These terms apply to every Codebase Triage Report engagement. Submitting the intake form and granting repository access confirms that you accept them.

1. What the service is

The Codebase Triage Report is a fixed-scope, written readiness review of an existing software project. The deliverable is a Markdown/PDF report covering setup and developer experience, architecture and maintainability, testing gaps, developer-level security red flags, dependency and tooling health, cloud-readiness notes, prioritized findings, quick wins, and suggested first fixes.

2. What the service is not

The review is not a formal penetration test, security certification, compliance audit, production incident response, deployment service, implementation engagement, or a replacement for specialist legal, compliance, or security advice. No code changes are made as part of the report. Implementation work, where wanted, is quoted separately after delivery.

3. Scope and process

• The review is timeboxed and follows a documented methodology. The report lists its own limitations and the files and commands inspected.
• Safe local commands (install, build, lint, type-check, test) may be run where practical. If the project cannot be run from the provided instructions within a reasonable time, the review continues statically and setup friction is reported as a finding.
• Work starts once intake information, repository access, and payment (or agreed deposit) are received.

4. Your code and confidentiality

• Repository access is used solely to produce the report. Access is revoked, and local copies are deleted, after delivery.
• Your code and report are never shared with third parties.
• AI-assisted analysis tools are used as part of the review process. Every finding, severity rating, and recommendation in the report is verified by the reviewer.
• Do not send production credentials, private keys, live API secrets, or customer data. If any are discovered in the repository, this is reported as a finding; please rotate them.
• An NDA can be signed on request before access is granted.

5. Intellectual property

You retain all rights to your code. On full payment, you own the delivered report. The review methodology, templates, and checklists remain the property of Caladan Solutions.

6. Limitations and liability

• The report is a best-effort, timeboxed professional assessment. It does not guarantee that all bugs, vulnerabilities, or risks have been found.
• Decisions made on the basis of the report remain your responsibility.
• Total liability arising from an engagement is limited to the amount paid for that engagement.

7. Founding customer rate and guarantee

• The founding customer rate is offered in exchange for a short testimonial and permission to use an anonymized case study after delivery.
• Guarantee: if the report does not tell you anything you did not already know, you do not pay. To claim, say so in writing within 7 days of delivery.

8. Fit and refusal

Engagements may be declined before work starts where the project is out of scope (for example, very large repositories or requests outside the service boundaries) or where a conflict of interest exists. Any payment already made for a declined engagement is refunded in full.