Julian Rubisch

Codebase Review

A one-time deep audit of your Rails codebase. You get a clear, prioritized report — what to fix now, what can wait, and what's actually fine. No vague suggestions. No automated scans. A human read of your code by someone who knows where AI gets it wrong.

The problem

AI-generated code looks right. That's the danger.

Your AI writes clean syntax, passes linting, and produces code that looks like a senior developer wrote it. But under the surface: auth that doesn't hold, N+1 queries waiting to kill your database, architecture that corners you into a rewrite at 5,000 users.

The hardest bugs to find are the ones that look correct. AI is exceptionally good at producing those.

What founders tell me before the audit

  • “It works, but I have no idea if it’s solid.”

    The confidence gap

  • “We shipped fast with AI, but now everything feels fragile.”

    The speed trap

  • “I need to know what’s going to break before I raise / hire / scale.”

    The milestone pressure

What the audit covers

Six areas. One clear report.

Not a generic checklist. I read your codebase the way a composer approaches arrangement — structure first, then the individual voices, then how they relate. Every finding is prioritized: fix now, fix soon, or leave it alone.

01

Architecture & domain model

Is the foundation sound, or are you building on patterns that will force a rewrite? I evaluate your domain model, boundaries, and the decisions that compound over time.

02

Security & auth

Authentication, authorization, data exposure, CSRF, injection vectors. The things AI consistently underestimates because they rarely cause visible errors.

03

Performance

N+1 queries, missing indexes, expensive computations in request cycles, caching opportunities. The bottlenecks that surface at real load.

04

AI-generated anti-patterns

Reinvented wheels, framework built-ins ignored, configuration issues misdiagnosed as architectural problems. The specific failure modes of AI-assisted development.

05

Test coverage

What’s tested, what isn’t, and what’s tested in ways that give false confidence. AI-generated tests are often technically passing but functionally meaningless.

06

Deployment & infrastructure

Environment configuration, secrets management, CI/CD pipeline, production readiness. The gap between “runs locally” and “runs in production.”

The deliverable

A prioritized action plan. Not a vague list of suggestions.

You get a written report organized by severity and area. Every finding includes: what the problem is, why it matters, and exactly what to do about it.

After the report, we do a walkthrough call to discuss the findings, answer your questions, and help you plan the fixes — whether you do them yourself, with your AI, or with me.

See what a real audit produces → Avo case study

What's in the report

  • Executive summary — where you stand in plain language
  • Critical findings — fix before you ship / raise / scale
  • High-priority items — fix within the next sprint
  • Medium-priority items — address when you can
  • What’s actually fine — so you don’t waste time on non-issues
  • Architecture recommendations — how to structure what comes next
  • 60-minute walkthrough call
How it works

Five steps. Start to finish in two weeks.

1

Intro call

Free 30-minute call to understand your situation, scope the review, and make sure this is the right fit.

2

Codebase access

You grant me read access to your repository. Everything stays confidential — I can sign an NDA if needed.

3

Deep read

I run agentic skills I've built from my own review principles — then interpret, triage, and extend the findings with my own judgment. Systematic consistency, experienced depth.

4

Written report

You receive the full audit report: prioritized findings, clear explanations, concrete action items.

5

Walkthrough

A 60-minute call to discuss every finding, answer questions, and plan next steps together.

Pricing

From €3,000

Final price depends on codebase size and complexity. We scope it together on the intro call — no surprises.

Most AI-built Rails apps hit a wall at 5,000–10,000 users. The rewrite costs €50,000+ and 3–6 months. The audit costs a fraction of that and tells you exactly where you stand before it's too late.

Book a Free Intro Call

30 minutes. No commitment. We'll scope the work and I'll give you an exact quote.

What's included at every tier

  • Full codebase coverage — agentic skills guided by human judgment
  • Prioritized written report
  • 60-minute walkthrough call
  • Architecture recommendations
  • AI workflow assessment
  • 30 days of follow-up questions via email

Need ongoing support after the audit?

See the CTO Retainer →
Questions

Frequently asked

I’m building with Cursor / Claude — is this for me?

Yes, especially you. AI writes clean syntax that hides structural problems. The audit catches what your AI can’t see — auth gaps, N+1 queries, architecture that corners you at scale.

Will you judge my code?

No. The audit is pure signal — what to fix, what to fix next, and what’s actually fine. No lectures, no shame. I’m here to make AI-assisted development work, not to criticize it.

What does AI typically get wrong in Rails?

Authentication that doesn’t hold under edge cases. N+1 queries that surface at real load. Reinvented wheels where a built-in exists. Framework conventions ignored in favor of hand-rolled alternatives. The patterns are consistent — and that’s what makes them findable. (Ruby is the best language for AI-assisted development — but even the best foundation needs expert eyes.)

Do I need to know Rails to work with you?

No — that’s the point. You bring the product vision, your AI writes the code, and I make sure the architecture holds. The report is written in plain language with clear action items.

Is this just an automated scan?

No. I use agentic skills I've built from my own review principles — but the methodology, triage, and judgment are mine. Generic scanners catch syntax issues and known CVEs. They miss the structural problems that actually matter: bad architecture, reinvented frameworks, AI-generated anti-patterns.

Will you fix the issues you find?

The audit is diagnostic — you get a clear report of what’s wrong and exactly what to do about it. You can fix things yourself, with your AI, or move to a retainer where I work through them with you.

Is my code kept confidential?

Absolutely. I’ll sign an NDA if you need one. I never share, store, or reuse client code.

What if the audit finds nothing wrong?

Then you get peace of mind — and a written report that confirms your codebase is solid. That’s worth knowing before you raise, hire, or scale.

Find out where you actually stand.

A 30-minute call to understand your codebase and scope the audit. No pitch, no pressure.

Book a Free Intro Call