diff --git a/client/src/App.tsx b/client/src/App.tsx
index 753cf33..530b22a 100644
--- a/client/src/App.tsx
+++ b/client/src/App.tsx
@@ -22,9 +22,11 @@ import AuthPage from "@/pages/auth-page";
 import DemoAiFixPage from "@/pages/demo-ai-fix";
 import AuditPage from "@/pages/audit";
 import PricingPage from "@/pages/pricing";
+import FreeAuditRequest from "@/pages/free-audit-request";
 import AdminOverview from "@/pages/admin/overview";
 import AdminUsers from "@/pages/admin/users";
 import AdminOrders from "@/pages/admin/orders";
+import AdminFreeAuditQueue from "@/pages/admin/free-audit-queue";
 import AdminRequests from "@/pages/admin/requests";
 import AdminSystem from "@/pages/admin/system";
 import AdminAuditLog from "@/pages/admin/audit-log";
@@ -63,11 +65,13 @@ function App() {
             <Route path="/privacy" component={withLayout(Privacy)} />
             <Route path="/demo-ai-fix" component={withLayout(DemoAiFixPage)} />
             <Route path="/pricing" component={withLayout(PricingPage)} />
+            <Route path="/free-audit-request" component={withLayout(FreeAuditRequest)} />
             
             {/* Admin Routes with Sidebar */}
             <AdminProtectedRoute path="/admin/overview" component={withLayout(AdminOverview)} />
             <AdminProtectedRoute path="/admin/users" component={withLayout(AdminUsers)} />
             <AdminProtectedRoute path="/admin/orders" component={withLayout(AdminOrders)} />
+            <AdminProtectedRoute path="/admin/free-audit-queue" component={withLayout(AdminFreeAuditQueue)} />
             <AdminProtectedRoute path="/admin/requests" component={withLayout(AdminRequests)} />
             <AdminProtectedRoute path="/admin/system" component={withLayout(AdminSystem)} />
             <AdminProtectedRoute path="/admin/audit-log" component={withLayout(AdminAuditLog)} />
diff --git a/client/src/pages/admin/free-audit-queue.tsx b/client/src/pages/admin/free-audit-queue.tsx
new file mode 100644
index 0000000..e3456a8
--- /dev/null
+++ b/client/src/pages/admin/free-audit-queue.tsx
@@ -0,0 +1,204 @@
+import { useQuery, useMutation, useQueryClient } from "@tanstack/react-query";
+import { Loader2, CheckCircle2, XCircle, Search } from "lucide-react";
+import { format } from "date-fns";
+import {
+  Table,
+  TableBody,
+  TableCell,
+  TableHead,
+  TableHeader,
+  TableRow,
+} from "@/components/ui/table";
+import { Button } from "@/components/ui/button";
+import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "@/components/ui/card";
+import { Badge } from "@/components/ui/badge";
+import { useToast } from "@/hooks/use-toast";
+
+type FreeAuditRequest = {
+  id: string;
+  repoUrl: string;
+  contactName: string;
+  contactEmail: string;
+  motivationText: string;
+  status: string;
+  submittedAt: string;
+};
+
+type FreeAuditsResponse = {
+  requests: FreeAuditRequest[];
+  todayCost: number;
+};
+
+export default function AdminFreeAuditQueue() {
+  const { toast } = useToast();
+  const queryClient = useQueryClient();
+
+  const { data, isLoading } = useQuery<FreeAuditsResponse>({
+    queryKey: ["/api/admin/free-audits"],
+  });
+
+  const approveMutation = useMutation({
+    mutationFn: async (id: string) => {
+      const res = await fetch(`/api/admin/free-audits/${id}/approve`, {
+        method: "POST",
+      });
+      if (!res.ok) {
+        const errorData = await res.json();
+        throw new Error(errorData.error || "Failed to approve request");
+      }
+      return res.json();
+    },
+    onSuccess: () => {
+      toast({ title: "Audit Approved", description: "The audit has been started and marked as comped." });
+      queryClient.invalidateQueries({ queryKey: ["/api/admin/free-audits"] });
+    },
+    onError: (error) => {
+      toast({ title: "Error", description: error.message, variant: "destructive" });
+    },
+  });
+
+  const rejectMutation = useMutation({
+    mutationFn: async (id: string) => {
+      const res = await fetch(`/api/admin/free-audits/${id}/reject`, {
+        method: "POST",
+      });
+      if (!res.ok) {
+        const errorData = await res.json();
+        throw new Error(errorData.error || "Failed to reject request");
+      }
+      return res.json();
+    },
+    onSuccess: () => {
+      toast({ title: "Request Rejected" });
+      queryClient.invalidateQueries({ queryKey: ["/api/admin/free-audits"] });
+    },
+    onError: (error) => {
+      toast({ title: "Error", description: error.message, variant: "destructive" });
+    },
+  });
+
+  if (isLoading) {
+    return (
+      <div className="flex h-[50vh] w-full items-center justify-center">
+        <Loader2 className="h-8 w-8 animate-spin text-primary" />
+      </div>
+    );
+  }
+
+  const requests = data?.requests || [];
+  const todayCost = data?.todayCost || 0;
+  const isCeilingReached = todayCost >= 100;
+
+  return (
+    <div className="space-y-6">
+      <div className="flex flex-col sm:flex-row sm:items-center sm:justify-between gap-4">
+        <div>
+          <h2 className="text-3xl font-bold tracking-tight">Free Audit Queue</h2>
+          <p className="text-muted-foreground">
+            Review and approve requests submitted via the public free audit offer.
