Free Code Audit
Guides & Documentation

Codebase Security & Scale Auditing.

Check if your Claude/Cursor prototype is production-ready using these standard audit guidelines.

auth

Auditing Next-Auth JWT Expiry

AI code generation often defaults to session JWT tokens with unlimited lifetimes, causing critical session hijacking security flaws. Run this command to audit session tokens:

import { authOptions } from "@/app/api/auth/[...nextauth]/route";
import { getServerSession } from "next-auth";

export async function verifySessionExpiry() {
  const session = await getServerSession(authOptions);
  if (session && new Date(session.expires) < new Date()) {
    throw new Error("Session token expired. Force logout required.");
  }
  return session;
}
database

Query Analysis for Missing Indexes

Unindexed relational tables will degrade and crash under concurrent user load. Run this SQL query on your PostgreSQL instance to list the top 5 slowest queries that lack indexes:

SELECT 
  schemaname, relname, seq_scan, seq_tup_read, idx_scan, idx_tup_fetch
FROM 
  pg_stat_user_tables
WHERE 
  seq_scan > 0
ORDER BY 
  seq_tup_read DESC LIMIT 5;
payments

Validating Stripe Webhook Signatures

F Founders building billing logic with Cursor often skip webhook signature verification, which lets malicious users simulate charge payments. Always secure webhook endpoints with verification:

const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);
const endpointSecret = process.env.STRIPE_WEBHOOK_SECRET;

function verifyWebhook(payload, signature) {
  try {
    const event = stripe.webhooks.constructEvent(payload, signature, endpointSecret);
    return event;
  } catch (err) {
    throw new Error(`Webhook Signature Verification Failed: ${err.message}`);
  }
}