Copser Consultancy
Doc 03 / Approach Runbook — five phases

Design first. Then build like it will be audited.

Every engagement runs the same spine, whether it's a two-week review or a year-long build. Not because process is a virtue in itself — because compliance-heavy platforms teach you exactly which shortcuts get expensive, and in what order.

01
Frame

Understand the domain before touching the stack

The first deliverable is a written statement of the problem: the domain, the constraints, the compliance context, who touches the system and what happens when it fails. If we can't write it down clearly, we don't understand it yet — and neither does anyone else on the project. Most expensive engineering mistakes are made in this phase by skipping it.

02
Design

System design and threat model, on paper, before code

Data model, service boundaries, auth architecture, failure modes — decided deliberately while changing them is still cheap. The threat model is part of the design document, not an appendix: who can reach this endpoint, what a stolen token can do, where the audit trail lives. You review and sign off on the design. It's your system; you should be able to read its blueprint.

03
Build

Small increments, reviewed like someone else wrote them

Continuous integration from the first commit. Work lands in small, reviewable increments — and everything gets reviewed, including our own code, with the same skepticism we'd apply to a stranger's pull request. Tests are written for the failure paths, not just the demo path. Weekly written status in plain language: what shipped, what's at risk, what we need from you.

04
Verify

Prove it behaves badly well

Before anything is called done: security review against the threat model, load sanity checks against realistic data volumes, and deliberate abuse of the inputs — expired tokens, malformed payloads, the double-submitted form. A system's quality is what it does when things go wrong, and we'd rather find that out in staging than in your incident channel.

05
Ship & hand over

Deploy it, document it, and make ourselves optional

Deployment runbooks, architecture documentation kept current with what was actually built, and real knowledge transfer to your team. The measure of a good handover is that you don't need us afterward — and choose to come back anyway. We don't build dependence; lock-in is a business model, not an engineering practice.

§ 03.6 — Standing orders Non-negotiable
SO-01

Boring technology, chosen on purpose

Proven tools with known failure modes beat interesting tools with unknown ones. Novelty has to earn its place in your production system with an argument, not a trend.

SO-02

Security is a default, not a line item

Auth, input validation, least privilege and audit logging are in the base design of everything we ship — they don't appear on the invoice because they were never optional.

SO-03

Estimates you can hold us to

Ranges with stated assumptions, revised in writing the moment reality disagrees. An optimistic estimate is just a lie with a delivery date.

SO-04

Documentation is a deliverable

Design docs, runbooks and decision records ship with the code, in your repository. If it isn't written down, it didn't happen — and it can't be maintained.

SO-05

Small blast radius

Deploys are reversible, migrations are staged, and no change is so big it can't be rolled back before lunch. Confidence comes from the undo path, not the plan.

SO-06

Honest no's

If a request is a bad idea, you'll hear it once, clearly, with the reasoning — before we build it anyway if you still want it. Agreeable consultants are expensive.

Next step

This is how we'd treat your system. See who "we" is.

Open Doc 04 / About