+          </p>
+        </div>
+        <div className="text-right">
+          <Badge variant={isCeilingReached ? "destructive" : "secondary"} className="text-base px-3 py-1">
+            Today's API Cost: ${todayCost.toFixed(2)} / $100.00
+          </Badge>
+        </div>
+      </div>
+
+      {isCeilingReached && (
+        <div className="bg-destructive/10 border border-destructive/20 text-destructive rounded-md p-4 flex items-start gap-3 text-left">
+          <XCircle className="w-5 h-5 shrink-0 mt-0.5" />
+          <p className="text-sm">
+            <strong>Daily cost ceiling reached.</strong> You cannot approve new free audits until tomorrow or unless the limit is increased.
+          </p>
+        </div>
+      )}
+
+      <Card>
+        <CardHeader>
+          <CardTitle>Pending Requests</CardTitle>
+          <CardDescription>
+            {requests.length === 0 ? "No pending requests at the moment." : `Found ${requests.length} pending request(s).`}
+          </CardDescription>
+        </CardHeader>
+        <CardContent>
+          <div className="rounded-md border">
+            <Table>
+              <TableHeader>
+                <TableRow>
+                  <TableHead>Submitted</TableHead>
+                  <TableHead>Repository</TableHead>
+                  <TableHead>Contact</TableHead>
+                  <TableHead className="max-w-[300px]">Motivation</TableHead>
+                  <TableHead className="text-right">Actions</TableHead>
+                </TableRow>
+              </TableHeader>
+              <TableBody>
+                {requests.map((req) => (
+                  <TableRow key={req.id}>
+                    <TableCell className="whitespace-nowrap">
+                      {format(new Date(req.submittedAt), "MMM d, yyyy")}
+                    </TableCell>
+                    <TableCell className="font-mono text-sm max-w-[200px] truncate" title={req.repoUrl}>
+                      <a href={req.repoUrl} target="_blank" rel="noreferrer" className="text-primary hover:underline">
+                        {req.repoUrl.replace(/^https?:\/\/(www\.)?github\.com\//, "")}
+                      </a>
+                    </TableCell>
+                    <TableCell>
+                      <div className="text-sm font-medium">{req.contactName}</div>
+                      <div className="text-xs text-muted-foreground">{req.contactEmail}</div>
+                    </TableCell>
+                    <TableCell className="max-w-[300px]">
+                      <p className="text-sm truncate" title={req.motivationText}>
+                        {req.motivationText}
+                      </p>
+                    </TableCell>
+                    <TableCell className="text-right whitespace-nowrap">
+                      <div className="flex justify-end gap-2">
+                        <Button 
+                          size="sm" 
+                          variant="outline" 
+                          className="text-green-600 hover:text-green-700 hover:bg-green-50"
+                          onClick={() => approveMutation.mutate(req.id)}
+                          disabled={approveMutation.isPending || rejectMutation.isPending || isCeilingReached}
+                        >
+                          {approveMutation.isPending && approveMutation.variables === req.id ? (
+                            <Loader2 className="mr-1 h-3 w-3 animate-spin" />
+                          ) : (
+                            <CheckCircle2 className="mr-1 h-3 w-3" />
+                          )}
+                          Approve
+                        </Button>
+                        <Button 
+                          size="sm" 
+                          variant="outline"
+                          className="text-destructive hover:text-destructive hover:bg-destructive/10"
+                          onClick={() => rejectMutation.mutate(req.id)}
+                          disabled={approveMutation.isPending || rejectMutation.isPending}
+                        >
+                          {rejectMutation.isPending && rejectMutation.variables === req.id ? (
+                            <Loader2 className="mr-1 h-3 w-3 animate-spin" />
+                          ) : (
+                            <XCircle className="mr-1 h-3 w-3" />
+                          )}
+                          Reject
+                        </Button>
+                      </div>
+                    </TableCell>
+                  </TableRow>
+                ))}
+                {requests.length === 0 && (
+                  <TableRow>
+                    <TableCell colSpan={5} className="h-24 text-center text-muted-foreground">
+                      No pending requests found.
