ShipFix - Catch why your AI-built app breaks in production

Hey Product Hunt 👋 I built ShipFix after watching the same thing happen over and over: an app gets built fast with AI, works great on localhost, and then breaks on the basics the moment it's live — a Stripe webhook that was never signature-verified, an admin page that wasn't actually protected, a secret sitting in the repo, or a production build that fails on the first real deploy. The feature code is usually fine. It's the production surface around it that nobody checked. So ShipFix does one job: scan an AI-built app before launch, score launch-readiness 0-100, and hand back copy-paste fix prompts for Claude, Codex, and Cursor so you can fix things in the same tool you built with. A few things I want to be upfront about: - It's not a full penetration test or a security guarantee. It's a heuristic launch-readiness checklist. - Defensive live checks are consent-based and non-offensive: GET/OPTIONS only, against targets you confirm you own. - Exposed secrets are masked in the report. I'd genuinely love feedback: what launch blocker has bitten you that ShipFix should catch? What would make you trust, or not trust, a tool like this? Thanks for taking a look.