Skip to content
For engineering teams

Scheduled audits, owned by the team. Not a gate — a rhythm.

Watchdog is the independent codebase-assurance surveyor, on your calendar — a survey you run, never a gate that blocks you. A scheduled audit you can trend — catch the drift between sprints before it compounds; the team owns it, it never blocks a PR. Weekly, every sprint, monthly or quarterly: the Codebase Assurance Index (CAI) climb, the slop vs brilliant composition, where architecture and security are drifting, and a prioritized fix list for your AI assistant — then the next scan proves the number moved.

From €135 / mo · scales with lines scanned · pricing →

Self-serve · No credit card · C#/.NET native · The first full report on any repo is free — public or private.

Lawn Of War Exemplary
CAI92 / 100
4592↑ +47
Code health 89
Architecture 97
Maturity 95
Readiness 92
Security 100
Rebuild cost~€130,000
Bus factor1 of 3 devs
Lines of code13,254

The trend line your retro puts on the wall — better or worse since last sprint, with receipts.

100%
reproducible
Daily
security watch
€0
first scan
What you read

Where the drift is — and where to point the team.

Where it fits your rhythm

On a schedule you own. Never a PR gate.

Calendar-driven audits catch what PR-only scanning can't: CVEs, bus-factor risk, and rot that compounds when nobody commits. Your retro trends it; your security watch surfaces regressions the day they appear.

On a schedule

Weekly, every sprint, monthly or quarterly — the audit runs even in quiet months, when CVEs and bus-factor risk accrue with zero commits.

In the retro

A trend line per lens you can put on the wall — better or worse since last sprint, with receipts. Slop falling is a team win you can see. And every survey ships a changelog — CAI & per-lens deltas, findings closed vs opened, the features & fixes that landed by area — so the sprint retro writes itself.

Watched daily

The security watch surfaces new CVEs, leaked secrets and score regressions the day they appear — between full scans.

Before the big moments

Scan on demand before a release, a handover or a due-diligence — the report is the evidence, the trend is the story.

Code composition

How much of your codebase is slop — and how much is brilliant?

Every scan scores the composition of the whole repo: the share that is genuinely brilliant and worth protecting, the fine middle ground, and the slop — duplication, dead scaffolding, unreviewed generated code. The split is on every report card, and the trend shows it falling.

Brilliant Fine Slop 32% 48% 20%
Every scan computes the real split — protect the brilliant 32%, improve the fine 48%, and the fix list starts with the slop.
The whole codebase

What the CAI sees that a linter doesn't.

A linter scores files one rule at a time and is blind to the architecture, ownership, and composition of the system. Watchdog scores the whole repo.

A linter:
  • Blind to architecture, ownership and composition
  • Blind to what rots between commits — CVEs, bus factor, obsolescence
Watchdog scores the system:
  • Code health — complexity, duplication, dead code, IL method bloat (read from the emitted bytecode), test quality
  • Architecture — cycles, layer violations, DDD alignment — and, for bounded-context systems, a clickable C4 map of your contexts coloured by health with the coupling drawn in red
  • Security & compliance — CVEs (SCA for NuGet & npm), secrets, SAST, posture — CWE-tagged, with a CycloneDX SBOM every scan
  • Maturity & readiness — tests, observability, ADRs, deploy
  • Behavioral analysis — hotspots (churn × complexity), key-person / bus-factor risk, knowledge freshness, and change coupling, mined from your git history
  • Plus rebuild cost (€) and the slop-vs-brilliant split

The behavioral signals a dedicated behavioral-analysis tool gives you — hotspots, ownership, change coupling — are here too, mined from the same git history. The difference: ours roll into one neutral, reproducible number you can trend, they're handed to your AI assistant to act on, and we never touch your code to produce them.

Reproducible measurement

Why not just ask an LLM?

An LLM opinion changes every time you ask it. A measurement you can trend — and stake a decision on — requires reproducible scoring.

An LLM gives you an opinion

A different answer every run — nothing you can trend or stake a decision on. Only sees the slice that fits its context window. Can't tell you whether you're getting better or worse.

We give you a measurement

Reproducible — the same CAI every time, across the whole codebase. Trended — every scan appends; regressions surface with the next scan. A fix oracle — hand the prioritized findings to Claude Code or Cursor, then re-scan to prove the number moved.

And it's an open standard, not our black box

The CAI is an open, reproducible standard — the algorithm, the lenses and the rubric are public, and the reference scorer is open source. So the number you trend isn't a vendor's say-so: when you put it in front of a board, a stakeholder or a client, they can re-run the open scorer over the evidence and get the same number themselves. The CAI standard → cai.canine.dev · Reproduce it →

Read-only by doctrine

We never touch your code.

Watchdog measures; it never modifies. We hand the intelligence to you and your AI — then you make the change. scan → you (or your AI) fix → we prove.

What Watchdog does

Hands you — and your coding agent over MCP — the finding, the rule that fired, the rationale, the file and line, and the score-impact of fixing it. You apply the change in your own environment; the next scan proves it landed. We never commit, never push, never open a fix-PR.

What tools that refactor your code do

Some tools edit your code for you — apply refactorings, commit suggestions, open fix-PRs. A measurer that also rewrites the thing it grades can't stay neutral, and you lose chain-of-custody on the change. We stay the independent instrument: the hand on your code is always yours.

How it works — for you

How it works.

1 · Sign in with GitHub

Install the App on the org you want watched. GitHub access ⇒ Watchdog access.

2 · Add a repo

First scan runs immediately — a baseline CAI and full report in minutes. The first full report is free.

3 · Pick a cadence

Weekly, every sprint, monthly or quarterly — plus the daily security watch. Trends accrue on their own.

  • EU data residency Processed only on hardware we own in Denmark — no cloud provider in the path.
  • No third-party AI The language model is self-hosted; your code is never sent to OpenAI, Anthropic or Google.
  • Source never persisted Each scan clones, analyses, then deletes the working copy — and we never train on your code.
  • Read-only by doctrine We measure and advise; we never commit, push, or edit your code.

Read the full security & data statement →

Put a number on your codebase.

First full report per repo free — public & private · see pricing · what we measure