix. Automatic pull request. Developers stay in control — always.

Log in / Sign upWatch it work
3
AI agents
< 2s
per review
Auto
PR creation
app.faultmark.dev/dashboard/repos/acme-api
acme-api
acme-corp/acme-api
Run Scan
Branch: mainComplete
BUGS FOUND3 confirmed · 0 disputed
CRITICALHIGH
Hardcoded API Secret in Source Code
.env.local
View Fix →
HIGHHIGH
SQL Injection via Raw User Input
app/api/search/route.ts
View Fix →
HIGHMEDIUM
Missing Auth on Admin Export Endpoint
app/api/admin/export/route.ts
View Fix →
← Back to bugs
HIGHHIGH CONFIDENCE
SQL Injection via Raw User Input
app/api/search/route.ts
WHAT'S WRONG

The search endpoint interpolates the user-supplied q parameter directly into raw SQL with no sanitisation. An attacker can append arbitrary SQL and exfiltrate the entire database.

PROPOSED FIX
-db.query(`SELECT * FROM users WHERE name = $${q}`)
+db.query('SELECT * FROM users WHERE name = $1', [q])
Accept Fix
Reject
PR createdfaultmark/fix-sql-injection → main

Three models walk into your codebase.

They disagree constantly. That's the point.

Agent 1Agent 2Agent 3DebateEngineVerifiedFix

Independent analysis

Each agent examines your code in isolation. Agent 1 traces async flows, Agent 2 checks type safety, Agent 3 covers edge cases.

Structured disagreement

When models conflict, the engine scores divergence. Only consensus findings make it to your report.

Guaranteed output

Every bug survived three independent critics. Fix proposals are generated only when all three models agree on root cause.

Everything a senior engineer
would catch. Automated.

01 / MULTI-AGENT DEBATE

Three models, one verdict

Every potential bug runs through three independent AI agents. Only findings that survive cross-examination reach your report.

Agent 1
94%
Agent 2
91%
Agent 3
88%

02 / BUG ANALYSIS

Real errors, not synthetic noise

BUG FOUND · auth.ts line 7
Unhandled null reference — user.profile.prefs will throw on unauthenticated requests.
Confidence: HIGH · 3/3 models

03 / EDGE CASE COVERAGE

What breaks at 3am

null / undefined inputfail
empty string edge casepass
max length + 1fail
concurrent writefail
unicode boundarypass

04 / FIX PROPOSALS

Concrete fixes, not hints

Faultmark never auto-deploys. You review the fix, approve the PR, ship when ready.

- return user.profile.prefs
+ const prefs = user?.profile?.prefs
+ return prefs ?? null

05 / CONFIDENCE SCORING

High / Medium / Low / Disputed

HIGHauth.ts:7null ref on user.profile
MEDIUMutils/date.ts:11Date boundary overflow
LOWconfig.ts:3Unused import side-effect
DISPUTEDapi/route.ts:23Potential race condition

Disputed bugs surface in a separate review queue.

06 / AUTO PR

One click to pull request

fix: handle null user.profile in auth
faultmark/fix-null-ref-auth-7 → main

This is what a real scan looks like.

41-file TypeScript repo. 4 candidates found. 0 false positives dropped. 4 bugs confirmed and ready for PR.

app.faultmark.dev/dashboard/repos/acme-api
← Back to Dashboard

acme-api

acme-corp/acme-api

Branch: mainComplete
acme-api — scan
→ Fetching repository files...
→ done (41 files)
→ Filtering... 31 files after filter
→ AI analyzing 2 chunks...
→ Analyzing chunk 1/2 (18 files)...
⚡ Found: Hardcoded API secret [Critical] in .env.local
⚡ Found: SQL injection via raw interpolation [High] in api/search/route.ts
→ Chunk 1 done — 2 candidates found
→ Analyzing chunk 2/2 (13 files)...
⚡ Found: Missing auth on admin endpoint [High] in api/admin/export/route.ts
⚡ Found: Unhandled rejection swallows errors [High] in lib/stripe.ts
→ Chunk 2 done — 2 candidates found
→ Analysis complete: 4 candidates. Verifying against source...
→ Verifying 1/4: Hardcoded API secret...
✓ Verified: Hardcoded API secret [confidence: 10/10]
→ Verifying 2/4: SQL injection risk...
✓ Verified: SQL injection risk [confidence: 9/10]
→ Verifying 3/4: Missing auth check...
✓ Verified: Missing auth check [confidence: 9/10]
→ Verifying 4/4: Unhandled rejection...
✓ Verified: Unhandled rejection [confidence: 8/10]
→ Verification: 4 confirmed real, 0 false positives. Starting debate...
→ AI debating bug 1/4: Hardcoded API Secret Committed to Repository
→ AI reviewing finding against source code...
✓ Bug confirmed [High confidence]
→ AI debating bug 2/4: SQL Injection via Raw User Input in Search Query
→ AI reviewing finding against source code...
✓ Bug confirmed [High confidence]
→ AI debating bug 3/4: Missing Authentication on Admin Data Export Endpoint
→ AI reviewing finding against source code...
✓ Bug confirmed [High confidence]
→ AI debating bug 4/4: Unhandled Promise Rejection Swallows Payment Errors
→ AI reviewing finding against source code...
→ Agent 1 generating counter-argument...
→ Agent 2 reviewing counter-argument...
✓ Bug confirmed [Medium confidence]
→ Debate complete. 4 confirmed, 0 disputed
→ Saving results...

BUGS FOUND

4confirmed • 0 disputed

CRITICALHIGHHardcoded API Secret Committed to Repository

.env.local

A live third-party API key is committed in plaintext to .env.local which is tracked by git. Anyone with repository access — including public forks — can use this key to make authenticated API calls, incur charges, or access data on the account owner's behalf.

