// pricing

build your own stack.

start with 3 free essentials. add tools à-la-carte from £3/mo. bundle for 30% off. or take all 27 with all-access.

// free, forever

the essentials.

three essential checks plus stack-map — a live, status-aware architecture diagram of your project that gets richer with every other tool you run. 1000 calls per month across all four. mcp install gets you everything with one URL.

securityFree

secret_leak_finder

fizzgig__secret_leak_finder

finds hardcoded api keys, tokens, and provider secrets in your source.

securityFree

rls_checker

fizzgig__rls_checker

checks supabase row-level-security policies for the 8 canonical leak shapes.

securityFree

dep_audit

fizzgig__dep_audit

reviews package.json + lockfile for placement, range, and integrity issues.

ux / dxFree

stack_map

fizzgig__stack_map

live architecture map of your stack — services, connections, status pills.

// the simple choice

all-access

bundles. 30% off.

pick the stack that fits the project. each bundle is a single subscription. you can stack bundles + individual tools too.

security stack

the 5 security checks every vibe-coded project needs.

£8 / mo

£10 à-la-carte

+fizzgig__cors_audit
+fizzgig__sql_injection_sniff
+fizzgig__prompt_injection_scan
+fizzgig__auth_flow_trace
+fizzgig__form_validation_audit

save £2/mo vs à-la-carte

compliance stack

pre-public-launch compliance — gdpr, cookies, regulatory, licensing.

£6 / mo

£8 à-la-carte

+fizzgig__gdpr_checker
+fizzgig__cookie_monster
+fizzgig__regulatory_compliance
+fizzgig__data_licence_review

save £2/mo vs à-la-carte

discoverability stack

be findable — both legacy SERP and AI-search engines.

£10 / mo

£12 à-la-carte

+fizzgig__seo_audit
+fizzgig__ai_search_audit
+fizzgig__content_quality

save £2/mo vs à-la-carte

brand & ux stack

visual + writing polish before anyone visits.

£8 / mo

£14 à-la-carte

+fizzgig__brand_consistency
+fizzgig__brand_completeness
+fizzgig__a11y_audit
+fizzgig__copy_tone_check
+fizzgig__broken_link_finder
+fizzgig__empty_state_finder
+fizzgig__legibility_review

save £6/mo vs à-la-carte

// à-la-carte

build your stack one tool at a time.

every tool individually subscribable. cancel any tool without affecting the rest. proration handled automatically.

tool	category	what it does	price
env_auditor	security	checks your .env file for credible secrets behind public prefixes.	£2 / mo
vuln_scanner	security	known-cve lookup against osv.dev for npm packages. closes the gap dep-audit (structural) leaves open.	Free
fetch_url_scanner	security	detects third-party apis called via fetch() urls (no installed sdk). emits architecture_facts for stack-map.	Free
cors_audit	security	inspects api routes for permissive cors configs.	£2 / mo
sql_injection_sniff	security	flags SQL built via interpolation, concatenation, or ORM raw escape hatches.	£2 / mo
prompt_injection_scan	security	flags prompt content for injection-vector smells.	£2 / mo
auth_flow_trace	security	traces every protected route back to its auth check + verifies webhooks.	£2 / mo
form_validation_audit	security	verifies client + server validation parity — catches the "client validates, server trusts" bug.	£2 / mo
gdpr_checker	compliance	cross-references your privacy policy against the live dependency tree.	£2 / mo
cookie_monster	compliance	checks cookie consent — banner presence, parity, withdrawal, pre-consent script firing.	£2 / mo
regulatory_compliance	compliance	industry-aware regulatory check — auto-detects relevant regulators from your code + claims.	£2 / mo
data_licence_review	compliance	cross-references known data sources against your attribution text + commercial use.	£2 / mo
a11y_audit	ux / dx	static WCAG check — alts, labels, semantic structure, keyboard nav.	£2 / mo
legibility_review	ux / dx	WCAG contrast + font-size + line-height. resolves your design tokens, composites translucent backgrounds, computes the real ratio.	£2 / mo
brand_consistency	ux / dx	reviews component code against your design tokens + universal sourdough principles.	£2 / mo
brand_completeness	ux / dx	checks the cross-surface brand metadata (favicons, og, theme-color, manifest).	£2 / mo
copy_tone_check	ux / dx	flags AI-generated tells, buzzwords, and prose-rhythm issues in marketing copy.	£2 / mo
broken_link_finder	ux / dx	flags empty hrefs, broken internal routes, anchor-id mismatches, mailto/tel issues.	£2 / mo
empty_state_finder	ux / dx	flags `.map()` over a list with no empty-state guard rendered.	£2 / mo
content_quality	ux / dx	reviews writing quality + structural quality from a human-reader perspective.	£2 / mo
seo_audit	discoverability	comprehensive traditional SEO review — URL, head, schema, body, security headers.	£5 / mo
ai_search_audit	discoverability	checks the signals AI search engines use — FAQPage, /llms.txt, E-E-A-T, server-rendered.	£5 / mo
launch_checklist	combo	pre-launch ritual — fan-out to every other fizzgig tool, single ship/dont-ship verdict.	£3 / mo

// community marketplace

build a tool. earn 80%.

the marketplace lets third-party authors publish tools to fizzgig. set your own price (£3–£10/mo). fizzgig takes 20%; you keep 80%. monthly payouts via stripe connect.

tools must conform to ADR-0009 (per-finding ai_context) + ADR-0011 (synthesis envelope). 2-week review cycle covering security, output schema, copy review.

submit a tool →

// faq

questions you might have.

can i use fizzgig with claude code?

yes. it works in any mcp-compatible client: cursor, claude code, windsurf, lovable, bolt, replit, zed (beta).

what counts as a "call"?

one tool invocation by your ai editor or terminal = one call. launch-checklist (the combo) counts as a single call regardless of how many sub-tools fan out from it.

can i mix individual tools and a bundle?

yes. bundles are just a 30% discount when you add a curated stack at once. you can keep adding individual tools on top.

what happens if i cancel a tool?

you keep access until the end of the billing period; then it disappears from your stack. your audit history stays intact.

do you see my code?

we never persist raw input. each tool returns a structured result + audit-log row. the audit-log row contains byte counts, which input slots were filled, and the result findings (with line context already redacted) — never the raw source.

can i build my own tools on top of fizzgig?

yes — that is the marketplace. submit a tool that conforms to ADR-0009 (ai_context schema) + ADR-0011 (synthesis envelope). you set the price within £3–£10/mo, fizzgig takes 20% commission, monthly payouts via stripe connect.

is there a self-hosted version?

not yet. roadmap: H2 2026.