+                    </TableCell>
+                  </TableRow>
+                )}
+              </TableBody>
+            </Table>
+          </div>
+        </CardContent>
+      </Card>
+    </div>
+  );
+}
diff --git a/client/src/pages/free-audit-request.tsx b/client/src/pages/free-audit-request.tsx
new file mode 100644
index 0000000..8b8cfb4
--- /dev/null
+++ b/client/src/pages/free-audit-request.tsx
@@ -0,0 +1,251 @@
+import { useState } from "react";
+import { useQuery, useMutation } from "@tanstack/react-query";
+import { useLocation } from "wouter";
+import { z } from "zod";
+import { useForm } from "react-hook-form";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { Loader2, CheckCircle2, ShieldAlert } from "lucide-react";
+import { Button } from "@/components/ui/button";
+import { Input } from "@/components/ui/input";
+import { Textarea } from "@/components/ui/textarea";
+import { Card, CardContent, CardDescription, CardHeader, CardTitle, CardFooter } from "@/components/ui/card";
+import { Form, FormControl, FormDescription, FormField, FormItem, FormLabel, FormMessage } from "@/components/ui/form";
+import { Checkbox } from "@/components/ui/checkbox";
+import { useToast } from "@/hooks/use-toast";
+
+const requestSchema = z.object({
+  repoUrl: z.string().min(1, "Repository URL is required").url("Must be a valid URL"),
+  contactName: z.string().min(1, "Name is required"),
+  contactEmail: z.string().email("Invalid email address"),
+  motivationText: z.string().min(10, "Please provide a bit more detail (min 10 chars)"),
+  confirmAccess: z.literal(true, {
+    errorMap: () => ({ message: "You must confirm you have the right to grant access" }),
+  }),
+});
+
+type PromoOfferData = {
+  active: boolean;
+  pendingCount?: number;
+  offer?: {
+    id: string;
+    name: string;
+    description: string;
+    startsAt: string;
+    endsAt: string;
+  };
+};
+
+export default function FreeAuditRequest() {
+  const [, setLocation] = useLocation();
+  const { toast } = useToast();
+  const [submitted, setSubmitted] = useState(false);
+
+  const { data: offerData, isLoading } = useQuery<PromoOfferData>({
+    queryKey: ["/api/public/promo-offer"],
+  });
+
+  const form = useForm<z.infer<typeof requestSchema>>({
+    resolver: zodResolver(requestSchema),
+    defaultValues: {
+      repoUrl: "",
+      contactName: "",
+      contactEmail: "",
+      motivationText: "",
+    },
+  });
+
+  const mutation = useMutation({
+    mutationFn: async (values: z.infer<typeof requestSchema>) => {
+      const res = await fetch("/api/public/free-audit-request", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(values),
+      });
+      if (!res.ok) {
+        const data = await res.json();
+        throw new Error(data.error || "Failed to submit request");
+      }
+      return res.json();
+    },
+    onSuccess: () => {
+      setSubmitted(true);
+    },
+    onError: (error) => {
+      toast({
+        title: "Submission failed",
+        description: error.message,
+        variant: "destructive",
+      });
+    },
+  });
+
+  function onSubmit(values: z.infer<typeof requestSchema>) {
+    mutation.mutate(values);
+  }
+
+  if (isLoading) {
+    return (
+      <div className="flex h-screen w-full items-center justify-center">
+        <Loader2 className="h-8 w-8 animate-spin text-primary" />
+      </div>
+    );
+  }
+
+  if (!offerData?.active) {
+    return (
+      <div className="container mx-auto px-4 py-16 max-w-2xl text-center space-y-8">
+        <ShieldAlert className="w-16 h-16 text-muted-foreground mx-auto" />
+        <h1 className="text-4xl font-extrabold tracking-tight lg:text-5xl">
+          This week's free audit offer has ended
+        </h1>
+        <p className="text-xl text-muted-foreground">
+          Thank you for your interest! We're currently processing the batch of requests we received.
