Free · Automated · No account needed

Quick Score

A free automated read against the HRC v2.0 10-category rubric. Submit a public GitHub URL, a private repo with a short-lived token, or a zip upload — your code never leaves the scan. Get a single letter grade, your three biggest takeaways, and an embeddable score badge for your README. About 5 minutes.

What you get

A letter grade A through F + score out of 100
10-category bar chart— Security, Reliability, Maintainability, etc. so you can see where you're strong and where you're thin
Three takeaway titles — the biggest things to address (full descriptions and fixes are in the paid tiers)
Embeddable badge — drop into your README, anchored to the commit you submitted, 90-day freshness window
Email follow-up — link to your result page; option to upgrade to a paid Standard ($2,000) review if you want the full findings

What you don't get (in the free tier)

·The full per-category breakdown with file:line citations — that's the paid Standard.
·Prioritized P0/P1/P2/P3 action list with effort estimates and cost-of-inaction.
·Decisions Required section, Open Questions section, or re-review delta tooling — paid only.
·A 30-minute walkthrough with Daniel — that's in the Standard ($2,000) tier.
·Human verification. Quick Score is generated by the same tooling we use for paid reviews, but it isn't finalized by a human engineer — that's what you pay for in Standard / Comprehensive.

What we score, and how

Quick Score uses the same 10-category HRC v2.0 rubric as every paid review — same weights, same letter-grade ladder. The score you get is calibrated against the same standard as our $2K and $4K reviews. The difference is depth of finding detail and human verification. Read the full rubric (Field Notes Vol 06) →

Not a generic LLM scan. Quick Score runs a deterministic pre-filter first (secrets, dep CVEs, config gaps) then feeds those findings into the LLM as facts — hybrid review, not pure LLM. Read “The Sycophancy Tax” (Field Notes Vol 07) →

Why we give this away

Most people don't know if their code is real. Cursor and Claude told them it "looks great." Their friends don't know either. The Quick Score is our way of telling you the truth, in 5 minutes, for free. If you're a B+ already — congrats, here's your badge. If you're a D — that's also useful, and we can help.

Get my Quick Score

Your email

We email you the result. No marketing emails unless you opt in.

What kind of project is this?

Severity calibrates to this. Same finding, different stakes — pick what matches reality.

Personal project

Side code, no real users yet.

Missing rate limit → P3

Internal tool

Your team uses it. Handful of users.

Missing rate limit → P2

Customer-facing product

Real users, real money or trust on the line.

Missing rate limit → P1

Multi-tenant SaaS

Data isolation between customers matters.

Missing rate limit → P1 · cross-tenant leaks → P0

Regulated context

HIPAA / PCI / SOC2 / financial.

Missing rate limit → P0 · audit log gap → P0

Public GitHub URL

Anonymous read of the default branch. The commit SHA is recorded in your result so the score is anchored to what we actually saw.

I have the right to submit this codebase for review. HRC does not retain, fork, or repurpose the code beyond producing the Quick Score and badge. The score is anchored to the commit / zip hash submitted.

Skip ahead?

If you already know you want the full review: Standard at $2,000.