Audits
Structured quality reviews with stage-appropriate expectations — run them at checkpoints or anytime you want to verify quality.
Read this when preparing for a checkpoint, after building a feature, or when something feels off.
Useful for anyone involved in building or reviewing work.
Why Audits?
Checkpoints ask "should we proceed?" but don't tell you how to check if your work is actually good. Audits fill that gap — they're concrete checklists you can run through, alone or with AI, to systematically verify quality across different dimensions.
Each audit has stage-appropriate expectations. A POC doesn't need WCAG compliance, but production does. Same audit, different rigor — so you know what "good enough" looks like at each stage.
The 8 Audits
Each audit covers a distinct quality dimension. Click to see what to check:
Security
Is this safe to use?
Protect user data and prevent breaches. The most critical audit — vulnerabilities can sink a product.
Accessibility
Can everyone use this?
Ensure everyone can use your product regardless of ability. Good accessibility often means better UX for all.
Experience
Is this pleasant to use?
Check that the interface is consistent, responsive, and handles edge cases gracefully.
Performance
Is this fast enough?
Speed affects user satisfaction and conversion. Slow apps feel broken even when they work.
Code
Is this maintainable?
Clean code lets you move fast. Messy code creates debt that compounds over time.
Operations
Can we run and monitor this?
Ship confidently and know when things break. Good ops catches problems before users do.
Content & SEO
WebIs content ready for users?
Clear copy and proper SEO help users find you and understand what you offer.
Integrations
Do external services work?
Third-party services will fail. Check that your app handles failures gracefully.
Stage Expectations
Not every audit matters at every stage. Use this as a guide:
| Audit | POC | MVP | MMP | PROD |
|---|---|---|---|---|
| Security | ||||
| Accessibility | ||||
| Experience | ||||
| Performance | ||||
| Code | ||||
| Operations | ||||
| Content & SEO | ||||
| Integrations |
Skip
Light check
Full audit
How to Run an Audit
Audits work with AI agents. Here's how:
Pick the audit
Choose based on what you're checking. Use the stage matrix above to know what level of rigor to apply.
Run with /audit command
Tell your AI agent: "Run the Security audit at MVP level" or use the /audit slash command.
Review findings
The audit produces findings with severity. Decide: fix now, fix later, or accept as known limitation.
Track over time
Re-run audits as you advance stages. What was acceptable at MVP may not be at MMP.
Audits work best when they're routine, not reactive. Run a quick Security check after adding auth. Run Accessibility after building a form. Small, frequent audits catch issues before they compound.
Next Steps
Pick an audit to start with: