Skip to main content

Money-path contracts

A money-path contract is a deterministic rule that protects a SaaS path that charges money or spends money. The rule should be explicit enough for CI, a scheduled job, or an agent setup step to run without an LLM deciding the verdict.

Public positioning

ProdVerdict verifies business rules AI code must not break. It does not secure all AI code. It checks the revenue-protecting paths around billing, access, credits, usage, seats, config, migrations, webhooks, restore, and permissions.

Shipped vs planned

AreaCurrent statusNotes
AccessShippedFirst proof point for custom Stripe, Paddle, and Postgres billing state
ConfigShippedPR-gate check for env var and CI secret drift
MigrationShippedPR-gate check for unsafe Postgres DDL
BoundaryShippedPR-gate check for sensitive API input/output boundaries
WebhookShippedPR-gate check for signature and idempotency patterns
RestoreShippedScheduled check for backup/restore smoke commands
Entitlements migrationShippedOn-demand Stripe Entitlements migration verifier
Clerk-aware route gatesPlanned validation areaNot available today
Usage limits and creditsPlanned validation areaNo usage contract type ships today
Seats and deeper permissionsPlanned validation areaGathered through the audit funnel

Why Access is first

Access is the clearest proof point because it compares two real sources of production state: billing systems and app access rows. When those disagree, the business impact is concrete:

  • A paid customer is locked out.
  • A canceled or unpaid customer keeps paid access.
  • A plan or feature gate maps to the wrong tier.
  • A customer, subscription, or entitlement identifier points to the wrong user.

What this is not

ProdVerdict is not a broad contract platform, AI code security scanner, SAST, DAST, or managed billing product. It is a deterministic verifier for a narrow set of rules that protect revenue.