+        </p>
+        <Button size="lg" onClick={() => setLocation("/pricing")}>
+          View our Pricing Page instead
+        </Button>
+      </div>
+    );
+  }
+
+  if (submitted) {
+    return (
+      <div className="container mx-auto px-4 py-16 max-w-2xl text-center space-y-8">
+        <CheckCircle2 className="w-16 h-16 text-green-500 mx-auto" />
+        <h1 className="text-4xl font-extrabold tracking-tight lg:text-4xl">
+          Request Received
+        </h1>
+        <p className="text-xl text-muted-foreground">
+          Thanks — I'm reviewing these personally this week and will email you directly.
+        </p>
+      </div>
+    );
+  }
+
+  return (
+    <div className="container mx-auto px-4 py-16 max-w-2xl">
+      <div className="text-center space-y-4 mb-10">
+        <h1 className="text-4xl font-extrabold tracking-tight lg:text-5xl">
+          {offerData?.offer?.name === "linkedin-launch-week" 
+            ? "Free CodeGuard Audit" 
+            : "Free CodeGuard Audit"}
+        </h1>
+        <p className="text-lg text-muted-foreground">
+          {offerData?.offer?.description || "Drop your repo, and I'll run an Audit Mode pass on it personally."}
+        </p>
+      </div>
+
+      {(offerData?.pendingCount ?? 0) > 50 && (
+        <div className="bg-amber-50 border border-amber-200 text-amber-800 rounded-md p-4 mb-6 flex items-start gap-3 text-left">
+          <ShieldAlert className="w-5 h-5 shrink-0 mt-0.5 text-amber-600" />
+          <p className="text-sm">
+            <strong>High volume:</strong> Due to the number of requests, new submissions may not be reviewed before the offer ends.
+          </p>
+        </div>
+      )}
+
+      <Card>
+        <CardHeader>
+          <CardTitle>Submit your repository</CardTitle>
+          <CardDescription>
+            No credit card required. I review every submission personally to ensure we can provide value.
+          </CardDescription>
+        </CardHeader>
+        <CardContent>
+          <Form {...form}>
+            <form onSubmit={form.handleSubmit(onSubmit)} className="space-y-6">
+              <FormField
+                control={form.control}
+                name="repoUrl"
+                render={({ field }) => (
+                  <FormItem>
+                    <FormLabel>Repository URL</FormLabel>
+                    <FormControl>
+                      <Input placeholder="https://github.com/owner/repo" {...field} />
+                    </FormControl>
+                    <FormDescription>
+                      Must be a public repository. If private, please include instructions to grant read access in the motivation field below.
+                    </FormDescription>
+                    <FormMessage />
+                  </FormItem>
+                )}
+              />
+
+              <div className="grid md:grid-cols-2 gap-6">
+                <FormField
+                  control={form.control}
+                  name="contactName"
+                  render={({ field }) => (
+                    <FormItem>
+                      <FormLabel>Your Name</FormLabel>
+                      <FormControl>
+                        <Input placeholder="Jane Doe" {...field} />
+                      </FormControl>
+                      <FormMessage />
+                    </FormItem>
+                  )}
+                />
+                <FormField
+                  control={form.control}
+                  name="contactEmail"
+                  render={({ field }) => (
+                    <FormItem>
+                      <FormLabel>Email Address</FormLabel>
+                      <FormControl>
+                        <Input type="email" placeholder="jane@example.com" {...field} />
+                      </FormControl>
+                      <FormMessage />
+                    </FormItem>
+                  )}
+                />
+              </div>
+
+              <FormField
+                control={form.control}
+                name="motivationText"
+                render={({ field }) => (
+                  <FormItem>
+                    <FormLabel>What are you hoping to learn from the report?</FormLabel>
+                    <FormControl>
+                      <Textarea 
+                        placeholder="e.g. Preparing for SOC2 compliance, looking for critical security blind spots..." 
+                        className="min-h-[100px]"
+                        {...field} 
+                      />
+                    </FormControl>
+                    <FormMessage />
+                  </FormItem>
+                )}
+              />
+
+              <FormField
+                control={form.control}
+                name="confirmAccess"
+                render={({ field }) => (
+                  <FormItem className="flex flex-row items-start space-x-3 space-y-0 rounded-md border p-4">
+                    <FormControl>
+                      <Checkbox
+                        checked={field.value}
+                        onCheckedChange={field.onChange}
+                      />
+                    </FormControl>
+                    <div className="space-y-1 leading-none">
+                      <FormLabel>
+                        I confirm I have the right to grant access to this repository for security auditing purposes.
