What you keep

We make the right thing. You keep everything.

The right product earns its keep: revenue, users who stay, and the time and budget you don't lose building the wrong thing. We work out what's worth building with you, build it well, and everything we make together is yours, with no lock-in.

The short version

A product that works

We measure the work by what it does for your users and your business, not by how much code we wrote. We work out what's worth building with you, build it, and put it in front of real users. If something isn't worth pursuing, we say so.

Yours, no lock-in

Everything we make is yours, from the customer evidence to the code in your repo. No minimum term, no proprietary formats. It runs without us. Walk away any time and keep everything.

Security & operations

We take security seriously and handle it, built into every change or wired into the stack you already run. We help operate the product in production too. Your code is never used to train models.

Commercials

No hourly billing, no coordination tax. Founding cohort by application, on terms we set with you up front. Limited capacity, by design.

Everything below is the same answer in more detail.

Part one

The product side

What we work out with you before and during the build, and what you keep from it.

01 / What you learn

Evidence about what is worth building.

Before we build, and while we build, we help you work out what is actually worth building. Some of what you keep is the shipped product. Some of it is the evidence, and the calls you make about what ships. Here is the product side, whether or not we write a line of code together.

Customer evidence

What your users actually need and struggle with, from talking to them, not guessing. Yours to keep and act on.

A clear call on each idea

Build it, change it, or drop it, tested fast and cheap before the budget goes in. The reasoning written down, so the decision outlives the conversation.

The few bets worth making

The handful that move customer value and business value, told apart from the long list that doesn't.

A habit you keep

Testing an idea with real users before betting on it. Once a team works this way, it sticks.

A “no” is a result.

If an idea is not worth building, we say so. That is the cheapest outcome on this page: the months and the money you would have spent finding out the hard way, kept and spent on something that creates value instead. We would rather be honest than busy.

Part two

The engineering

What we ship, how we test and secure it, and how it plugs into your world. The depth is here on purpose: skim it, or hand it to a technical eye and let them dig in.

02 / What you take away

Everything we produce together is yours, from day one.

Readable, high-quality, easy for any team or any LLM to pick up and maintain. No proprietary formats, no hidden artefacts.

Specification

Written, structured, ready to rebuild from scratch elsewhere if you ever needed to.

Production code

In your repository, clean and readable.

Unit tests

Covering the surfaces the factory built.

End-to-end tests

Playwright or your preferred framework, wired into CI.

CI/CD configuration

The pipeline that runs the build, gated and reproducible.

Architecture docs

System design, decisions, and trade-offs recorded.

UX and UI docs

Design system, patterns, and rationale.

Runbooks

What to do when something needs attention.

If we stopped tomorrow, you'd still have everything you need to keep building.

03 / Test pyramid, on every change

Test pyramid practices, on every change.

Every layer of the pyramid runs before a human reviewer sees the change. Acceptance criteria proven in CI, not declared in a PR description.

Plus every change passes:

AC and test design: user acceptance tests designed from acceptance criteria before any code is written. Test automation budget set by pyramid level.
UI design from your design system: UI comes out consistent and precise. The factory works directly from your Storybook or Figma.
Multi-faceted review: UX heuristics, UI quality, code review, test pyramid alignment, automated slow-test budget.
CI gate: full CI with an automated fix loop on failure. Continuous rebase keeps in-flight work current with main.
AC coverage gate: every acceptance criterion has a test proven to run in CI.

Skip any one and the change doesn't ship.

04 / Security and code quality

Gated on every change. Basics included. The rest, your way.

The factory ships secure-by-default code through gates that run on every change. For deeper security activity (SAST, deep SCA, container scans, DAST, pen tests), you choose: Cercury delivers it, or we plug into what you already run. Either path feeds the same auto-fix loop.

Included by default

Code security basics

Secure-by-default code generation: parameterised queries, validated inputs, secrets via env, no eval, no string-built SQL
Secret scanning on every commit
Dependency vetting at add-time: known-vuln check before a new package merges
Lint, complexity bounds, code quality

Properties of how the factory generates code. No conflict with what you already run.

Cercury delivers

Extended security activity

SAST: static application security testing
Deep SCA: dependency and licence scanning
Container image scanning
DAST against staging
Threat modelling at the architecture phase
Regular penetration testing

Brought in as paid capability extensions when you don't already have these in place.

Or integrate yours

Plug in your existing stack

Snyk, Veracode, Checkmarx
Wiz, Prisma Cloud, Aikido
GitHub Advanced Security
Any tool that reports through CI/CD

Wired into the same CI gate as everything else. Your investment, your audit trail, your controls.

Findings come back as fixes, not tickets.

However the finding is raised, whether baseline, Cercury-delivered, or your own stack, the factory triages, patches, and re-runs the gates. Engineers see what needs judgement. The rest closes itself.

05 / What you bring. What we bring.

Cercury maintains accelerator recipes for common stacks.

You can run on those, or bring your own as long as it meets the build contract.

	You bring	Cercury brings
Stack	Your stack	Accelerator recipes for Python + TypeScript + Postgres + Redis and more. Anything that can be dockerised is supported.
CI	GitHub Actions	The factory's CI integration. Other CI providers as a paid capability extension.
Build contract	Dockerised builds and a scripted build/test wrapper (Makefile or equivalent)	The factory operates against this contract
Design system	Your design system	Storybook enabled. Figma supported.
Architecture	Your constraints, existing systems, and a team to walk through them with	Architecture designed with you. ADRs alongside the code. Code structure, comments, and inline documentation at production-grade.
Security	Your existing security tooling, if any. Pen test cadence if you run one.	Secure-by-default generation, secret scan, dependency vetting baked in. SAST, deep SCA, container scan, DAST, pen testing on request. Or we plug into your stack. Findings come back as fixes.
Product	Your users, what you know about the market, and time in the room. You do your part of the work with us.	A structured way to find what is worth building, with the framework and tools to run it. Discovery and validation alongside the build, or on its own.

06 / How the factory plugs in

One port. The factory connects to your world through GitHub.

Nothing else is required. The factory never reaches into your infrastructure directly.

Suggested topology. GitHub is the integration plane between the factory and your cloud. Other setups possible; talk to us about yours.

The factory itself runs on Cercury infrastructure. Anything in your stack that the build needs to talk to is accessed through Docker equivalents or mocks during test runs. Your QA and production environments stay yours. Your access controls stay yours. Your audit trail stays yours.

Tell us what you're building.

A 45-minute call, no pitch and no obligation. If we are not the right team for it, we say so.

hello@cercury.ai

We earn the next month on the work, not on the lock-in.