Pre-submission audit

Get rejected here — not in review.

Aedis audits your app for security flaws, bugs, and store-rejection risks before you submit — then proposes fixes as red/green diffs you approve line by line. Nothing changes without your consent.

Start a free audit →how it works ↓

FREE IN BETA · NO ACCOUNT · YOUR CODE IS NEVER STORED

sec-hardcoded-secretHardcoded secret in client codesec-insecure-token-storageAuth credentials in insecure storagesec-cleartext-trafficSensitive data over cleartext HTTPsec-injectionUnsanitized input in a query or commandsec-weak-cryptoWeak or misused cryptographybug-unhandled-rejectionUnhandled promise / async errorbug-null-derefPossible null/undefined accessbug-race-stateState updated from stale valuebug-resource-leakUnreleased resource or listenerios-5.1.1-vMissing in-app account deletion (5.1.1(v))ios-5.1.1-iiGeneric permission usage string (5.1.1(ii))ios-3.1.1-iapDigital goods sold outside In-App Purchase (3.1.1)ios-5.1.2-attTracking without App Tracking Transparency (5.1.2)android-data-deletionNo account/data deletion pathandroid-data-safetyData collection not matching Data safety formandroid-dangerous-permissionSensitive permission without clear useandroid-exported-componentExported component without protectionsec-hardcoded-secretHardcoded secret in client codesec-insecure-token-storageAuth credentials in insecure storagesec-cleartext-trafficSensitive data over cleartext HTTPsec-injectionUnsanitized input in a query or commandsec-weak-cryptoWeak or misused cryptographybug-unhandled-rejectionUnhandled promise / async errorbug-null-derefPossible null/undefined accessbug-race-stateState updated from stale valuebug-resource-leakUnreleased resource or listenerios-5.1.1-vMissing in-app account deletion (5.1.1(v))ios-5.1.1-iiGeneric permission usage string (5.1.1(ii))ios-3.1.1-iapDigital goods sold outside In-App Purchase (3.1.1)ios-5.1.2-attTracking without App Tracking Transparency (5.1.2)android-data-deletionNo account/data deletion pathandroid-data-safetyData collection not matching Data safety formandroid-dangerous-permissionSensitive permission without clear useandroid-exported-componentExported component without protection

What it catches

Four audits in one pass.

Every audit runs your code against a curated catalog of 17 enumerable checks — the exact rules below, not a vague promise — plus model analysis for what a checklist can't enumerate. iOS and Android dimensions only run when your project actually targets them.

DIM / SECURITY

Security

The flaws that become incidents after launch.

Hardcoded secret in client code
Auth credentials in insecure storage
Sensitive data over cleartext HTTP
Unsanitized input in a query or command
Weak or misused cryptography

DIM / BUGS

Bugs

The crashes your reviewers will find first.

Unhandled promise / async error
Possible null/undefined access
State updated from stale value
Unreleased resource or listener

DIM / APP STORE

iOS App Store

Guideline traps that end in a rejection email.

Missing in-app account deletion (5.1.1(v))
Generic permission usage string (5.1.1(ii))
Digital goods sold outside In-App Purchase (3.1.1)
Tracking without App Tracking Transparency (5.1.2)

DIM / GOOGLE PLAY

Google Play

Policy and manifest issues Play flags at review.

No account/data deletion path
Data collection not matching Data safety form
Sensitive permission without clear use
Exported component without protection

How it works

Upload. Review. Approve.

The whole loop happens in one session — no account, no repo access, no CI hook. Drop a zip, read the findings, and walk away with a patch bundle you applied yourself.

Upload a zip of your project

Aedis detects what it's looking at — Expo, iOS, Android, web — and runs only the audits that apply. Processing is in-memory, per request.

Read findings as real diffs

Every finding comes with a proposed fix rendered as a red/green diff against yourfile — the full line you're approving, never a summary of it.

Approve, reject, download

Accept fixes one by one. The downloaded bundle contains only what you approved — rejected fixes change nothing, ever.

Trust

Built to be handed source code.

Aedis asks strangers for their proprietary code, so the handling rules are strict, written down, and verifiable.

How Aedis handles your code

THE SAME FOUR GUARANTEES SHOWN INSIDE THE APP

✓

Processed in memory, never stored

Your archive is extracted and analyzed per request. No database, no upload bucket, nothing retained after the response.

✓

Never used to train models

You keep all rights to your code and to the patches Aedis proposes for it.

✓

Never executed

Aedis reads your code; it does not run it. Analysis happens server-side — no key or credential ever ships to your browser.

✓

Nothing applied without approval

The consent gate is structural: the patch bundle is built from your approved list and nothing else.

IN WRITING → Privacy & Terms

Free while in beta. Submit with receipts.

One zip in, one reviewed patch bundle out.

Start a free audit →

NO ACCOUNT · NO STORED CODE · NO CARD