+                      </FormLabel>
+                    </div>
+                  </FormItem>
+                )}
+              />
+
+              <Button type="submit" className="w-full" disabled={mutation.isPending}>
+                {mutation.isPending && <Loader2 className="mr-2 h-4 w-4 animate-spin" />}
+                Submit Request
+              </Button>
+            </form>
+          </Form>
+        </CardContent>
+      </Card>
+    </div>
+  );
+}
diff --git a/docs/FREE_OFFER_MECHANISM.md b/docs/FREE_OFFER_MECHANISM.md
new file mode 100644
index 0000000..c780e35
--- /dev/null
+++ b/docs/FREE_OFFER_MECHANISM.md
@@ -0,0 +1,45 @@
+# CodeGuard Free Offer Mechanism
+
+This document describes the architectural implementation of the public "Free Audit" offer, a temporary promotion that provides a full CodeGuard Audit Mode pass (typically gated behind a $1,500+ paywall) for free.
+
+## Why Admin-Mediated?
+
+The public offer was designed intentionally as an **admin-mediated** process rather than a fully self-serve free tier. This fulfills three goals:
+1. **Quality Control & Engagement:** A core promise of the offer is that the founder personally reviews the request. It's a high-touch sales and onboarding motion disguised as a free trial.
+2. **Abuse Prevention:** A self-serve $1,500 coupon would be immediately scraped by bots, costing thousands of dollars in API usage before it could be shut down.
+3. **No Auth Friction:** Prospective users do not need to create an account, install a GitHub app, or add a credit card to request the audit. The admin handles the orchestration.
+
+## How the Flow Works
+
+1. **Intake (`client/src/pages/free-audit-request.tsx`)**
+   - The public visits the intake page. If the current `promo_offers` row for this campaign has an `ends_at` date in the future, the form is shown.
+   - Submissions are recorded in the `free_audit_requests` table with a `pending` status.
+   
+2. **Admin Queue (`client/src/pages/admin/free-audit-queue.tsx`)**
+   - An admin logs in and navigates to the "Free Audit Queue".
+   - The admin reviews the repository URL and the submitter's motivation text.
+   - The admin clicks "Approve" (or "Reject").
+
+3. **Orchestration (`server/routes/admin.ts`)**
+   - Upon "Approve", the backend performs several actions:
+     - Updates the `free_audit_requests` status to `approved`.
+     - Creates a standard `audits` record attributed to the Admin's `userId`.
+     - Creates an `audit_orders` record with `status: "comped"`. This ensures the finance and billing layer ignores this audit when reconciling payments, bypassing the paywall.
+     - Kicks off the standard `runAuditAsync` function just as a paid order would.
+     - Logs the action in `adminActionLog`.
+
+## Cost Ceilings and Safety
+
+Because CodeGuard's backend utilizes LLMs that incur real-world costs per token, a sudden viral spike could theoretically bankrupt the system if an admin rapidly approved requests.
+
+To mitigate this, two safety limits are enforced:
+1. **Public Volume Warning:** If there are more than 50 `pending` requests in the queue, the public intake form automatically displays a "High volume" warning, setting expectations that new requests might not be fulfilled.
+2. **Hard Cost Ceiling:** The admin dashboard calculates the total API spend for the current day across the entire platform (by summing `cost_usd` in `api_usage_log`). If this sum exceeds **$100**, the "Approve" button is disabled and the backend strictly rejects further approvals. This guarantees the platform cannot lose more than $100 per day on free audits.
+
+## Managing the Offer Window
+
+The offer window is controlled purely via the database `promo_offers` table.
+- **To End Early:** Set the `ends_at` timestamp to a past date. The frontend will immediately fall back to the standard pricing page link.
+- **To Restart/Extend:** Update the `ends_at` timestamp to a future date.
