# Small AI/dev automation audit — one-page example

This is a fictional, client-safe example. It shows the shape of the work before anyone shares private repositories, customer data, secrets or vulnerability details.

## Scenario

A small software team wants to reduce repeated PR review and documentation cleanup work. They use GitHub and private repositories, but they do not want bots posting comments, sending client emails or changing production systems.

## What I check

- One workflow, usually PR review, documentation updates, QA checks or support drafts.
- What data the workflow touches.
- Which tools and accounts are involved.
- Where human approval is required.
- Whether a small private quick win is safe enough for a two-week test.

## Example finding

A private PR/docs review report is a good first quick win. It can summarize changed files, likely docs impact, test/check reminders and risk notes. A human reviews the report before any push, pull request, comment, email or client message.

## Good fit

- Repeated PR or documentation review work.
- Private QA checks before a public release.
- Tool choice between local, EU-hosted and vendor AI.
- Internal drafts where a human approves the final output.

## Not a fit

- Unreviewed bots acting on customer data.
- Automatic production changes.
- Public security findings or vulnerability comments.
- Legal/GDPR guarantees or hard ROI promises.

## Typical deliverables

- Two to four page audit report.
- Workflow map and data/risk classification.
- Ranked quick wins.
- One private quick win if the scope is safe.
- Handover notes and clear boundaries.

## First message

If you contact me, please describe the workflow only. Do not include secrets, credentials, customer data, private repository contents or vulnerability details in the first message.

Contact: ac@it-expert.io