// catalogue

27 tools. one mcp url.

pick what fits your stack — 6 free tools land on install, add à-la-carte tools as you need them, or unlock the lot with all-access. free tools are pinned to the top regardless of how you sort or filter.

sort:

showing 27 of 27

fetch_url_scanner

fizzgig__fetch_url_scanner

detects third-party apis called via fetch() urls (no installed sdk). emits architecture_facts for stack-map.

fizzgig__stack_map

live architecture map of your stack — services, connections, status pills.

fizzgig__vuln_scanner

known-cve lookup against osv.dev for npm packages. closes the gap dep-audit (structural) leaves open.

fizzgig__dep_audit

reviews package.json + lockfile for placement, range, and integrity issues.

fizzgig__rls_checker

checks supabase row-level-security policies for the 8 canonical leak shapes.

secret_leak_finder

fizzgig__secret_leak_finder

finds hardcoded api keys, tokens, and provider secrets in your source.

auth_flow_trace

fizzgig__auth_flow_trace

traces every protected route back to its auth check + verifies webhooks.

fizzgig__cookie_monster

checks cookie consent — banner presence, parity, withdrawal, pre-consent script firing.

data_licence_review

fizzgig__data_licence_review

cross-references known data sources against your attribution text + commercial use.

form_validation_audit

fizzgig__form_validation_audit

verifies client + server validation parity — catches the "client validates, server trusts" bug.

fizzgig__gdpr_checker

cross-references your privacy policy against the live dependency tree.

legibility_review

fizzgig__legibility_review

WCAG contrast + font-size + line-height. resolves your design tokens, composites translucent backgrounds, computes the real ratio.

regulatory_compliance

fizzgig__regulatory_compliance

industry-aware regulatory check — auto-detects relevant regulators from your code + claims.

fizzgig__a11y_audit

static WCAG check — alts, labels, semantic structure, keyboard nav.

discoverability

ai_search_audit

fizzgig__ai_search_audit

checks the signals AI search engines use — FAQPage, /llms.txt, E-E-A-T, server-rendered.

brand_completeness

fizzgig__brand_completeness

checks the cross-surface brand metadata (favicons, og, theme-color, manifest).

brand_consistency

fizzgig__brand_consistency

reviews component code against your design tokens + universal sourdough principles.

broken_link_finder

fizzgig__broken_link_finder

flags empty hrefs, broken internal routes, anchor-id mismatches, mailto/tel issues.

content_quality

fizzgig__content_quality

reviews writing quality + structural quality from a human-reader perspective.

copy_tone_check

fizzgig__copy_tone_check

flags AI-generated tells, buzzwords, and prose-rhythm issues in marketing copy.

fizzgig__cors_audit

inspects api routes for permissive cors configs.

empty_state_finder

fizzgig__empty_state_finder

flags `.map()` over a list with no empty-state guard rendered.

fizzgig__env_auditor

checks your .env file for credible secrets behind public prefixes.

launch_checklist

fizzgig__launch_checklist

pre-launch ritual — fan-out to every other fizzgig tool, single ship/dont-ship verdict.

prompt_injection_scan

fizzgig__prompt_injection_scan

flags prompt content for injection-vector smells.

discoverability

fizzgig__seo_audit

comprehensive traditional SEO review — URL, head, schema, body, security headers.

sql_injection_sniff

fizzgig__sql_injection_sniff

flags SQL built via interpolation, concatenation, or ORM raw escape hatches.

save 30% with a stack bundle.

security · compliance · discoverability · brand & ux — pick the curated stack that matches your project.

see bundles →