CodeArch
Architecture Audits for AI-Assisted Development
24 checks no other tool performs.
Same-day results.
We built 1.1M+ lines with AI assistance. Here's how we governed it—and how you can too.
THE PROBLEM
AI coding assistants are powerful but unpredictable.
Your team is using Copilot, Claude, or GPT to write code. But you have:
- No industry standard for AI-generated code quality
- Inconsistent outputs across sessions
- No audit trail for AI decisions
- No way to prove compliance to stakeholders
- Knowledge loss between development sessions
pylint catches style issues.
mypy catches type errors.
bandit catches security vulnerabilities.
Nobody catches architectural violations. Until now.
THE SOLUTION
24 architecture checks that no existing tool offers
CodeArch performs checks that pylint, flake8, mypy, and bandit simply don't:
Protocol/Implementation Verification
Missing interfaces, orphan implementations
Ensures contracts exist before code
Dependency Injection Audit
Singletons, factory functions, concrete types in constructors
Keeps code testable and maintainable
Async Hygiene
Sync I/O in async code, blocking HTTP calls, asyncio bridges
Prevents performance bottlenecks
Event Immutability
Mutable dataclasses, untracked state changes
Enables reliable audit trails
Architectural Anti-Patterns
Circular imports, hardcoded paths, oversized files
Maintains long-term code health
THE 24 CHECKS
Every check, every severity
| # | Check | Description | Severity |
|---|---|---|---|
| 1 | L1.1 |
Protocol count check | BLOCKER |
| 2 | L1.2 |
Implementation has Protocol | BLOCKER |
| 3 | L1.3 |
No orphan implementations | BLOCKER |
| 4 | L2.1 |
No singleton patterns | BLOCKER |
| 5 | L2.2 |
No get_* factory functions | BLOCKER |
| 6 | L3.1 |
No sync I/O in async code | BLOCKER |
| 7 | L3.2 |
No asyncio.run bridges | BLOCKER |
| 8 | L3.3 |
No blocking HTTP calls | BLOCKER |
| 9 | F1 |
No direct DB access | BLOCKER |
| 10 | F2 |
No singletons | BLOCKER |
| 11 | F3 |
No concrete types in init | BLOCKER |
| 12 | F4 |
No sync I/O in async context | BLOCKER |
| 13 | F5 |
No asyncio bridges | BLOCKER |
| 14 | F6 |
No hardcoded paths | WARNING |
| 15 | F7 |
No files > 500 lines | WARNING |
| 16 | F10 |
Immutable dataclasses | WARNING |
| 17 | Q1 |
Line count per file | INFO |
| 18 | Q2 |
Method count per class | INFO |
| 19 | Q3 |
Import depth check | INFO |
| 20 | Q4 |
Circular import detection | CRITICAL |
| 21 | S4 |
Audit trail exists | WARNING |
| 22 | S5 |
Multi-provider check | WARNING |
| 23 | S6 |
No SQLite-specific syntax | WARNING |
| 24 | S7 |
No credentials in code | BLOCKER |
THE PROOF
We proved the methodology on ourselves.
CodeArch isn't theoretical. We used it to build 1.1 million lines of production code with AI assistance.
Lines of production code
Audit score
Blockers
Learned patterns
Test functions
LLM providers tested
Our audit won't rubber-stamp your code. If evidence is insufficient, it says so. The 98/100 score demonstrates system honesty—the remaining 2% are calibration checks that won't pretend to pass.
DIFFERENTIATION
What makes CodeArch different
| Check Category | pylint | flake8 | mypy | bandit | CodeArch |
|---|---|---|---|---|---|
| Protocol/Implementation pattern | ❌ | ❌ | ❌ | ❌ | ✓ |
| DI constructor verification | ❌ | ❌ | ❌ | ❌ | ✓ |
| Async hygiene (sync in async) | ❌ | ❌ | ❌ | ❌ | ✓ |
| Event immutability | ❌ | ❌ | ❌ | ❌ | ✓ |
| Architectural anti-patterns | ❌ | ❌ | ❌ | ❌ | ✓ |
Those tools are essential—use them. They catch style, types, and security. But they don't catch architectural violations. CodeArch does.
USE CASES
Who uses CodeArch
AI Adoption Governance
Your developers are excited about Copilot, Claude, or GPT. But without governance, you're accumulating technical debt faster than ever. CodeArch provides the audit trail your AI-assisted development needs.
Quality Incident Response
Something broke. The postmortem revealed an architectural flaw that slipped through code review. CodeArch performs a complete audit, prioritizing blockers that could cause the next incident.
Compliance Initiative
Regulators and auditors are asking about your AI-assisted development practices. You need evidence—not just policies. CodeArch provides documented proof your code meets architectural standards.
Technical Due Diligence
Someone wants to see under the hood. They need confidence that your codebase is maintainable and architecturally sound. CodeArch delivers an objective assessment with quantified metrics.
PROCESS
How it works
Share Your Codebase
Secure code transfer via your preferred method. We sign NDAs as needed.
Run the Audit
Our framework runs all 24 checks against your codebase. Fully automated, deterministic results.
Get Your Report
Same-day delivery. Full findings with severity classification and prioritized remediation guidance.
Walkthrough Call
30-minute call to review findings, answer questions, and discuss remediation priorities.
FAQ
Frequently asked questions
What languages does CodeArch support?
CodeArch currently supports Python codebases. Additional language support is on our roadmap.
Is my code secure?
Yes. We sign NDAs, use encrypted transfer, and delete code after audit completion. We never retain your code or use it for any other purpose.
How long does the audit take?
Same-day delivery for most codebases. Larger codebases (500K+ lines) may require 24-48 hours.
What if I disagree with a finding?
Every finding includes context and rationale. We'll discuss any disputed findings on the walkthrough call. If a check doesn't apply to your architecture, we'll note that in the report.
Can you help us fix the issues?
The audit report includes prioritized remediation guidance. For hands-on support, ask about our workshop and advisory arrangements.
What's the difference between CodeArch and the CleanAim® Platform?
CodeArch is a point-in-time audit for engineering teams. The CleanAim® Platform is continuous AI governance infrastructure for compliance teams preparing for EU AI Act. Many CodeArch clients graduate to the full platform as their needs evolve.
Get your codebase audited.
Same-day results. 24 checks no other tool performs.
Request Audit Quote →Questions? hello@cleanaim.com