Skip to content

Phase Patterns

Common phase groupings for remediation plans. Use these as starting templates and adapt to the specific situation.

Production Readiness (Prototype → Production)

Use when a prototype needs operational hardening without significant code changes.

Phase Focus Typical Effort Dependencies
0. Containerisation Dockerfile, docker-compose, .dockerignore, local validation 1–2 days None
1. Infrastructure Terraform/IaC for compute, database, registry, networking 3–5 days Phase 0
2. CI/CD Pipeline Build → push → deploy workflow, coverage gates, environment promotion 2–3 days Phases 0, 1
3. Authentication Replace placeholder auth with production identity provider 3–5 days Phase 2
4. Observability Telemetry SDK, structured logging, tracing, custom metrics 2–3 days Phase 2 (parallel with 3)
5. Production Database Replace dev storage with durable backend, migration tooling 3–5 days Phases 1, 3
6. Security Hardening CORS, secrets management, network security, rate limiting 2–3 days Phases 3, 4, 5
7. Testing Gaps Coverage thresholds, integration tests, load tests, e2e automation 2–3 days Phases 2, 5
8. Operational Readiness Runbooks, alerting, change management, handover docs 3–5 days All prior

Critical path: 0 → 1 → 2 → 3 → 5 → 6 Parallelisable: 3 & 4, 7 starts after 2

Decoupling / Code Migration

Use when extracting shared code from monoliths or replacing direct package dependencies with API calls.

Phase Focus Dependencies
0. Repo Setup New repo, project structure, CI pipeline, health endpoint None
1. Copy Source Code Vendor upstream modules into new repo, rewrite import paths Phase 0
2. Copy Dependent Code Vendor transitive dependencies (DB layers, utilities, config) Phase 1
3. Wire API Routes Create HTTP endpoints wrapping vendored business logic Phases 1, 2
4. Migrate Consumer A Replace direct imports with HTTP calls in first consumer app Phase 3
5. Migrate Consumer B Same for second consumer (can parallel with Phase 4 if independent) Phase 3
6. Validation & Cleanup Parity tests, dead code removal, dependency removal from consumers Phases 4, 5

Key pattern: Each vendored module needs unit tests + parity tests comparing vendored vs original output.

Modernisation (Legacy → Modern Stack)

Use when upgrading frameworks, patterns, or infrastructure across an existing production service.

Phase Focus Dependencies
0. Assessment Inventory current state, identify migration targets None
1. Foundation Update runtime (Python version, framework), fix breaking changes Phase 0
2. Architecture Introduce new patterns (DDD, event sourcing, storage boundary) incrementally Phase 1
3. Infrastructure Modernise deployment (containers, IaC, new CI pipeline) Phase 1
4. Migration Move business logic to new patterns, migrate data Phases 2, 3
5. Cutover Switch traffic, validate, rollback plan Phase 4
6. Cleanup Remove legacy code paths, update docs, archive old infra Phase 5

Key pattern: Run old and new in parallel during Phase 5. Never big-bang cutover.

Audit Remediation (Findings → Fixes)

Use when converting security, design, or operational audit findings into work.

Phase Focus Dependencies
0. Critical Fixes Address any findings with active exploitation risk None
1. High-Priority Fixes Findings that block compliance or deployment Phase 0
2. Medium-Priority Fixes Findings that improve posture but don't block Phase 1
3. Process Improvements New gates, policies, or automation to prevent recurrence Phase 2
4. Validation Rescan, regression test, document residual risks Phase 3

Key pattern: Fix root causes, not symptoms. If a finding recurs, the fix was wrong.

Adaptation Rules

  • Merge phases if total plan would exceed 8 phases
  • Split phases if any single phase exceeds 5 days effort
  • Add a "Decision Gate" pseudo-phase if blocked decisions affect multiple downstream phases
  • Always include a final validation/cleanup phase — migration debt compounds fast