Gumroad-only digital product store

Developer tools and workflows for safer AI-assisted coding.

A small digital-product shop for local-first developer kits: AI-agent diff review, CI risk gates, code-review checklists, agency SOPs, and practical templates. Checkout is handled by Gumroad; no cloud upload is required for the tools themselves.

Abstract AI code risk audit dashboard illustration
LocalNo cloud upload
Fast<1 second per diff
ActionableRisk score + flags + recs
CI-readyExit code 1 on high risk
API modeLocal HTTP server

Store catalog

Buy practical developer kits

Start with the AI Agent Change Risk Audit Kit today. New Gumroad-only products will be added as automation produces and verifies them.

Available now

AI Agent Change Risk Audit Kit — Basic

Local Python CLI and HTTP API that audits AI-agent diffs for risky dependency, auth, config, test, and secret-like changes.

  • CLI + JSON output
  • Local HTTP API
  • GitHub Actions CI gate
  • Quick start + commercial license
$5
Buy Basic on Gumroad
Best value

AI Agent Change Risk Audit Kit — Pro

Team/agency pack with batch audit workflow, Slack/Teams notifier, pre-commit hook, and client review checklist.

  • Everything in Basic
  • Multi-repo batch audit
  • Slack/Teams notifier template
  • Agency SOP and review checklist
$19
Buy Pro on Gumroad
New

CI Gate Templates Pack

11 ready-to-use CI/CD templates that block high-risk AI diffs in GitHub Actions, GitLab CI, Jenkins, CircleCI, and Git hooks. Works standalone or with the Audit Kit.

  • GitHub Actions (full, minimal, batch)
  • GitLab CI, Jenkins, CircleCI
  • Pre-receive and pre-commit hooks
  • Configurable risk policy (JSON)
  • Slack and Teams notification templates
$7
View details
New

PR Evidence Pack Generator

Generate structured Markdown, HTML, or JSON evidence reports for AI-agent PRs. Risk analysis, test coverage, reviewer checklists, and sign-off tracking — all from a diff file.

  • Risk scoring and flag detection
  • Test output parsing (pytest, jest, go test)
  • Tailored reviewer checklists
  • Sign-off tracking by risk level
  • CI exit codes (1 = block merge)
  • Python API + CLI, 29 tests passing
$9
View details
Next product slot

Secret/Config Diff Scanner

Planned microtool: focused scanner for secret-like literals and risky config changes in diffs. Free lead magnet or low-cost entry product.

  • Secret-like literal detection
  • Config drift scanning
  • Allowlist support
  • Status: in product factory queue
Coming soon
Read the blog while it is prepared
Gumroad checkoutHosted payment and file delivery
Local-first toolsNo private diff upload required
Commercial licenseUse in client and team workflows
Evidence-backedReal ZIPs, tests, and sample reports

Two tiers, one-time purchase, zero subscription

Basic Kit

$5one-time
  • Python CLI (standard library only)
  • Local HTTP API server
  • JSON output mode
  • CI exit code (high risk = 1)
  • GitHub Actions workflow template
  • Test suite (11 tests)
  • Quick start guide
  • Commercial license

Gumroad checkout includes hosted payment and file delivery.

Pro Pack

$19one-time
  • Everything in Basic, plus:
  • Multi-repo batch audit
  • Agency client review checklist
  • Pre-commit hook template
  • Slack / Teams webhook integration
  • Multi-repo GitHub Actions template
  • Priority email support
  • Commercial license

Gumroad checkout includes hosted payment and file delivery.

Compare: CodeRabbit is $24/user/month. Our one-time $5 Basic tier is cheaper than a coffee and the $19 Pro tier is still below one month of most AI review tools.

Premium value: not just a script — a review workflow

AI coding agents like Claude Code, Cursor, and Codex are fast. An agent can touch dependency files, auth middleware, Dockerfiles, CI pipelines, and secrets in a single session. The PR looks impressive — until production breaks.

Risk scoringPrioritize human review before merge.
CI gateFail high-risk AI diffs automatically.
Agency SOPUse a repeatable review checklist for client work.
Team alertsSend Slack/Teams notifications for risky patches.

Positioning: this is a local pre-review risk gate for AI-agent code changes — zero cloud, zero API keys, standard-library Python.

New: sample audit report Show your team what the risk review looks like before buying: findings, merge recommendation, and CI policy example. View sample report
New: ROI calculator Estimate reviewer time saved, risk-reduction value, and payback period for a one-time Pro Pack purchase. Open ROI calculator
Free: AI code review checklist The 6-point checklist for reviewing AI-agent diffs — free, no signup. Dependencies, auth, config, tests, secrets, generated code. Open the SEO checklist page
New: Buyer FAQ & objection handler Honest answers to every common objection — what it does, what it doesn't, false positives, pricing, and delivery. See FAQ & objections
New: Printable sample report Download a one-page PDF-like audit report: risk score, flags, recommendations, and CI policy example — print it or share it with your team. View printable report
New: Manual review vs risk audit Side-by-side comparison of manual review and the Risk Audit Kit — when to use each and how they complement each other. Compare approaches
SEO guide: Cursor code review risk checklist A focused review workflow for Cursor and AI coding agent diffs before merge. Open Cursor checklist
Claude Code diff risk review How to catch risky Claude Code diffs — dependency changes, auth edits, config drift, missing tests, and secret leaks — before they reach production. Open Claude Code review guide
New: CI Gate Templates Pack 11 drop-in CI/CD pipeline templates that block high-risk AI diffs in GitHub Actions, GitLab CI, Jenkins, CircleCI, and Git hooks. Configurable risk policy and notification templates included. View CI Gate Templates Pack
Blog: AI agent code review workflows Indexable articles for developers searching for AI-agent diff review, Cursor patch risk, and local CI gates. Open the blog
External write-up: DEV.to article A public explanation of the AI-agent diff risk checklist, example output, and local-first workflow. Read the DEV.to article

