Scope clarification: this is a done-for-you expert service, separate from software subscriptions.
Software plans cover self-serve BATEN CODE, BATEN CORRECT, and D7_SEAL workflows.
Commissioned Audit is for organizations that require an externally delivered report signed by the root authority.
You send us your codebase. We scan it, analyze the results, and deliver a
professional signed audit report within 5 business days.
Your code never leaves your environment — the engine runs locally on your infrastructure
under NDA. We receive only the audit output, not the source.
Designed for: software publishers going to market · teams preparing a due diligence ·
institutions with compliance obligations · CTOs who need an independent third-party assessment.
📋
Full Audit Report
Complete BICS analysis. Score breakdown by file and severity. Top violations with file + line references. PDF + Markdown.
◈
D7_SEAL Certificate
Cryptographic seal on the audit result. SHA-256 signed, timestamped, publicly verifiable. Archivable for legal or contractual use.
📝
Executive Summary
2-page non-technical summary for management, investors, or clients. Risk level. Priority remediation roadmap.
🔒
NDA + Confidentiality
Full NDA signed before engagement. Your source code never transmitted. Results remain strictly confidential.
Delivered by: Mohammed Hounaïne EL Hamiani · author of the BICS standard · Root Authority · account ROOT-00001.
Not an automated output. Not a certified reseller. The creator of the standard, personally.
Pricing grid — €500 up to 500 files · €1 000 up to 2 000 files · €2 000 up to 10 000 files · above: quote on request.
Delivery in 5 business days. Express 48h available (+50%).
First audit: introductory rate —
contact@batencore.com
Delegated Authority · By appointment only
The BATEN Certification Hierarchy
BATEN Technologies acts as the root certifying authority of the BICS standard.
Every account — SOFTWARE, EXPERT, or ACCREDITED AUDITOR — carries a unique ID
issued and controlled by BATEN. Permissions, scope, and validity
are assigned at the root level.
A notary is not a reseller of the State. They are appointed by it,
operate under its authority, and their acts engage their personal responsibility
within that framework. This is the exact model BATEN applies to code certification.
ROOT
BATEN Technologies · Mohammed Hounaïne EL Hamiani
Author of the BICS standard. Root certifying authority.
Issues all account IDs. Controls all permissions.
Every seal in the ecosystem traces back to this signature.
SW-xxxxx
SOFTWARE Account
Runs audits locally. Purchases D7_SEALs issued by BATEN.
Cannot issue seals or sign reports on behalf of third parties.
EX-xxxxx
Certified Expert
Appointed by BATEN. Delivers commissioned audit reports under the BICS standard.
Reports carry the expert's personal signature
countersigned at root level by BATEN.
Scope (languages, sectors) defined per appointment.
AU-xxxxx
Accredited Auditor
Full delegated authority. Issues D7_SEALs autonomously under their own name,
anchored in the BATEN PKI chain.
Operates independently — serves their own clients, sets their own rates.
Each seal carries a root-level traceability back to BATEN.
A per-seal royalty applies to the root authority.
Certified Expert (EX) — For independent consultants and audit firms who want to deliver BICS-certified reports to their clients.
Accredited Auditor (AU) — For established organizations seeking full delegated authority to issue D7_SEALs autonomously.
Both levels are granted
by appointment only.
Applications reviewed individually —
contact@batencore.com
Does Commissioned Audit contradict software plans?
No. Software plans are self-serve workflows (your team runs BATEN CODE/CORRECT and issues seals).
Commissioned Audit is a separate expert engagement: BATEN delivers an external signed assessment
for due diligence, institutional procurement, or investor-facing documentation.
Why is the scan free with no file limit?
The engine runs locally on your machine. Our marginal cost per scan is zero.
Limiting the scan would only create friction without saving us anything.
The scan is the product that demonstrates value — the seal is what has legal and institutional weight.
You pay for the seal, not the diagnosis.
What exactly is the D7_SEAL?
A cryptographic certificate generated server-side by our infrastructure.
It contains: the SHA-256 hash of the scanned codebase, the audit score, the timestamp, and our signature.
It is publicly verifiable — anyone can confirm a seal is authentic without trusting us blindly.
It is the difference between a private measurement and an archivable, opposable act.
Is the commissioned audit confidential?
Completely. We sign an NDA before any engagement. The engine runs on your infrastructure —
your source code is never transmitted to us. We receive only the audit output (the report).
We will never publish or reference your audit without explicit written consent.
Can I use the audit report for a client or investor?
Yes. The report is signed with a D7_SEAL and includes an executive summary specifically designed
for non-technical stakeholders. The seal is verifiable by any third party.
Several clients use it as part of due diligence packages.
Which languages are supported?
Currently: Rust, C, C++, Python.
Coming: Go, TypeScript, Java, Swift.
The gallery audits (Redis, Linux, OpenSSL, Git…) were all run on supported languages.
Is this a competitor to Sonar or Semgrep?
No. BATEN CODE is not a traditional linter and does not rely on probabilistic AI generation.
It applies 8 structural invariants (BICS) and produces a deterministic integrity score —
reproducible, signable, archivable. BATEN CORRECT then applies deterministic patch logic
aligned with those invariants. The value is in the combination: diagnosis, deterministic remediation,
and cryptographic certification.
The core principle
A doctor diagnoses for free.
The signed medical certificate — opposable, archivable, legally binding — is what you pay for.