Architecture · security · accessibility

Engineering audits

A second pair of eyes on a code base, with a written report you can hand to your board.

DOC. IDCAP-06

REV: 7.4
STATUS: in production
LAST REVIEW: 2026-06-12
METRIC: 47

§ 01 How we approach this CAP-06.body

An audit is the cheapest way to find out whether your codebase is fragile, secure, or slow — without committing to a rebuild. We spend a week reading the repository end to end, ten hours interviewing the team, and another week writing a 25-page report graded against a fixed rubric: architecture, dependency health, security posture, accessibility, performance, and developer experience. We deliver remediations sized small / medium / large, with effort estimates you can budget against.

§ 02 Stack CAP-06.stack

Static analysisOWASP ZAPaxe-coreLighthouseSnyk

§ 03 Other capabilities CDS-CAP-XREF

01 CAP-01

Storefronts that don't look like Shopify

Headless commerce

Storefronts built on Shopify Hydrogen, Saleor, or BigCommerce — paired with a custom front end you actually own.

→

02 CAP-02

Internal tools, dashboards, B2B SaaS

Application platforms

Custom web applications with the boring parts done well — auth, billing, audit logs, role-based access.

→

03 CAP-03

REST, GraphQL, integrations

API engineering

Public and private APIs that age well — properly versioned, properly documented, properly rate limited.

→

04 CAP-04

Core Web Vitals + edge

Performance engineering

Get your Lighthouse score above 95, your LCP under 1.0 second, and keep them there.

→

05 CAP-05

Framework / CMS migrations · no SEO loss

Re-platforming

Move from WordPress, Drupal, or a creaky bespoke stack to something maintainable — without losing rankings or breaking links.

→