VentureOSEvidence Review + Signed Receipt
Generate Your Own Review

Sample software trust memo

Should you trust this software?

Decision

INVESTIGATE

The app is commercially reviewable, but ownership, webhook, and deployment evidence must be tightened before a buyer, investor, or operator should proceed.

ArtifactSigned review
EvidenceScoped claims
DecisionInvestigate
Buyer useDiligence ready
High+9 score

Project mutation needs server-side ownership validation

app/api/projects/[id]/route.ts

Route updates a project after parsing request input. The sample evidence does not show an owner check before mutation.

View fix
Medium+6 score

Billing webhook reliability cannot be verified from submitted source

app/api/stripe/webhook/route.ts

Submitted files include checkout creation, but webhook signature handling was not included in the evidence package.

View fix
Medium+4 score

Deployment environment requirements are incomplete

.env.example

The app references queue and AI provider env vars, but the submitted deployment manifest does not list all required variables.

View fix

Fix plan

Step 1: Project mutation needs server-side ownership validation

Expected result: +9 score and lower buyer-visible risk.

const session = await requireSession();
const project = await db.project.findUnique({ where: { id: params.id } });
assertOwnership(project, session);
return Response.json(await updateProject(project.id, input));

Step 2: Billing webhook reliability cannot be verified from submitted source

Expected result: +6 score and lower buyer-visible risk.

const body = await request.text();
const signature = headers().get("stripe-signature");
const event = stripe.webhooks.constructEvent(body, signature, webhookSecret);

Step 3: Deployment environment requirements are incomplete

Expected result: +4 score and lower buyer-visible risk.

GEMINI_API_KEY=
ENCRYPTION_KEY=
REDIS_URL=
STRIPE_SECRET_KEY=
STRIPE_WEBHOOK_SECRET=

History

Scan 1

Initial report

52

Scan 2

Auth and persistence fixes verified

67

Scan 3

Remaining billing and deploy checks unresolved

74

Launch panel

Readiness

74

Status

RISKY

Trend

UP

Fix ownership validation before buyer review.

Verify Stripe webhook signature handling.

Attach deployment env evidence before claiming production-ready.

Build Review

Buyer-ready evidence

Generate your own evidence review from real source evidence.

Free ReviewBuild Review