EDITH
Start
Live · 151 deterministic checks

From commit to fix
in 60 seconds.

EDITH audits every push for the patterns Cursor, Claude, v0 and Lovable get wrong — then hands the fix prompt back to your editor.

Connect GitHub See what we catch
EDITH ▸ live audit
Idle
01Input
Repokrova/payments
Branchfeat/checkout
By@nikhil · 12s ago
a8f3c12
wire stripe checkout + delete user
+2,341 / −89228 files
webhook delivered · 87ms
02EDITH
Score
100
/ 100
Checks running0/151
SEC
PERF
REL
DATA
BIZ
DEPLOY
03Output
Stripe webhook missing signature
api/webhooks/stripe.ts:12
JWT stored in localStorage
(auth)/login.tsx:48
Server Action with no auth check
actions/delete-user.ts:1
PII in response body
api/users/route.ts:24
Copy fix prompt
p50 60s · p95 240s
Detected: Cursor · Claude Codeedith-bot ready
0+ repos scanned·0 compliance controls·SOC 2 · PCI-DSS · GDPR · Play Store · App Store
0
Deterministic checks
0
Compliance frameworks
0
Mapped controls
0s
Avg scan time
The Problem

AI doesn't know what it doesn't know.

Every line your AI agent writes was trained on tutorial code. Tutorial code doesn't include auth, doesn't validate input, doesn't ship to production. Your app does.

AI agents hallucinate dependencies

Cursor invents npm packages that don't exist. The build passes locally, breaks in CI, and AI agents try to fix it by inventing more.

31%
of AI repos
EDITH scan data

Secrets leak into client bundles

Stripe, Razorpay, OpenAI keys end up in NEXT_PUBLIC_ vars. Anyone can drain your account from DevTools.

1 in 6
repos audited
EDITH scan data

Auth is missing on POST routes

Server Actions and route handlers ship without auth checks. AI prefers what's tutorial-shaped over what's safe.

62%
of new routes
EDITH scan data
Coverage

Six dimensions. One hundred and fifty-one checks.

Every check is deterministic — same input, same finding, every time. No LLM tax on your scan. We name the file, the line, and the exact pattern that broke.

Security

OWASP-grade scan tuned for AI-generated code.

  • Stripe / Razorpay keys in client bundles
  • Server Actions with no auth check
  • JWT in localStorage
  • OAuth callback missing state check

Performance

LLM cost-leaks, N+1 queries, layout shifts.

  • Embedding call with no cache
  • useEffect with inline-object deps
  • <Image> without width / height
  • Await inside DB loop

Reliability

AI-pattern silent-catches and stale closures.

  • Silent catch blocks
  • useEffect stale closure
  • Floating promise
  • Next 15 cookies() not awaited

Data Safety

RLS, PII leakage, schema invariants.

  • Tables without RLS
  • Plain 'password' column
  • PII in response body
  • Multi-table writes without transaction

Business Logic

Race conditions, missing idempotency.

  • Webhook with no dedup
  • Currency from client
  • Admin route w/o role check
  • Tool dispatcher with no allowlist

Deploy Ready

What breaks the first prod push.

  • process.env.X in client component
  • output:'export' with route handlers
  • No engines.node pin
  • Missing lockfile
The Magic Moment

From issue to merged in two clicks.

EDITH writes the fix prompt for you. Paste it into Cursor / Claude / Copilot. Review. Merge. The whole loop is under 60 seconds.

ED
edith-bot commented on PR #1284
payments/checkout · 3 minutes ago
78 / 100
Stripe webhook missing signature verification
app/api/webhooks/stripe/route.ts:12
critical
Order table missing RLS policy
supabase/migrations/0003_orders.sql:24
critical
JWT stored in localStorage
app/(auth)/login.tsx:48
high
EDITH ▸ fix-prompt.md

EDITH writes the prompt. You paste. Cursor fixes.

AI-aware

Built for the way AI writes code.

EDITH detects which AI tool generated the code in your repo, then runs the rules that catch each tool's signature failure modes. Cursor hallucinates packages. v0 ships missing alt attributes. Lovable forgets RLS. EDITH knows.

edith · live detection
scanning
[12:43:17]detected:Cursorinapp/api/feed/route.ts
> import { parseCSV } from "csv-parser-mini"
flag:Hallucinated package · 0 npm downloads
vs. the field

The only tool built for AI-built apps.

