Skip to main content
Manual approval audits for healthcare and enterprise AI teams

Founder-Reviewed Code Evidence for AI Teams.

Request a manual repository review. We do not accept credentials in forms, and private repositories require approval before any access.

Request Private Repo ReviewBook a Call
See a real audit report →
  • Receive a signed evidence report after founder review and required manual-review attestations.
  • Security audit aligned with common HIPAA Security Rule and SOC 2 Type II safeguard patterns (BAA pending; not a substitute for legal certification).
  • Private repository requests are manual-approval only; do not submit PHI, secrets, logs, dumps, or credentials.

Manual concierge lane is available now. Self-serve private-repository automation remains disabled until the isolated worker contract is complete.

Audit Report

Generated for clinical-service-v4

Status: FAILED

Integrity Score

Current
42/100
Projected
94/100
Score Breakdown42%

Findings

2 issues identified

CRITICAL

Stripe Idempotency Failure

Webhook handler fails to verify idempotency keys, leading to potential double-charging in high-concurrency environments.

Location: app/api/webhooks/stripe/route.ts:42

HIGH

Unencrypted PII in Logs

User email addresses and metadata are being logged in plaintext during the checkout flow, violating HIPAA technical safeguards.

Location: lib/stripe.ts:128

Lead Auditor

Audited by a Scientist,
Not a Bot.

I am a Scientist-of-Record for your codebase. Modern AI code is non-deterministic. Traditional linters miss this. I apply the Independent Verification & Validation (IV&V) protocols used in my $1M+ NIH-funded research to catch architectural failures in your software.

🎓

Teano Nguyen

MD/PhD Candidate (OHSU) • Scientist-of-Record

Dean's Scholarship Recipient (2017) • Manuscript Submitted 2025

🏛️

NIH/AHA Funded Researcher

$1M+ in Competitive Grants

"I apply the same statistical rigor used to validate NIH grants to your deployment pipeline."
Teano Nguyen

Built on Enterprise-Grade Infrastructure

☁️Google Cloud
Next.js
🧠Anthropic
📘TypeScript
🐍Python
💳Stripe
☁️Google Cloud
Next.js
🧠Anthropic
📘TypeScript
🐍Python
💳Stripe
☁️Google Cloud
Next.js
🧠Anthropic
📘TypeScript
🐍Python
💳Stripe

100%

Expert-Reviewed, AI-Assisted

Target

3–5 Business Days

What Clients Say

"MergeProof caught a hallucination-induced data corruption path that our entire CI suite missed. The debrief call alone was worth the investment."

JL

J. Liu

CTO, HealthTech Startup

"We needed independent sign-off before our Series A technical due diligence. The IV&V report gave investors confidence and us actionable fixes."

MR

M. Ramirez

Founder, AI Diagnostics Co.

"The commit-pinned evidence pack was exactly what our compliance team needed. Real artifacts, real hashes — not a vague summary document."

AK

A. Kim

VP Engineering, MedDevice SaaS

Representative of expected client feedback. Early-stage product — pilot clients in onboarding.

Adversarial Review of LLM-Powered Workflows

AI writes the code. Scientists verify the truth.

Scientist-Led Audit

Every audit is conducted by experienced software engineers (Scientists-of-Record). We review semantic intent and logic flows that AI tools miss.

Integrity Scorecard

Clear metrics on coverage, logic risk, and brittleness. A definitive Go/No-Go signal.

Scientific Gate

Rigorous manual IV&V protocol validated on real codebases. No code ships without passing the red-flag audit.

Reproducible Artifacts

We deliver a full bundle: logs, test vectors, and the scientist-of-record report proving correctness.

Evidence, Not Just Opinions

Every audit includes commit-pinned deterministic static artifacts, with AI-assisted review notes labeled separately.

{
    "created_at": "2025-12-18T17:05:06.432509",
    "report_url": "https://mergeproof.org/sample",
    "message": "Scan complete. 0 findings detected.",
    "completed_at": "2025-12-18T17:05:12.651780",
    "repo_url": "https://github.com/stellar/go",
    "status": "completed",
    "findings_count": 0,
    "ref": "master",
    "job_id": "02789371-ab71-4701-85ea-0e78984829fa",
    "integrity_hash": "sha256:f311b66b9b5c3705f901630d143426684b8790acf6efb54e79fc43ac1302310c"
}

Pricing

Simple, transparent pricing for high-touch IV&V audits.

Private repositories are manual-approval only. Payment and access happen after scope confirmation; this page does not submit, scan, clone, or charge a repository.

Snapshot IV&V Audit

$500

Target: 1-2 business days. A quick diagnostic check.

  • • Scientist-led review (AI-assisted)
  • • 1-2 page summary report
  • • High-level risk assessment
Request Review

No repository is submitted, scanned, or charged from this card.

Standard IV&V Audit

$750

Target: 3–5 business days. Deep-dive risk analysis.

  • • Scientist-led review (AI-assisted)
  • • 5–10 page Red-Flag report
  • • Risk score and ALLOW/BLOCK verdict
  • • Commit-pinned deterministic static artifact bundle
  • • 30-minute debrief call
Request Review

No repository is submitted, scanned, or charged from this card.

Rush IV&V Audit

Most urgent
Contact

Target: 24 hours. Expedited scientist review.

  • • Scientist-led review (AI-assisted)
  • • 5–10 page Red-Flag report
  • • Risk score and ALLOW/BLOCK verdict
  • • Commit-pinned deterministic static artifact bundle
  • • 30-minute debrief call
Request Rush Review

Frequently Asked Questions

Everything you need to know before booking your audit.

A 5-10 page red-flag report, ALLOW/BLOCK verdict, commit-pinned deterministic static artifacts, and debrief call.

Request a Private Repo Review

Submit your work email and repository URL. We confirm scope before payment or access.

Start Request →