Get in touch
How it works

The factory, idea to live.

This is the build part of the work in motion: how a single feature goes from a request to live in production, with our engineers on the rails. It's the middle of one loop. Find it, build it, run it. Join the loop at any stage: all of it, or just the part you need.

Book the call What you keep
The factory

The building part, on rails.

Once we know what's worth building, the factory carries it to production. Watch a feature move through, idea to live: the spec, the code, the tests, the checks, the deploy, with Cercury's engineers steering every stage. This is what makes it fast enough to put something real in front of users in days.

factory · idea to live elapsed —:—
Orchestrated agents
·
Prompt library
·
60+ QA gates
·
Deterministic + LLM
Backlog12
  • FEAT-251 prefs sync
  • FEAT-253 SSO logout
  • FEAT-256 audit log export
  • + 9 more
Analysis2
Spec ready1
In Progress1
In Review1
Released19
FEAT-247 saved filters
human · drag factory · drafts human · drag human · approve factory · ships
FEAT-247saved filters
Intake · raw idea
Slack · #zagg · 11:42
M
michael 11:42
saved filters? we rebuild the same one every monday for the q4 report. just want a save button on the filter bar.
Analysis Harness picks this up
Spec · structured draft
drafted by the factory · streaming

User story

As a power user, I want to save filter combinations to reuse them.

Acceptance criteria

  • Save named filter from active state
  • Persist; visible in dropdown with deletion
  • Loading applies without page reload
  • Names unique per user

Architecture slice

New saved_filters table; extend FilterBar with save dropdown

Build · running
deterministic + LLM gates · retry on fail
0:47 Plan & architecture
2:01 Code generation
4:27 Test coverage
5:14 Security & quality gates
5:31 UI consistency
+
Top-grade output
Code we'd sign
Tests that cover it
UI from your design system
Secure by default
Deploy · CD pipeline
artefact promoted · smoke tests running
0:08 Build artefact & sign
0:21 Push to staging
0:42 Smoke tests
0:55 Promote to production
1:04 Health check & observability
Released · live in production
Engineering-grade code, shipped.
Observed · rollback armed · already serving users

The factory does not ship a half-passing change.

What you keep

We make the right thing. You keep everything.

The right product earns its keep: revenue, users who stay, and the time and budget you don't lose building the wrong thing. We work out what's worth building with you, build it well, and everything we make together is yours, with no lock-in.

The short version
A product that works

We measure the work by what it does for your users and your business, not by how much code we wrote. We work out what's worth building with you, build it, and put it in front of users. If something isn't worth pursuing, we say so.

Yours, no lock-in

Everything we make is yours, from the customer evidence to the code in your repo. No minimum term, no proprietary formats. It runs without us. Walk away any time and keep everything.

Security & operations

We take security seriously and handle it, built into every change or wired into the stack you already run. We help operate the product in production too. Your code is never used to train models.

Commercials

No hourly billing, no coordination tax. Founding cohort by application, on terms we set with you up front. Limited capacity, by design.

Everything below is the same answer in more detail.

Part one

The engineering

What we ship, how we test and secure it, and how it plugs into your world. The depth is here on purpose: skim it, or hand it to a technical eye and let them dig in.

01 / What you take away

Everything we produce together is yours, from day one.

Readable, high-quality, easy for any team or any LLM to pick up and maintain. No proprietary formats, no hidden artefacts.

Specification

Written, structured, ready to rebuild from scratch elsewhere if you ever needed to.

Production code

In your repository, clean and readable.

Unit tests

Covering the surfaces the factory built.

End-to-end tests

Playwright or your preferred framework, wired into CI.

CI/CD configuration

The pipeline that runs the build, gated and reproducible.

Architecture docs

System design, decisions, and trade-offs recorded.

UX and UI docs

Design system, patterns, and rationale.

Runbooks

What to do when something needs attention.

If we stopped tomorrow, you'd still have everything you need to keep building.

02 / Test pyramid, on every change

Test pyramid practices, on every change.

Every layer of the pyramid runs before a human reviewer sees the change. Acceptance criteria proven in CI, not declared in a PR description.

Test pyramid, four layersA four-layer testing pyramid widening toward the base: UAT designed from acceptance criteria and proven in CI at the top, then E2E Playwright user flows, then API and integration tests covering contracts and boundaries, then Unit tests at the base.UATdesigned from acceptance criteria, proven in CIE2EPlaywright user flowsAPI & INTEGRATIONcontracts, boundaries, integrationUNITfast, numerous, the base

Plus every change passes:

  • AC and test design: user acceptance tests designed from acceptance criteria before any code is written. Test automation budget set by pyramid level.
  • UI design from your design system: UI comes out consistent and precise. The factory works directly from your Storybook or Figma.
  • Multi-faceted review: UX heuristics, UI quality, code review, test pyramid alignment, automated slow-test budget.
  • CI gate: full CI with an automated fix loop on failure. Continuous rebase keeps in-flight work current with main.
  • AC coverage gate: every acceptance criterion has a test proven to run in CI.