What it flags

  • Dependency changes — package.json, requirements.txt, go.mod, etc.
  • Config changes — .env, config.yaml, settings.py
  • Infra changes — Dockerfiles, docker-compose, CI pipelines
  • Auth/payment/security paths — sensitive area modifications
  • Missing test changes — source edits with no test edits
  • Large/generated changes — 500+ lines or generated paths
  • Secret-like literals — api_key=, token=, password= patterns

What buyers receive

  • Python CLI source (standard library only)
  • Local HTTP API server (--serve mode)
  • API schema endpoint (GET /audit/schema)
  • Quick start guide
  • Commercial license summary
  • Test suite (11 tests, passing)
  • GitHub Actions workflow template
  • Usage examples: CLI, JSON, API, CI gate, git hook

Example output

$ python agent_change_risk_auditor.py --diff change.patch

AI Agent Change Risk Audit
Risk level: high
Risk score: 63/100
Files changed: 2
Lines: +3 / -1

Flags:
- DEPENDENCY_CHANGE:package.json
- SOURCE_CHANGED_WITHOUT_TEST_CHANGE
- POSSIBLE_SECRET_LITERAL_IN_DIFF

Recommendations:
- Add or update tests for changed source files before merge.
- Remove secret-like literals and rotate exposed credentials if real.
- Review dependency changes manually and run lockfile/security checks.

API mode — local HTTP server

# Start the local API server
$ python agent_change_risk_auditor.py serve --port 8080
AI Agent Change Risk Audit API v1.2.0 running on http://127.0.0.1:8080
Endpoints: POST /audit (diff body), GET / (health), GET /audit/schema (JSON schema)

# Audit a diff via HTTP
$ curl -X POST http://127.0.0.1:8080/audit \
    --data-binary @change.patch \
    -H "Content-Type: text/plain"

# Get the JSON schema for audit results
$ curl http://127.0.0.1:8080/audit/schema
{
  "version": "1.2.0",
  "result_schema": { ... },
  "flag_descriptions": { ... },
  "risk_levels": { ... }
}

# Health check
$ curl http://127.0.0.1:8080/health
{"status": "ok", "service": "ai-agent-change-risk-auditor", "version": "1.2.0"}

Use --serve to integrate with CI pipelines, pre-receive hooks, or team dashboards — no deployment, no cloud, no API keys. The server runs entirely on your machine.

CI / Git hook integration

# .github/workflows/risk-gate.yml
- name: AI Change Risk Gate
  run: python agent_change_risk_auditor.py audit --diff diff.patch

# .git/hooks/pre-commit
git diff --cached > /tmp/staged.patch
python agent_change_risk_auditor.py audit --diff /tmp/staged.patch

How it compares

Feature This tool CodeRabbit Copilot Review SonarQube
Price$5 one-time$24/user/mo$19-39/user/mo$15+/user/mo
Local / no cloud
AI-agent risk flags
CI exit code gate
HTTP API mode✅ (cloud)✅ (cloud)
Secret detection⚠️ (cloud)
Zero API keys
Unlimited audits

FAQ

Does this replace code review?
No. It's a triage tool that tells you which parts of a diff need the most human attention. Always review code yourself before merging.
Does it scan for vulnerabilities?
No. Use Snyk, Dependabot, or OWASP Dependency-Check for vulnerability scanning. This tool flags review priority signals, not security vulnerabilities.
Does it send my code anywhere?
No. It's 100% local. No network calls, no cloud upload, no API keys. Your code never leaves your machine. The --serve mode binds to localhost only.
Can it produce false positives?
Yes. It uses pattern matching. Test fixtures may trigger "secret" flags, and generated-looking filenames may trigger "generated" flags. Use it as a triage signal, not ground truth.
What Python version do I need?
Python 3.10 or later. No external dependencies — just the standard library.
What's in the Pro Pack?
Multi-repo batch audit, agency client review checklist, pre-commit hook template, Slack/Teams webhook integration, and priority email support. Everything in Basic, plus team features.
What about refunds?
Contact us within 14 days for a full refund. No questions asked.
What is the --serve mode?
It starts a local HTTP API server on your machine (default: localhost:8080). Send POST /audit with a diff body, get a JSON risk report. GET /audit/schema returns the result schema. Great for CI pipelines and team tools. Zero deployment.
Still have doubts?
See the full objection handler & expanded FAQ for detailed answers to common concerns, or the manual review vs risk audit comparison.

Evidence instead of fake testimonials

No invented testimonials or fake customer logos. Use the sample report, checklist pages, public docs, ZIP hash, and test output to evaluate the product before buying.

View sample report Buy Pro on Gumroad

Compliance note

This product does not guarantee security, revenue, or bug-free software. It is a local review aid that helps prioritize human review. False positives are possible. Always run your own tests and security scans.