Sentry tells you what broke. Snyk finds CVEs in node_modules. Lighthouse grades performance. None of them know your app was written by Cursor at 2am.

FeatureEDITHCodeRabbitSentrySnykLighthouse
Security scanning
Compliance mapping (PCI-DSS / SOC 2 / GDPR)Partial
AI-pattern detection (hallucinated imports, silent catches)
LLM-app cost-leak detection
Live browser auditing (DevTools panel)Partial
Fix prompts for Cursor / Claude / Copilot
Single unified score
Integrations & data handling

What EDITH reads — and why.

EDITH connects to a few external services to do its job. Below is exactly what we ask for from each, and the user-facing purpose for it. Full detail lives in the privacy policy.

GitHub

Required
GitHub App · contents:read, pull_requests:write, metadata:read

Fetches source from repositories you explicitly install EDITH on, posts inline review comments + status checks on your pull requests. We never persist your full source — only short snippets (1-3 lines) attached to each finding for context.

Google Search Console

Optional
OAuth scope · webmasters.readonly (read-only)

Pulls aggregated search-analytics data — impressions, clicks, CTR, average position per page and query — only for properties you explicitly bind to EDITH. We cross-reference it with on-page SEO findings so 'this page ranks #14 with a weak description' becomes one actionable card. We never modify your Search Console settings or share your data with third parties. You can revoke access at any time from your Google Account.

Anthropic Claude

Required
API · model invocation only

Generates natural-language fix prompts from EDITH's findings, and (with your opt-in) queries Claude with web-search to record how LLMs answer questions about your brand. We send only the issue context — never your full codebase — and our integration disables training on customer data.

EDITH Browser Extension

Optional
Chrome extension · activeTab, scripting

Captures Core Web Vitals, the rendered HTML head, and console errors for pages you actively scan. Never reads form inputs, cookies, or local storage from the pages you visit. Sends data to your EDITH account only — never to third parties.

Supabase & Vercel

Required
Infrastructure

Hosts the EDITH dashboard, API routes, background workers, and the database that stores your scan history, scores, and findings. All traffic is TLS-encrypted; the database is encrypted at rest; row-level-security policies restrict every sensitive table to its owning organization.

PayU

Optional
Payment processor

Used only if you upgrade to a paid plan. PayU handles card details directly; EDITH stores only a customer reference, plan tier, and invoice metadata. We never see or store full card numbers, CVVs, or banking credentials.

Our commitments

We don't use your source code or your data to train machine-learning models. We don't sell or share customer data with advertisers. We delete repository contents fetched for scans within minutes of the scan finishing. You can revoke any OAuth grant or delete your account at any time.

Privacy policyTerms of service
Pricing

Pay for what your team ships.

14-day Pro trial. Billing in INR via PayU or USD. Cancel anytime — we don't lock anyone in.

Free

₹0/mo

For weekend projects.

  • 1 repo
  • Weekly scans
  • Basic report
  • Browser extension

Builder

₹499/mo

For indie devs shipping fast.

  • 5 repos
  • Daily scans
  • Fix prompts
  • PR integration
  • DevTools panel
Most popular

Pro

₹1,499/mo

For teams that ship every day.

  • Unlimited repos
  • Real-time scans
  • All integrations
  • Slack alerts
  • Compliance reports

Agency

₹3,999/mo

For studios with client work.

  • Client workspaces
  • White-label reports
  • Dedicated reviewer
  • Priority support
  • Auditor PDF reports

Billing in INR via PayU · Cancel anytime · 14-day Pro trial

Built for your stack
Next.jsSupabaseStripeRazorpayClerkVercelPlanetScaleDrizzlePrismaAnthropicOpenAIInngestResendUpstashPostgreSQLPayU
Questions

Things people ask us.

14-day Pro trial · no card needed

Stop shipping AI bugs by accident.

Connect your GitHub. EDITH scans your last commit in 60 seconds. You'll know in one screen whether your AI agent shipped something dangerous.

Connect GitHub View pricing