+
+*Note: No code changes are required to turn the offer on or off.*
diff --git a/scripts/seed-promo.ts b/scripts/seed-promo.ts
new file mode 100644
index 0000000..1c26028
--- /dev/null
+++ b/scripts/seed-promo.ts
@@ -0,0 +1,26 @@
+import { db } from "../server/db.js";
+import { promoOffers } from "../shared/schema.js";
+
+async function seed() {
+  console.log("Seeding initial promo offer...");
+  
+  const now = new Date();
+  const endsAt = new Date(now.getTime() + 7 * 24 * 60 * 60 * 1000); // 7 days from now
+
+  await db.insert(promoOffers).values({
+    name: "linkedin-launch-week",
+    description: "Drop your repo, and I'll run an Audit Mode pass on it personally, free of charge this week.",
+    startsAt: now,
+    endsAt: endsAt,
+    status: "active",
+    grantsUsed: 0
+  });
+
+  console.log("Successfully seeded linkedin-launch-week promo offer.");
+  process.exit(0);
+}
+
+seed().catch((err) => {
+  console.error("Failed to seed promo offer:", err);
+  process.exit(1);
+});
diff --git a/server/routes.ts b/server/routes.ts
index 23fc72d..c95953a 100644
--- a/server/routes.ts
+++ b/server/routes.ts
@@ -146,6 +146,58 @@ export async function registerRoutes(
   app.use("/api/admin", adminRouter);
   app.use("/api/ai", aiStatusRouter);
 
+  // ============= PUBLIC PROMO OFFERS =============
+  app.get("/api/public/promo-offer", async (req, res) => {
+    try {
+      const offer = await storage.getActivePromoOffer();
+      if (!offer) {
+        return res.json({ active: false });
+      }
+      const pendingRequests = await storage.getPendingFreeAuditRequests();
+      res.json({
+        active: true,
+        pendingCount: pendingRequests.length,
+        offer: {
+          id: offer.id,
+          name: offer.name,
+          description: offer.description,
+          startsAt: offer.startsAt,
+          endsAt: offer.endsAt,
+        }
+      });
+    } catch (error: any) {
+      console.error("[API] Error fetching promo offer:", error);
+      res.status(500).json({ error: "Failed to fetch promo offer" });
+    }
+  });
+
+  app.post("/api/public/free-audit-request", async (req, res) => {
+    try {
+      const offer = await storage.getActivePromoOffer();
+      if (!offer) {
+        return res.status(400).json({ error: "No active free audit offer at this time." });
+      }
+
+      const { repoUrl, contactName, contactEmail, motivationText } = req.body;
+      if (!repoUrl || !contactName || !contactEmail || !motivationText) {
+        return res.status(400).json({ error: "Missing required fields." });
+      }
+
+      const newRequest = await storage.createFreeAuditRequest({
+        promoOfferId: offer.id,
+        repoUrl,
+        contactName,
+        contactEmail,
+        motivationText
+      });
+
+      res.status(201).json(newRequest);
+    } catch (error: any) {
+      console.error("[API] Error submitting free audit request:", error);
+      res.status(500).json({ error: "Failed to submit request" });
+    }
+  });
+
   // ============= REPOSITORIES =============
 
   // Update user preferences
diff --git a/server/routes/admin.ts b/server/routes/admin.ts
index 4039999..7be3a2e 100644
--- a/server/routes/admin.ts
+++ b/server/routes/admin.ts
@@ -2,6 +2,8 @@ import { Router } from "express";
 import { db } from "../db.js";
 import { users, audits, requestLogs, apiUsageLog, adminActionLog, auditOrders } from "../../shared/schema.js";
 import { desc, sql, eq } from "drizzle-orm";
+import { storage } from "../storage.js";
+import { runAuditAsync } from "./audits.js";
 
 const router = Router();
 
@@ -27,6 +29,95 @@ async function logAdminAction(adminUserId: string, actionType: string, targetId:
   });
 }
 
+router.get("/free-audits", async (req, res) => {
+  try {
+    const requests = await storage.getPendingFreeAuditRequests();
+    
+    // Calculate today's API cost
+    const today = new Date();
+    today.setHours(0, 0, 0, 0);
+    const [{ totalCost }] = await db
+      .select({ totalCost: sql<number>`sum(CAST(cost_usd AS float))` })
+      .from(apiUsageLog)
+      .where(sql`${apiUsageLog.createdAt} >= ${today}`);
+      
+    res.json({
+      requests,
+      todayCost: Number(totalCost || 0)
+    });
+  } catch (error: any) {
+    res.status(500).json({ error: error.message });
+  }
+});
+
+router.post("/free-audits/:id/approve", async (req, res) => {
+  try {
+    const adminId = req.user!.id;
+    const request = await storage.getFreeAuditRequest(req.params.id);
+    if (!request) return res.status(404).json({ error: "Request not found" });
