skip to content
fizzgig
sign in
// product
code auditdetect what shippedbrand and reachsoonlift qualityperfect memorysoondecision graph
// build better
sourdough startersproject kicks-off in 1 prompt
// resources
pricingdocsblogabout
sign inrequest access →
audit suite/compliance/cookie_monster
newcompliancev0.2.1pro · $0.002/call

fizzgig__cookie_monster

checks cookie consent — banner presence, parity, withdrawal, pre-consent script firing.

// ai does this over time

the cookie banner ships, but google tag manager fires in the layout before anyone clicks accept. or 'reject all' takes 5 clicks while 'accept all' takes 1. either way you've technically complied and practically ignored the rule.

// the tool does

7 regulator-aligned checks: CMP detection, reject-button parity (is 'reject all' as easy as 'accept all'), granular consent toggles, withdrawal mechanism, cookie max-age compliance, pre-consent script firing detection (tag-manager scripts hard-coded into layout that fire before the CMP loads), marketing tracker disclosure.

// so you can

the banner exists AND it actually does what it claims to do. catches the 'we shipped a banner but the analytics still fire' bug.

● new● v0.2.1● pro
// input schema
schema · application/json
{
"type": "object"
"required": [
"project"
]
"properties": {
"project": {
"type": "string"
"description": "the project slug or path"
}
"strict": {
"type": "boolean"
"default": false
"description": "fail on warnings, not just errors"
}
}
}
// output schema
schema · application/json
{
"type": "object"
"properties": {
"ok": {
"type": "boolean"
}
"findings": {
"type": "array"
"items": {
"type": "object"
"properties": {
"severity": {
"enum": [
"info"
"warn"
"high"
"critical"
]
}
"message": {
"type": "string"
}
"fix": {
"type": "string"
}
}
}
}
}
}
// example call from cursor
~/myapp — example output
→ fizzgig__cookie_monster(project="myapp")
{
"ok": false,
"findings": [
{ "severity": "high",
"message": "policy uses user_id without auth.uid()",
"fix": "USING (auth.uid() = user_id)" }
],
"scanned": 3, "duration_ms": 142
}
// reviews
@maya.codes★★★★★
2 days ago

caught a policy that would have leaked every user's comments. shipped a fix in 4 minutes.

@solo_at_3am★★★★★
1 week ago

first tool i installed. it's the one that pays for itself.

@vibebuilder★★★★☆
2 weeks ago

works great. one false positive on a join table — easy to ignore.

// primary action
add to your editor
paste this into your mcp config.
.cursor/mcp.json
{
  "fizzgig": {
    "url": "https://mcp.fizzgig.ai",
    "tools": ["cookie_monster"]
  }
}
full setup guide →
// pricing
$0.002 / call
included free in pro plan.
// related tools
gdpr_checker
v0.2.0
→
regulatory_compliance
v0.3.0
→
data_licence_review
v0.3.0
→
fizzgig

the fluffy guardian of vibe-coded apps. growls at insecure code so you don't have to.

all systems operational

product

code auditbrand and reach (soon)perfect memory (soon)pricingdocschangelog

community

sourdough startersdiscord (soon)github (soon)x / twitter (soon)rss (soon)

company

aboutcontactterms (soon)privacy
© 2026 fizzgig labs.
v1.4.2 · 2026-05-01