VISDOM CREATED WITH VISDOM

Every PR on this repo is reviewed by VCR

We don't demo on toy examples. VCR runs on its own codebase — metacircularly — on every pull request. The findings below are real.

See last PR review on GitHub ↗
28 bugs found $0.02 avg cost 14s avg time

RECENT PR REVIEWS ON THIS REPO

test: add comprehensive pipeline layer tests 8 findings $0.04 · 26s view →
refactor: simplify deterministic gate pattern matching 7 findings $0.00 · 4s view →
feat: add retry and caching to AI client 7 findings $0.03 · 13s view →

MEASURED METRICS — REAL RUNS

Findings by Severity

Per scenario · real run output

Cost Per Layer

L0+L1 free · L3 only runs for HIGH/CRITICAL

F1 Score vs Market

50 PRs · 5 repos · advisor judge · honest numbers

4× Hidden Tax Breakdown

50-seat team · license is only 5% of real cost

PR TRIAGE PATH — L0 → L1 → L2 → L3

How each PR moves through the pipeline

Click a scenario to trace its path. Each layer shows what was found and why the gate made its decision.

← Select a scenario to trace its path

WHEN DOES THE HUMAN ENTER?

From PR opened to human decision

Click any scenario to see the full timeline. Click any event for details.

← Select a scenario

DEMO SCENARIOS — REAL RUNS, REAL FINDINGS

METACIRCULAR · TypeScript

Securing the AI Client

Hardcoded API key, PII in logs, retry without backoff

PR: feat: add retry and caching to AI client

● 1 critical ● 4 high ● 2 medium
  • critical Hardcoded secret or credential
  • medium Overly broad exception catch
  • high Retry loop without backoff causes thundering herd
$0.03 13s
View PR #1 on GitHub →
METACIRCULAR · TypeScript

Refactoring the Gate

Weakened SQL check, timing-unsafe compare, SSRF rule disabled

PR: refactor: simplify deterministic gate pattern matching

● 1 critical ● 5 high ● 1 medium
  • high SQL query built with string concatenation or interpolation
  • high Async callback in forEach (fire-and-forget)
  • medium Potential null/undefined dereference
$0.00 4s
View PR #2 on GitHub →
METACIRCULAR · TypeScript

Hollow Test Suite

15 tests mocking their own subjects — zero behavioral assertions

PR: test: add comprehensive pipeline layer tests

● 6 high ● 2 medium
  • high 4/15 tests are circular (mock-on-mock)
  • high Mock inconsistency: AIQuickScan.gate.proceed = false prevents L3 execution
  • high Layer:start event count assertion is fragile and incomplete
$0.04 26s
View PR #3 on GitHub →
STANDALONE · Python

Payment Service

SQL injection via f-string, card data in logs, weak JWT secret

PR: feat: add payment processing endpoint

● 3 critical ● 3 high
  • high SQL query built with string concatenation or interpolation
  • critical Full card number and CVV logged in plaintext
  • critical Hardcoded secret key in source code
$0.02 13s
Local run — no GitHub PR

LIVE METRICS DASHBOARD

Team health — measured on every PR

Anonymous read access · updates on every PR · powered by Grafana on fly.io

VCR Grafana dashboard showing PR metrics and findings per week
Open live dashboard ↗ Hosted on fly.io · cold start ~5s