+    if (request.status !== "pending") return res.status(400).json({ error: "Request is not pending" });
+
+    // Enforce Cost Ceiling
+    const today = new Date();
+    today.setHours(0, 0, 0, 0);
+    const [{ totalCost }] = await db
+      .select({ totalCost: sql<number>`sum(CAST(cost_usd AS float))` })
+      .from(apiUsageLog)
+      .where(sql`${apiUsageLog.createdAt} >= ${today}`);
+      
+    if (Number(totalCost || 0) >= 100) {
+      return res.status(403).json({ error: "Daily cost ceiling ($100) reached. Cannot approve new free audits until tomorrow." });
+    }
+
+    // Create Audit
+    const audit = await storage.createAudit({
+      repositoryUrl: request.repoUrl,
+      branch: "main",
+      framework: "asvs-5.0",
+      status: "pending",
+      userId: adminId, // Attributed to admin
+    });
+
+    // Create Audit Order marked as 'comped'
+    await storage.createAuditOrder({
+      auditId: audit.id,
+      userId: adminId,
+      tierId: "medium", // Standard free audit tier
+      priceUsd: 0,
+      status: "comped",
+    });
+
+    // Update free audit request status
+    await storage.updateFreeAuditRequestStatus(request.id, "approved", adminId, audit.id);
+
+    res.json({ success: true, message: "Audit approved and started" });
+
+    // Kick off async
+    runAuditAsync(audit.id, request.repoUrl, "main", adminId).catch(console.error);
+
+    await logAdminAction(adminId, "approve_free_audit", request.id);
+  } catch (error: any) {
+    console.error("[Admin] Error approving free audit:", error);
+    res.status(500).json({ error: "Failed to approve audit request" });
+  }
+});
+
+router.post("/free-audits/:id/reject", async (req, res) => {
+  try {
+    const adminId = req.user!.id;
+    const request = await storage.getFreeAuditRequest(req.params.id);
+    if (!request) return res.status(404).json({ error: "Request not found" });
+    if (request.status !== "pending") return res.status(400).json({ error: "Request is not pending" });
+
+    await storage.updateFreeAuditRequestStatus(request.id, "rejected", adminId);
+    
+    res.json({ success: true, message: "Request rejected" });
+    await logAdminAction(adminId, "reject_free_audit", request.id);
+  } catch (error: any) {
+    res.status(500).json({ error: error.message });
+  }
+});
+
 router.get("/overview", async (req, res) => {
   try {
     const [{ count: totalUsers }] = await db.select({ count: sql<number>`count(*)` }).from(users);
diff --git a/server/routes/audits.ts b/server/routes/audits.ts
index 96c083f..da64568 100644
--- a/server/routes/audits.ts
+++ b/server/routes/audits.ts
@@ -5,7 +5,7 @@ import { generateAndSignReport } from "../compliance/report-generator.js";
 import { generateAuditPdf } from "../compliance/pdf-generator.js";
 import git from "isomorphic-git";
 // @ts-ignore
-import http from "isomorphic-git/http/node/index.js";
+import http from "isomorphic-git/http/node";
 import fsSync from "graceful-fs";
 import fs from "fs/promises";
 import os from "os";
@@ -250,7 +250,7 @@ router.post("/:id/cancel", async (req, res) => {
   res.json({ success: true, message: "Audit cancelled successfully" });
 });
 
-async function runAuditAsync(auditId: string, repoUrl: string, branch: string, userId: string) {
+export async function runAuditAsync(auditId: string, repoUrl: string, branch: string, userId: string) {
   const cloneDir = path.join(os.tmpdir(), "codeguard-audits", auditId);
   const abortController = new AbortController();
   activeAuditAbortControllers.set(auditId, abortController);
diff --git a/server/storage.ts b/server/storage.ts
index 1304df9..ee0abed 100644
--- a/server/storage.ts
+++ b/server/storage.ts
@@ -24,7 +24,13 @@ import {
   auditOrders,
   type AuditOrder,
   type InsertAuditOrder,
-  policyViolations
+  policyViolations,
+  promoOffers,
+  freeAuditRequests,
+  type PromoOffer,
+  type InsertPromoOffer,
+  type FreeAuditRequest,
+  type InsertFreeAuditRequest
 } from "../shared/schema.js";
 import { db } from "./db.js";
 import { eq, desc, sql, and, gte, lt } from "drizzle-orm";
@@ -86,6 +92,13 @@ export interface IStorage {
   getAuditOrderByAuditId(auditId: string): Promise<AuditOrder | undefined>;
   getAllAuditOrders(): Promise<any[]>;
   updateAuditOrder(id: string, data: Partial<InsertAuditOrder>): Promise<AuditOrder | undefined>;
+
+  // Promo Offers & Free Audits
+  getActivePromoOffer(): Promise<PromoOffer | undefined>;
+  createFreeAuditRequest(request: InsertFreeAuditRequest): Promise<FreeAuditRequest>;
