Preview: Quoderat is in early access. This site shows the concept and direction — onboarding is manual for now.
Quoderat
Fixed-price · independent · reviewer-ready

An independent evidence audit of one risky merge request.

For GitLab teams shipping AI-generated code that needs to hold up — in review, in front of a client, or in a SOC 2 / ISO 42001 audit. We check it independently and hand you the evidence, with the limits stated plainly.

Book an audit walkthroughSee an example report

From €750 per merge request · €2,500 sprint pack (5 MRs) · fixed price, no open day-rate.

The process

1

Scope

Send us one risky or AI-generated GitLab merge request. Read-only access, or run our checks on your own runner — your code stays yours.

2

Verify

We run your own tests and lint, scan the diff, and a senior reviewer digs into the risk: auth, secrets, dependencies, data access, and test gaps.

3

Report

You get a reviewer-ready evidence report: what's proven, what's only tested, what's not checked, and the residual risk — signed.

What you actually receive

A redacted example of the evidence report. Every claim is backed by command output, and the limits are stated — not hidden.

QED-2026-0427 · merge request !142Reviewed

Evidence report

feat(auth): replace passlib with direct bcrypt

lint: passtests: 48/48secrets: ████ redacteddeps: +0

Proven — bcrypt replaces passlib, 48/48 tests green, no new dependencies.

Not checked — runtime behaviour under load, rotation of production secrets.

Residual risk — bcrypt cost factor unverified; reviewer must confirm before merge.

integrity.hash_chain
sha256:9f3c…a17b · 2026-06-27 14:02 UTC
S. Jongebloed
independent reviewer ∎

What you get

A concrete paid service, not a subscription. You send one merge request; we return a report your team can review, archive, and hand to an auditor.

  • One evidence report for a real AI-generated or high-risk merge request
  • Risk review for auth, secrets, dependencies, migrations, data access, and test gaps
  • Evidence table: commands run, their output, files changed, and missing proof
  • A clear verdict — merge, block, or follow-up — your reviewer can paste into GitLab
  • Explicit claim boundaries: what is proven vs only tested vs not checked

Your code stays yours

Read-only, ephemeral

A read-only token, scoped to one merge request and auto-revoked after delivery. Branch-only — we never write to protected branches and nothing auto-merges.

Or self-hosted

Prefer no access at all? Run our checks on your own runner and send us the evidence bundle. We review and sign it — your code never leaves your network.

Pricing

Single audit
€750

One merge request, end to end. Fixed price, no open day-rate.

Sprint pack
€2,500

Five merge requests across a sprint. Your riskiest changes, independently checked.

First two or three clients get a founding discount in exchange for a publishable case study with hard numbers.

Start with one merge request

Book a 20-minute walkthrough. We'll look at one of your riskiest merge requests together and scope the audit — no commitment.

Book an audit walkthrough