HIGHHIGHSQL Injection via Raw User Input in Search Query

app/api/search/route.ts

The search endpoint interpolates the user-supplied `q` parameter directly into a raw SQL string without sanitisation or parameterisation. An attacker can terminate the query and append arbitrary SQL, enabling data exfiltration, row deletion, or privilege escalation.

HIGHHIGHMissing Authentication Check on Admin Data Export Endpoint

app/api/admin/export/route.ts

The `/api/admin/export` endpoint returns a full CSV dump of the users table but never verifies that the caller holds an admin session. Any authenticated — or even unauthenticated — request can retrieve all user PII, including email addresses and hashed passwords.

HIGHMEDIUMUnhandled Promise Rejection Swallows Payment Errors

lib/stripe.ts

The Stripe charge call is awaited inside a try block that catches the error and returns `null` silently. Downstream callers treat a `null` response as a successful charge, meaning failed payments are never surfaced to the user or logged for review.

TypeScript·JavaScript·Python·Go·Rust·Java·C#·C++·Swift·Kotlin·Ruby·PHP·Scala·Elixir·Dart·Lua·Bash·PowerShell·R·Julia·Zig·Nim·Groovy·Perl·React·Vue·Angular·Svelte·Next.js·Nuxt·Remix·Astro·SvelteKit·Qwik·SolidJS·Preact·Alpine.js·HTMX·Lit·Vite·Webpack·esbuild·Rollup·Tailwind CSS·Node.js·Express·NestJS·Fastify·Hono·Django·Flask·FastAPI·Rails·Spring Boot·Laravel·Phoenix·Gin·Echo·Fiber·Axum·Actix·gRPC·GraphQL·tRPC·PostgreSQL·MySQL·MongoDB·Redis·SQLite·Cassandra·Elasticsearch·DynamoDB·Supabase·PlanetScale·CockroachDB·Drizzle ORM·Prisma·TypeORM·SQLAlchemy·Hibernate·GORM·Docker·Kubernetes·Terraform·Pulumi·AWS·GCP·Azure·GitHub Actions·CircleCI·GitLab CI·Vercel·Netlify·Railway·Fly.io·Cloudflare Workers·AWS Lambda·Kafka·RabbitMQ·NATS·SQS·Pub/Sub·TypeScript·JavaScript·Python·Go·Rust·Java·C#·C++·Swift·Kotlin·Ruby·PHP·Scala·Elixir·Dart·Lua·Bash·PowerShell·R·Julia·Zig·Nim·Groovy·Perl·React·Vue·Angular·Svelte·Next.js·Nuxt·Remix·Astro·SvelteKit·Qwik·SolidJS·Preact·Alpine.js·HTMX·Lit·Vite·Webpack·esbuild·Rollup·Tailwind CSS·Node.js·Express·NestJS·Fastify·Hono·Django·Flask·FastAPI·Rails·Spring Boot·Laravel·Phoenix·Gin·Echo·Fiber·Axum·Actix·gRPC·GraphQL·tRPC·PostgreSQL·MySQL·MongoDB·Redis·SQLite·Cassandra·Elasticsearch·DynamoDB·Supabase·PlanetScale·CockroachDB·Drizzle ORM·Prisma·TypeORM·SQLAlchemy·Hibernate·GORM·Docker·Kubernetes·Terraform·Pulumi·AWS·GCP·Azure·GitHub Actions·CircleCI·GitLab CI·Vercel·Netlify·Railway·Fly.io·Cloudflare Workers·AWS Lambda·Kafka·RabbitMQ·NATS·SQS·Pub/Sub·TypeScript·JavaScript·Python·Go·Rust·Java·C#·C++·Swift·Kotlin·Ruby·PHP·Scala·Elixir·Dart·Lua·Bash·PowerShell·R·Julia·Zig·Nim·Groovy·Perl·React·Vue·Angular·Svelte·Next.js·Nuxt·Remix·Astro·SvelteKit·Qwik·SolidJS·Preact·Alpine.js·HTMX·Lit·Vite·Webpack·esbuild·Rollup·Tailwind CSS·Node.js·Express·NestJS·Fastify·Hono·Django·Flask·FastAPI·Rails·Spring Boot·Laravel·Phoenix·Gin·Echo·Fiber·Axum·Actix·gRPC·GraphQL·tRPC·PostgreSQL·MySQL·MongoDB·Redis·SQLite·Cassandra·Elasticsearch·DynamoDB·Supabase·PlanetScale·CockroachDB·Drizzle ORM·Prisma·TypeORM·SQLAlchemy·Hibernate·GORM·Docker·Kubernetes·Terraform·Pulumi·AWS·GCP·Azure·GitHub Actions·CircleCI·GitLab CI·Vercel·Netlify·Railway·Fly.io·Cloudflare Workers·AWS Lambda·Kafka·RabbitMQ·NATS·SQS·Pub/Sub·

Start free. Ship with confidence.

For solo developers

Free

$0
  • ·3 scans / month
  • ·AI static analysis
  • ·Fix proposals included
  • ·Pull request per fix
Start free

For teams that ship

Pro

$15/ month
  • ·Unlimited scans
  • ·Multi-agent debate (3 models)
  • ·Higher-confidence reports
  • ·Priority scan queue
  • ·Fix proposals included
Log in
COMING SOON

For engineering orgs

Team

$49/ month
  • ·Everything in Pro
  • ·Unlimited repos
  • ·Team dashboard
  • ·Slack notifications
  • ·SLA support
Contact us

Your next deploy,
bulletproofed.

Log in / Sign up