Skip to content
For engineering teams

Scheduled audits, owned by the team. Not a gate — a rhythm.

Watchdog is the independent codebase-assurance surveyor on your calendar — a survey you run, never a gate that blocks you. Catch the drift between sprints: the CAI climb, the slop-vs-brilliant composition, architecture and security drift, and a prioritized fix list for your AI assistant. The next scan proves the number moved.

Self-serve · No credit card · C#/.NET native · The first full report on any repo is free.

100%
reproducible — same commit, same rubric, same number
Daily
security watch — CVEs, secrets, regressions
€0
first scan on every repo
Where it fits your rhythm

On a schedule you own. Never a PR gate.

Calendar-driven audits catch what PR-only scanning can't: new CVEs, bus-factor risk, the rot that accrues when nobody commits.

On a schedule

Weekly, per sprint, monthly or quarterly — and it runs in the quiet months too, when nobody commits but the world keeps moving.

In the retro

A trend line per lens, slop falling as a visible team win, and a changelog — deltas, findings closed vs opened, features & fixes by area. The sprint retro writes itself.

Watched daily

New CVEs, leaked secrets, score regressions — surfaced the day they appear, between full surveys.

Before the big moments

Scan on demand before a release, a hand-over, or due diligence — with the same rubric the standing cadence uses.

Code composition

How much of your codebase is slop — and how much is brilliant?

Every scan scores the composition of the whole repo: the share that is genuinely brilliant and worth protecting, the fine middle ground, and the slop — duplication, dead scaffolding, unreviewed generated code. The split is on every report card, and the trend shows it falling.

Brilliant32%Fine48%Slop20%
Every scan computes the real split — protect the brilliant 32%, improve the fine 48%, and the fix list starts with the slop.
The whole codebase

What the CAI sees that a linter doesn't.

A linter is blind to architecture, ownership and composition — and to what rots between commits. Watchdog scores the system.

Code health

Complexity, duplication, dead code, IL method bloat read from the emitted bytecode, and test quality — does the test actually assert anything?

Architecture

Cycles, layer violations, DDD alignment — and a clickable C4 map for bounded-context systems, coupling drawn in red.

Security & compliance

CVEs (SCA for NuGet & npm), secrets, SAST posture — findings CWE-tagged, a CycloneDX SBOM with every scan.

Maturity & readiness

Tests, observability, ADRs, deployment signals — how ready the system is to run and to be handed over.

Behavioral analysis

Hotspots (churn × complexity), key-person/bus-factor, knowledge freshness, change coupling — mined from git history. Plus rebuild cost (€) and the slop-vs-brilliant split.

One neutral number

The behavioural signals of a dedicated tool are here too — rolled into one neutral, reproducible number and handed to your AI assistant. We never touch your code.

Reproducible measurement

Why not just ask an LLM?

An LLM gives you an opinion

Different every run, sees only the slice in its context window, and can't tell you whether the codebase is better or worse than last sprint.

We give you a measurement

Reproducible — same commit, same score. Trended — sprint over sprint, lens by lens. A fix oracle — hand the findings to Claude Code or Cursor over MCP, and the re-scan proves what landed. A board, a stakeholder or a client can re-run it.

Read-only by doctrine

We never touch your code.

Watchdog scans → you (or your AI) fix → we prove. The chain of custody on every change stays yours.

What Watchdog does

Hands you — and your coding agent, over MCP — the finding, the rule, the rationale, the file and line, and the score-impact. It never commits, never pushes, never opens a fix-PR.

What tools that refactor your code do

Edit, commit and open fix-PRs in their own engine. A measurer that rewrites what it grades can't stay neutral — and you lose chain-of-custody on every change.

How it works

Three steps.

Sign in with GitHub

Install the App on the org you want watched. GitHub access ⇒ Watchdog access.

Add a repo

The first scan runs immediately — a baseline CAI and a full report in minutes. The first full report is free.

Pick a cadence

Weekly, every sprint, monthly or quarterly — plus the daily security watch. Trends accrue on their own.

Put a number on your codebase.

Sign in with GitHub · no card · C#/.NET · the first full report is €0.