under the hood

Nine sections. Real research. A validation pass at the end.

Give us a company name and an industry. We do the rest. About six minutes later you get back nine JSON chunks with citations on every claim.

Try it free See a real audit

Inputs

Two required fields: company name and industry. Optional: location, employee count, a git repo URL or local path if you want technical analysis run against actual code.

Tools we use

Brave web search for queries. Live HTTP fetches against the company's own pages. Public-records APIs where available (Bolagsverket for Swedish entities). Optional code reading.

Outputs

Nine JSON chunks streamed as they're produced (SSE). PDF export at the end. All sections individually retrievable via the REST API.

the pipeline

What happens in the six minutes.

Each step runs as a separate LLM call with its own tool budget. Chunks land in MinIO as they complete — your client sees progress in real time over a server-sent-events stream.

step 01

Company research

Identify the entity. Website, founding date, headquarters, employee count, founders. Disambiguates 'Acme Corp' from the seven other Acme Corps that exist.

WebSearchWebFetch→ company.json

step 02

Financial research

Revenue, growth, funding rounds, public-records lookup. For Swedish targets we hit Bolagsverket and Allabolag; for US targets we lean on SEC filings, Crunchbase, and reported press.

WebSearchWebFetchpublic-records→ financial.json

step 03

Tech & compliance

Tech stack inferred from the company's own pages plus public sources. Compliance posture verified by reading their /security or trust-portal page — SOC 2, ISO 27001, GDPR, DPA terms.

WebSearchWebFetchRead→ technical.json

step 04

Risk assessment

Three to five concrete risks, each with severity (critical / high / medium / low), specific impact, and a mitigation suggestion. No generic 'market headwinds' filler.

WebSearchWebFetch→ risks.json

step 05

Recommendations

Five to eight prioritised actions. Each rated by priority (immediate / short-term / long-term), effort, impact, and a realistic timeframe.

→ recommendations.json

step 06

Scoring

Six-axis score: technical, security, maintainability, scalability, industry fit, financial. Plus an overall. This step runs on Anthropic's Claude Sonnet 4.5 for tighter JSON compliance; the rest runs on DeepSeek-v3.2.

→ score.json

step 07

Executive summary

Synthesises the other sections into an overview, key findings, critical issues, strengths, and top recommendations. The first thing a decision-maker reads.

→ executive-summary.json

step 08

Industry analysis

Market position, competitors (by name), opportunities, and threats. Treats every claim as falsifiable — if the model can't name a competitor, it doesn't invent one.

→ industry-analysis.json

step 09

Validation

Independent fact-check pass over the assembled audit. Flags hallucinated metrics, wrong product names, broken-link citations. Corrections are applied in-place before the audit is marked complete.

→ validation.json

from the CLI

terminalbash

audit -c "Spotify" -i "Music streaming" -l "Sweden" -s "9000+"

The CLI and the hosted product run the same pipeline. The CLI is MIT-licensed and lives in the audit repo on GitHub (link in the docs).

the boring part

On the model choice — for the technical buyer.

Most steps run on deepseek/deepseek-v3.2-exp via OpenRouter. The scoring step routes to anthropic/claude-sonnet-4.5 because it produces tighter strict-JSON output where it matters most.

We benchmarked it. DeepSeek lands roughly 15% behind Sonnet on named-entity specificity (Sonnet tends to surface more concrete names), but is ~175× cheaper per token. The hybrid keeps cost at roughly two cents per audit while keeping the section that has to parse as JSON safe.

Search is Brave Search; fetch is plain HTTP with a respectful UA. There's no crawler, no scraping plugin, no third-party data resale.

Run one yourself See the API