Auth
Provider, session storage, MFA, token leakage, password reset surface area.
00 / System
How I work.
The full methodology.
Three named systems I run on every engagement. The 6-axis fragility model audits any prototype in 5 minutes. The 3-week Rescue hardens it. The 6-week MVP builds the real thing. Same principles, three depths.
01 / Audit
The 6-axis fragility model.
Every AI-built prototype I audit gets graded on the same six axes. They catch ~80% of what breaks a prototype in production. The free 5-minute Loom audit uses this same model.
Data
API exposure, hardcoded keys, anonymous read access, secrets in client bundles.
Security
HTTPS, security headers, common path enumeration, mixed content, OWASP basics.
Tests
Critical-path coverage, source maps shipped, console errors, broken-link rate.
Deploy
CDN, compression, cache headers, custom domain, rollback path.
Observability
Error tracking, analytics, health endpoints, alert routing.
02 / Rescue
The 3-week MVP Rescue.
Used when a prototype works for the demo but isn't production-safe. Scope-locked, no new features. Fixed price €9.500.
-
W1
Audit
Codebase deep-dive. Risk-prioritized fix list. Scope lock on what's in vs out for the next 2 weeks.
-
W2
Hardening
Critical-path tests, CI/CD pipeline, error monitoring (Sentry), security pass (OWASP basics, secret management, headers).
-
W3
Ship
Production deploy on the founder's accounts (AWS / Vercel / Supabase). Handover with docs and runbooks. 2 weeks of bug-fix support starts.
03 / MVP
The 6-week Production-grade MVP.
Used when there's no prototype yet, or when the prototype needs new features alongside hardening. Fixed price €19.000 (Standard) or €40.000 (Pro, with multi-tenant + SSO + Stripe billing).
-
W1
Scope
Smallest scope we can ship production-grade. Architecture, schema, key flows.
-
W2
Foundation
Auth, billing, infra, deploy pipeline. Boring parts done right, once.
-
W3
Build I
Core feature loop. Daily commits. Weekly Loom walkthrough.
-
W4
Build II
Rest of scope. Edge cases. Real data, not seeds.
-
W5
Polish
Performance, copy, emails, error states. The 5% that 95% of MVPs skip.
-
W6
Ship
Production deploy. You walk away with the keys, the docs, and a live product.
04 / Principles
Three rules every engagement runs on.
Code & infra ownership
Repo, AWS / Vercel / Supabase / Stripe / AI-provider accounts: all in your name from day 1. I work in them, I don't hold them.
Phased payment
30% kicks off. The rest is milestone-based after each delivery. If we're misaligned early, we stop early, you only pay for what shipped.
Default stack
Next.js + Postgres + AWS or Vercel, with AWS Serverless when latency, cost, or scale require it. Variations only when the case justifies it.
05 / Apply
Apply this to your build.
Start with the free 5-minute Loom audit (no call, no pitch). Or book a 30-min call to scope the rescue or MVP.