Money-path contracts
A money-path contract is a deterministic rule that protects a SaaS path that charges money or spends money. The rule should be explicit enough for CI, a scheduled job, or an agent setup step to run without an LLM deciding the verdict.
Public positioning
ProdVerdict verifies business rules AI code must not break. It does not secure all AI code. It checks the revenue-protecting paths around billing, access, credits, usage, seats, config, migrations, webhooks, restore, and permissions.
Shipped vs planned
| Area | Current status | Notes |
|---|---|---|
| Access | Shipped | First proof point for custom Stripe, Paddle, and Postgres billing state |
| Config | Shipped | PR-gate check for env var and CI secret drift |
| Migration | Shipped | PR-gate check for unsafe Postgres DDL |
| Boundary | Shipped | PR-gate check for sensitive API input/output boundaries |
| Webhook | Shipped | PR-gate check for signature and idempotency patterns |
| Restore | Shipped | Scheduled check for backup/restore smoke commands |
| Entitlements migration | Shipped | On-demand Stripe Entitlements migration verifier |
| Clerk-aware route gates | Planned validation area | Not available today |
| Usage limits and credits | Planned validation area | No usage contract type ships today |
| Seats and deeper permissions | Planned validation area | Gathered through the audit funnel |
Why Access is first
Access is the clearest proof point because it compares two real sources of production state: billing systems and app access rows. When those disagree, the business impact is concrete:
- A paid customer is locked out.
- A canceled or unpaid customer keeps paid access.
- A plan or feature gate maps to the wrong tier.
- A customer, subscription, or entitlement identifier points to the wrong user.
What this is not
ProdVerdict is not a broad contract platform, AI code security scanner, SAST, DAST, or managed billing product. It is a deterministic verifier for a narrow set of rules that protect revenue.