+  getPendingFreeAuditRequests(): Promise<FreeAuditRequest[]>;
+  getFreeAuditRequest(id: string): Promise<FreeAuditRequest | undefined>;
+  updateFreeAuditRequestStatus(id: string, status: string, adminId?: string, auditId?: string): Promise<FreeAuditRequest | undefined>;
 }
 
 export class DatabaseStorage implements IStorage {
@@ -630,6 +643,54 @@ export class DatabaseStorage implements IStorage {
       
     return Number(result[0]?.count) || 0;
   }
+
+  // Promo Offers
+  async getActivePromoOffer(): Promise<PromoOffer | undefined> {
+    const now = new Date();
+    
+    // First, automatically expire any active offers that have passed their endsAt date
+    await db.update(promoOffers)
+      .set({ status: "ended" })
+      .where(and(eq(promoOffers.status, "active"), lt(promoOffers.endsAt, now)));
+
+    const [offer] = await db.select().from(promoOffers).where(eq(promoOffers.status, "active")).limit(1);
+    return offer || undefined;
+  }
+
+  async createFreeAuditRequest(request: InsertFreeAuditRequest): Promise<FreeAuditRequest> {
+    const [created] = await db.insert(freeAuditRequests).values(request).returning();
+    return created;
+  }
+
+  async getPendingFreeAuditRequests(): Promise<FreeAuditRequest[]> {
+    return await db.select()
+      .from(freeAuditRequests)
+      .where(eq(freeAuditRequests.status, "pending"))
+      .orderBy(desc(freeAuditRequests.submittedAt));
+  }
+
+  async getFreeAuditRequest(id: string): Promise<FreeAuditRequest | undefined> {
+    const [request] = await db.select().from(freeAuditRequests).where(eq(freeAuditRequests.id, id));
+    return request || undefined;
+  }
+
+  async updateFreeAuditRequestStatus(id: string, status: string, adminId?: string, auditId?: string): Promise<FreeAuditRequest | undefined> {
+    const updateData: any = { status };
+    if (adminId) {
+      updateData.reviewedByAdminId = adminId;
+      updateData.reviewedAt = new Date();
+    }
+    if (auditId) {
+      updateData.auditId = auditId;
+    }
+
+    const [updated] = await db.update(freeAuditRequests)
+      .set(updateData)
+      .where(eq(freeAuditRequests.id, id))
+      .returning();
+      
+    return updated || undefined;
+  }
 }
 
 export const storage = new DatabaseStorage();
diff --git a/shared/schema.ts b/shared/schema.ts
index 9349b04..f7700c3 100644
--- a/shared/schema.ts
+++ b/shared/schema.ts
@@ -469,3 +469,46 @@ export const adminActionLog = pgTable("admin_action_log", {
   afterState: jsonb("after_state"),
   timestamp: timestamp("timestamp").notNull().defaultNow(),
 });
+
+// Promo Offers for Free Audit Runs
+export const promoOffers = pgTable("promo_offers", {
+  id: varchar("id").primaryKey().default(sql`gen_random_uuid()`),
+  name: text("name").notNull(),
+  description: text("description"),
+  startsAt: timestamp("starts_at").notNull().defaultNow(),
+  endsAt: timestamp("ends_at").notNull(),
+  maxGrants: integer("max_grants"),
+  grantsUsed: integer("grants_used").notNull().default(0),
+  status: text("status").notNull().default("active"), // "active" | "ended" | "paused"
+  createdByAdminId: varchar("created_by_admin_id").references(() => users.id),
+});
+
+export const insertPromoOfferSchema = createInsertSchema(promoOffers);
+export type PromoOffer = typeof promoOffers.$inferSelect;
+export type InsertPromoOffer = z.infer<typeof insertPromoOfferSchema>;
+
+// Free Audit Requests
+export const freeAuditRequests = pgTable("free_audit_requests", {
+  id: varchar("id").primaryKey().default(sql`gen_random_uuid()`),
+  promoOfferId: varchar("promo_offer_id").notNull().references(() => promoOffers.id),
+  repoUrl: text("repo_url").notNull(),
+  contactName: text("contact_name").notNull(),
+  contactEmail: text("contact_email").notNull(),
+  motivationText: text("motivation_text").notNull(),
+  status: text("status").notNull().default("pending"), // "pending" | "approved" | "rejected" | "completed" | "expired"
+  submittedAt: timestamp("submitted_at").notNull().defaultNow(),
+  reviewedAt: timestamp("reviewed_at"),
+  reviewedByAdminId: varchar("reviewed_by_admin_id").references(() => users.id),
+  auditId: varchar("audit_id").references(() => audits.id),
+});
+
+export const insertFreeAuditRequestSchema = createInsertSchema(freeAuditRequests).omit({
+  id: true,
+  submittedAt: true,
+  reviewedAt: true,
+  reviewedByAdminId: true,
+  auditId: true,
+  status: true,
+});
+export type FreeAuditRequest = typeof freeAuditRequests.$inferSelect;
+export type InsertFreeAuditRequest = z.infer<typeof insertFreeAuditRequestSchema>;