Skip any one and the change doesn't ship.

03 / Security and code quality

Gated on every change. Basics included. The rest, your way.

The factory ships secure-by-default code through gates that run on every change. For deeper security activity (SAST, deep SCA, container scans, DAST, pen tests), you choose: Cercury delivers it, or we plug into what you already run. Either path feeds the same auto-fix loop.

Included by default

Code security basics

  • Secure-by-default code generation: parameterised queries, validated inputs, secrets via env, no eval, no string-built SQL
  • Secret scanning on every commit
  • Dependency vetting at add-time: known-vuln check before a new package merges
  • Lint, complexity bounds, code quality

Properties of how the factory generates code. No conflict with what you already run.

Cercury delivers

Extended security activity

  • SAST: static application security testing
  • Deep SCA: dependency and licence scanning
  • Container image scanning
  • DAST against staging
  • Threat modelling at the architecture phase
  • Regular penetration testing

Brought in as paid capability extensions when you don't already have these in place.

Or integrate yours

Plug in your existing stack

  • Snyk, Veracode, Checkmarx
  • Wiz, Prisma Cloud, Aikido
  • GitHub Advanced Security
  • Any tool that reports through CI/CD

Wired into the same CI gate as everything else. Your investment, your audit trail, your controls.

Findings come back as fixes, not tickets.

However the finding is raised, whether baseline, Cercury-delivered, or your own stack, the factory triages, patches, and re-runs the gates. Engineers see what needs judgement. The rest closes itself.

04 / What you bring. What we bring.

Cercury maintains accelerator recipes for common stacks.

You can run on those, or bring your own as long as it meets the build contract.

You bringCercury brings
StackYour stackAccelerator recipes for Python + TypeScript + Postgres + Redis and more. Anything that can be dockerised is supported.
CIGitHub ActionsThe factory's CI integration. Other CI providers as a paid capability extension.
Build contractDockerised builds and a scripted build/test wrapper (Makefile or equivalent)The factory operates against this contract
Design systemYour design systemStorybook enabled. Figma supported.
ArchitectureYour constraints, existing systems, and a team to walk through them withArchitecture designed with you. ADRs alongside the code. Code structure, comments, and inline documentation kept clean and maintainable.
SecurityYour existing security tooling, if any. Pen test cadence if you run one.Secure-by-default generation, secret scan, dependency vetting baked in. SAST, deep SCA, container scan, DAST, pen testing on request. Or we plug into your stack. Findings come back as fixes.
ProductYour users, what you know about the market, and time in the room. You do your part of the work with us.A structured way to find what is worth building, with the framework and tools to run it. Discovery and validation alongside the build, or on its own.
05 / How the factory plugs in

One port. The factory connects to your world through GitHub.

Nothing else is required. The factory never reaches into your infrastructure directly.

factory integration topologyThree blocks in a row: the factory on Cercury infrastructure, GitHub repo and Actions as the integration plane, and your cloud where QA and production environments live. Bidirectional arrows between adjacent blocks.FACTORYCercury infrastructureCERCURYGITHUBRepo + ActionsINTEGRATION PLANEYOUR CLOUDQA + Prod envsYOUR WORLD

Suggested topology. GitHub is the integration plane between the factory and your cloud. Other setups possible; talk to us about yours.

The factory itself runs on Cercury infrastructure. Anything in your stack that the build needs to talk to is accessed through Docker equivalents or mocks during test runs. Your QA and production environments stay yours. Your access controls stay yours. Your audit trail stays yours.

Part two

The product side

Beyond the code: what we work out with you about what's worth building, and what you keep from it.

06 / What you learn

Evidence about what is worth building.

Before we build, and while we build, we help you work out what is actually worth building. Some of what you keep is the shipped product. Some of it is the evidence, and the calls you make about what ships. Here is the product side, whether or not we write a line of code together.

Customer evidence

What your users actually need and struggle with, from talking to them, not guessing. Yours to keep and act on.

A clear call on each idea

Build it, change it, or drop it, tested fast and cheap before the budget goes in. The reasoning written down, so the decision outlives the conversation.

The few bets worth making

The handful that move customer value and business value, told apart from the long list that doesn't.

A habit you keep

Testing an idea with the people you're building for before betting on it. Once a team works this way, it sticks.

A “no” is a result.

If an idea is not worth building, we say so. That is the cheapest outcome on this page: the months and the money you would have spent finding out the hard way, kept and spent on something that creates value instead. We would rather be honest than busy.

Tell us what you're building.

A 45-minute call, no pitch and no obligation. If we are not the right team for it, we say so.

hello@cercury.ai

We earn the next month on the work, not on the lock-in.