Service · 03

Technical Audits.

A second pair of senior eyes on a codebase or product. You get a written report with severities, fixes, and a prioritized plan — not a vibes review.

// audit scorecardSeverities, with a 30/60/90 day plan.

AreaScoreTargetSevNote

Performance6495P0First load 4.1s · LCP 3.6s

Accessibility7896P112 missing labels, 4 contrast

Security8895P12 outdated deps · 1 CVE

Maintainability5680P0no tests on payment flow

Deploy story7292P2preview env missing

Observability4485P1no error tracking, no traces

// the deliverable

A written report you can hand to whoever ships next.

Two artifacts: the report (TOC below) and a severities table with owners and a 30 / 60 / 90 day plan. Optional: I implement the P0 / P1 fixes after the report lands.

// report TOC

01Executive summary (1 page)
02Architecture review
03Performance · Web Vitals · bundle
04UX heuristics on top 3 flows
05Accessibility (WCAG 2.2 AA)
06Security & dependency review
07Maintainability score (tests, types, deploy)
0830 / 60 / 90 day plan
09Severities table (P0–P3) with owners
10Optional: implementation pass on P0 / P1

// severity rubric

AreaP0P1P2

PerformanceLCP > 4s on key pages, or major regressions in last releaseWeb Vitals failing, but recoverable with caching + image workPolish-grade — image format, font swap, prefetch tuning

AccessibilityForm / payment flow unusable on a keyboard or with SRMissing labels, contrast issues on body type or CTAsFocus styles, semantic landmarks, alt-text consistency

SecurityActive CVE on production dep; secrets in repo; missing CSRFKnown-vulnerable dep upgrade pending; permissive CORSDep update hygiene; security headers; rate limit polish

MaintainabilityNo tests on payments / auth; broken deploy storyUntyped surface, no preview env, missing docsLinting / formatting drift, unclear ownership

// included

What's included.

+Repository walkthrough and architecture review
+Performance audit: Core Web Vitals, bundle size, queries, caching
+UX/accessibility audit on key flows
+Security & dependency review (no surprise CVEs)
+Maintainability score: tests, types, deploy story, on-call ergonomics
+Final report with severities, owners, and a 30/60/90 day plan

// outcomes

What you can expect.

▶A prioritized list of fixes — not a 200-page document nobody reads
▶A clear answer to "is this codebase worth scaling?"
▶A 30/60/90 day plan you can hand to whoever ships next

// process

How an engagement runs.

Read

Two days reading the code, ticket history, and the deploy logs. I form a hypothesis before we talk.

Probe

Pair sessions with the team to test that hypothesis against reality. Most audits pivot here.

Score

Severities (P0–P3), categorized by performance, UX, security, and maintainability.

Report

Written report with prioritized fixes and a plan. Optional: I implement the P0/P1 items.

// best fit

Best for.

◇Acquirers doing technical due diligence
◇CTOs inheriting a codebase from a previous team or vendor
◇Teams whose Lighthouse / DORA metrics regressed and they don't know why

// pricing

Engagement & pricing.

Audit only: 1–2 weeks, fixed price. Audit + remediation: scoped after the report lands.

Default stack

Lighthouse
Sentry
Web Vitals
Vercel Analytics
Knip
Custom static analysis

// related

Recent projects in this lane.

Real-Estate PlatformFutura by FilinvestA multi-brand real-estate marketing platform that turned a complex portfolio into a conversion-focused experience for high-intent buyers.↗Eldercare Marketplace · USAElderdocA two-sided marketplace built for U.S. families and caregivers — connecting households with verified, background-checked carers across major American cities, matched in 24 hours and billed through escrow.↗

Ready to start?
Send a one-paragraph brief.

What you're building, the rough timeline, and one constraint that matters. I'll reply within a day with a one-page response and a quote.

Email a brief →See the archive →