A linter for production readiness

We've broken
production too.

That’s why we built a linter that flags incident-class threats our tests and reviews happily let through.

No code storage Respects .gitignore

pipeline.py Python

12 13 14 15 16 17 18

async def process_events(stream: AsyncIterator[Event]) -> int:
buffer = []
buffer = deque(maxlen=10000)
async for event in stream:
buffer.append(event)
if should_flush():
await batch_insert(buffer)
return len(buffer)

handlers.go Go

28 29 30 31 32 33 34

func SearchHandler(w http.ResponseWriter) {
results := make(chan Result)
ctx, cancel := context.WithTimeout(ctx, 5*time.Second)
go func() {
results <- searchDB(query)
}()
r := <-results
json.NewEncoder(w).Encode(r)

checkout.ts TypeScript

45 46 47 48 49 50 51 52

async function processPayment(order: Order) {
const charge = await stripe.charges.create({
const charge = await stripe.charges.create({
amount: order.total,
currency: 'usd',
idempotencyKey: order.id,
source: order.paymentMethod
});
return charge;

Operations starts
in your code

Because behavior, failure, and scale are already decided there.

You write code. The fun part.

Every function you add defines how your system behaves under load. Every dependency shapes latency, retries, and failure modes. You’re not “just coding” — you’re defining how this thing survives reality.

Write code the way you already do. Same editor. Same stack. Same flow.

Python

Rust

TypeScript

We flag the unfun parts,
the stuff that bites.

Two commands. One maps your system's behavior. The other finds what will break it.

CLI

VSCode

AI Agents

unfault ask

"What endpoints exist in this service?"

→ Get the full route map with handlers

→ Trace the call graph for any function

"What calls this?" · "What dependencies does X have?" · "Show me the graph"

unfault review

What unfault finds for you

→ Concrete reliability and performance risks

→ Why they matter at runtime (deploys, load, failure)

→ Actionable fixes you can apply immediately

e.g. missing graceful shutdown → requests dropped during deploys

ask maps behavior so you can reason about the system. review finds what will break and gives you code to fix it.

Unfault doesn’t replace engineers.
It gives developers the operational context they usually only get after things break.

The Unfault Philosophy

Operations don’t start at deploy.
They start at line one.

Most tools treat reliability as something you configure after the code is written. We think that's backwards.

Every function you write shapes how your system behaves under load. Every error handler decides what happens when things go wrong.

You're already doing operations. Unfault just helps you see it. Unfault is built by engineers who trip over themselves way too often.

What Unfault Does

Three things. Done well.

We don't try to be everything. We ship code review, codebase Q&A, and IDE integration. That's it. Ship fast, sleep well.

Review

The reviewer that doesn't get tired

Run unfault review and get back a list of production-readiness issues. Missing timeouts, unbounded retries, silent errors, race conditions. The stuff that works fine locally and makes you pull your hair down the road.

Reviews your codebase in under 300ms
Findings comes with a ready-to-apply patch
Python, Go, TypeScript, Rust (and counting)

terminal

$ unfault review

→ Analyzing fastapi-app... 186ms

Languages: python

Frameworks: fastapi

Dimensions: stability · correctness · performance

Reviewed: 1 file · parse 3ms · engine 40ms

Cache: 100% Trace: e8fd7a20

⚠ Found 19 issues

run with --fix to apply patches

4 high · 15 medium

🟠 High (4 issues)

[python.http.blocking_in_async] Blocking HTTP call via `requests.get` inside

async function `get_posts`

[python.resilience.missing_circuit_breaker] HTTP call to external service in

`get_user` lacks circuit breaker protection

🟡 Medium (15 issues)

[fastapi.missing_cors] FastAPI app `app` has no CORS middleware configured

[python.fastapi.missing_exception_handler] FastAPI app `app` has no exception

handlers

[python.fastapi.missing_input_validation] POST endpoint '/webhook' has typed

as 'dict' body parameter 'data' - use Pydantic model for validation

[python.fastapi.missing_rate_limiting] FastAPI application lacks rate limiting

terminal

$ unfault ask "how do we handle auth?"

Analyzing code graph...
→ Found 3 related modules
→ Tracing call paths from API routes...

Authentication flow identified:

1. Request hits POST /login
   └─ calls AuthHandler.login()
      └─ uses bcrypt for password check
      └─ calls TokenService.issue()

2. Middleware AuthMiddleware intercepts requests
   └─ validates JWT via pyjwt

Graph context: 12 nodes, 8 edges traversed

Ask

Ask your codebase questions

Powered by the Unfault Graph. We don't just grep your code; we map it. Files, functions, classes, API routes, and their relationships are indexed into a semantic graph. When you ask "How does auth work?", we traverse the call graph to give you the complete picture.

Graph-augmented RAG for deep context
Understands imports, calls, and dependencies
Maps API routes to their handlers automatically

IDE & CLI

Where you work, when you work

VS Code extension shows issues as you type. CLI runs in CI/CD. Same engine, different interfaces. Use whichever fits your flow.

VS Code extension with inline diagnostics
CLI with proper exit codes for CI/CD
Works with AI coding agents via MCP

HTTP Client Missing Timeout

Resilience

Missing Graceful Shutdown

Resilience

No Structured Logging

Observability

Unbounded Memory Operation

Incident Patterns

Unbounded Concurrency

Performance

+ 14 more issues found

These aren't style nitpicks. They're missing timeouts, N+1 queries, and unhandled errors—the patterns that cause incidents.

Every framework we've tried so far had the same patterns.

Pricing

One tool. One price.

Developers we love

$14 /mo

Sustainable pricing for all developers.

Unlimited Scans Run it locally or in CI as much as you want

All Languages & Rules Python, Go, TS, Rust + all future additions

Full Platform Access VS Code extension, CLI, and Dashboard

Privacy First We analyze in memory & discard immediately

No per-seat tax We kind of like you. Install it wherever you ship code.

Start 14-Day Free Trial

No credit card required Cancel anytime

Frequently Asked Questions

How does the 14-day trial work?

Sign up and get full access to all features for 14 days. No credit card required. If you love it, subscribe to keep going.

What languages are supported?

Python, Go, TypeScript, and Rust. We're adding more languages based on user demand. Each language has framework-specific rules too.

Can I use Unfault in CI/CD?

Yes! Use our CLI in any CI/CD pipeline. It returns proper exit codes and can output findings in JSON format for integration with other tools.

Is there a team or enterprise plan?

We're keeping it simple for now: one plan, full access. Reach out if you have specific needs and we'll be happy to chat.

Is this a SRE tool?

It’s a developer tool that makes SREs' lives easier (well hopefully anyway). You run it where you write or review code. We love SREs and we don't believe in replacing the human loop at all.

Tools should support your flow, not meter it.

We've brokenproduction too.

Operations starts in your code

You write code. The fun part.

We flag the unfun parts, the stuff that bites.

Operations don’t start at deploy. They start at line one.

Three things. Done well.

The reviewer that doesn't get tired

Ask your codebase questions

Where you work, when you work

What Unfault Catches

Top issues found in Spring Boot:

Top issues found in FastAPI:

Top issues found in Django:

Top issues found in Next.js:

Top issues found in Express: