BrassCoders Paid is live: $12/dev/month for AI-powered noise reduction

BrassCoders Paid is now generally available. $12/dev/month adds AI-powered semantic dedup, cluster sizing, and rank-by-relevance against your project signature. The OSS core stays free forever.

Copper Sun Brass Team · · 4 min read
launchpaid-tierai-code-review

After eight months of building, BrassCoders Paid is now generally available. $12 per developer per month, on top of the free OSS core, gets you the AI-powered enrichment layer that turns 1500+ raw scanner findings into ~300 actionable ones.

What Changed

BrassCoders has always been two layers:

  1. Detection — 12 static-analysis scanners (Bandit, Pylint, Pyre/Pysa, Semgrep, ast-grep, detect-secrets, plus our own secret / privacy / AI-pattern detectors). This layer is open source and stays free forever.
  2. Filtering — the noise-reduction logic that takes the raw findings and surfaces only what merits a developer’s attention. The heuristic version is in the OSS core. The AI-powered version (semantic dedup, cluster sizing, ranking against your project signature) is the Paid feature.

Until now, only the heuristic filter shipped. As of today, paying customers get the full AI-powered pipeline.

Why This Matters

BrassCoders Paid exists because the AI-code-review noise problem has a measurable shape. If you have used Claude Code or Cursor to review a pull request, you have seen it: the AI emits 8 suggestions per file when one matters. The other 7 are speculative — consider using a Map instead of an object here, you might want to add error handling, this could be refactored. Real bugs and real secrets get buried in the noise.

BrassCoders solves that. The OSS core already drops findings into priority buckets and applies per-file caps. The Paid layer goes further:

  • Semantic dedup — two findings that describe the same underlying bug in different words get collapsed into one. Embeds findings via a hosted embedding model, clusters by cosine similarity, returns one survivor per cluster.
  • Cluster sizing — surviving findings carry a cluster_size field showing how many similar findings collapsed into them. A cluster_size: 47 on a SQL-injection finding tells you this isn’t a one-off — fix the pattern.
  • CRITICAL-exemption — critical-severity findings flagged as duplicates are reinstated. Embedding similarity has shown false-positive clustering of distinct ship-blocking bugs; we never let an AI pass swallow a critical.
  • Rerank against project signature — we build a project signature from your README + manifest + entrypoint + top-level filenames, then rerank findings by relevance to that signature. A SQL injection in a CLI tool ranks differently than the same finding in a web service.

The result: ~80% fewer findings to triage, no critical-severity bugs dropped, ranked by what actually applies to your codebase.

How the Economics Work

BrassCoders Paid runs on upstream-cost pass-through pricing. We pay our embedding + rerank provider for the API calls; you pay us at the same per-token rate, with no markup. The $12/month covers:

  • 50 million enrichment tokens per month (~30-50 scans of a real codebase)
  • Gateway hosting on Vercel
  • License key management via LemonSqueezy

If you blow through the monthly grant, top up at coppersun.dev/topup: $10 for an additional 50M tokens. Top-up tokens carry across billing periods (no use-it-or-lose-it). If our upstream provider raises their per-token price, our topup price tracks it.

We don’t resell your downstream AI assistant’s tokens. Your Claude Code / Cursor / Continue bill stays separate — we never see those API calls.

How to Subscribe

# 1. Install BrassCoders (or update to latest)
pipx install brasscoders  # current: 2.0.4

# 2. Subscribe at coppersun.dev/pricing — receipt email has your license key

# 3. Activate on your machine
brasscoders activate <your-license-key>

# 4. Scan as normal — enrichment happens automatically
brasscoders scan /path/to/your/project

You’ll see Enriched: 687 → 328 findings instead of the OSS-tier Filtered: 687 → 685 findings. Same scan, dramatically less noise.

What’s Next

BrassCoders Paid V1 is what is described above. The roadmap from here:

  • Advanced scanners pack (quarterly refresh): deeper SAST coverage via Semgrep ruleset integration, JS/TS taint analysis, enterprise-format secrets (Okta, ServiceNow, internal SSO tokens).
  • CI-focused integrations: smoother GitHub Actions / GitLab CI / Jenkins workflows for teams running BrassCoders on every PR.

If you have feedback or you’re hitting an edge case, email brass@coppersuncreative.com.

For the broader context on AI code review workflows, see AI Code Review: The Practical Guide for 2026.

Frequently Asked Questions

Is the OSS core still free?

Yes. Apache 2.0 licensed, free for personal and commercial use, no usage caps. The Paid plan is purely additive — every scanner in the OSS core stays free forever.

What does $12/dev/month actually get me?

AI-powered semantic dedup, cluster sizing, and rank-by-relevance against your project signature. A typical scan that emits 1500+ raw findings reduces to about 300 actionable ones. Plus 50 million enrichment tokens per month (covers 30-50 scans of a real codebase) and priority email support.

What happens if I run out of tokens mid-month?

Top up at coppersun.dev/topup — $10 for 50M tokens, billed at our upstream API cost with no markup. Top-up tokens carry across billing periods. If you'd rather wait until your monthly cap resets, the CLI falls back to heuristic-only filtering for that scan.

Can I cancel any time?

Yes. Subscriptions are managed through LemonSqueezy's hosted billing portal — run `brasscoders portal` from any machine with an active license to reach it. Cancellations take effect at the end of the current billing period; the CLI keeps working through then.