One skill that routes any task to the right set of ten rules — across seventeen disciplines and twenty-two industry verticals, from web design and writing to API design, security, and growth — reads only the rules that apply, and holds the work to their checklists.
The skill reads the task signals and matches them to one of thirty-nine domains. Two apply at once? It loads both.
2
Read only what applies
It opens the domain INDEX.md — ten one-liners — and pulls just the few rules that bear on the task. Never all ten at once.
3
Work the checklist
It states which rules it is applying, does the work to satisfy each rule's Why / How / Checklist, then self-checks before claiming done.
§ 02
Thirty-nine rule sets, 390 rules
Click any rule to expand why it matters.
10
Web Design
Awwwards · Nielsen · Rams
Order that users understand, act on, and remember.
User Purpose First
Good sites treat a page as a user task, not a decoration. GOV.UK's first principle is "start with user needs" — begin from research and real users, not assumptions.
Instant Clarity (5 seconds)
Krug's "Don't Make Me Think": the moment a user hesitates to interpret the page, they leave. The web is a surface for action, not a book.
Visual Hierarchy
Award juries score structure and navigation together with visual design. Winners design what you see first and where it leads — not just "big type."
Content Is Design
Awwwards scores content as its own 10% axis. Users come for the meaning they need, not for a pretty layout.
Consistency
Nielsen's heuristic: users shouldn't wonder whether the same word or action means the same thing. GOV.UK: "be consistent, not uniform" — predictability, not sameness.
Discoverable Interaction
Norman's four principles — affordance, signifier, mapping, feedback. Users must see what's clickable, predict what it does, and watch the state change after.
Purposeful Motion
Award motion categories define motion as a tool that improves UX through transitions — it should explain state, hierarchy, causality, and brand, not just look cool.
Accessibility by Default
WCAG 2.2 defines access as Perceivable, Operable, Understandable, Robust. It's a quality bar that lets more people use the product with less friction.
Performance Is a Design Decision
Heavy images, video, and scripts are performance problems design created. Google's Core Web Vitals set the bar: LCP ≤ 2.5s, INP ≤ 200ms, CLS ≤ 0.1.
Memorable Brand
Winners carry one strong memory device — distinctive type, an unexpected scroll, a signature color or motion. Rams' "less, but better": memorable without obstructing the essential.
Clear communication gives the conclusion first and lets people judge — it doesn't make them hunt for it. Minto's pyramid and the CDC Clear Communication Index agree: put the key message up front.
Start From Their Question
Organize by the listener's questions, not your thinking order. Minto's Situation-Complication-Question frame says find the question in the reader's head first.
Pyramid Structure
Good messages descend key point → supporting reasons → detailed evidence. One core point with logically grouped support makes even long documents easy to follow.
Plain Language
Hard wording doesn't show expertise — it raises the cost of understanding. Gowers' Plain Words: short, simple, human; plainlanguage.gov: everyday words, active voice.
Concrete Over Abstract
"Innovative, risky, important" alone isn't remembered. The Heaths' Made to Stick names concreteness as core to stickiness — Jobs explained the iPhone as three familiar products combined.
Honest About Uncertainty
Trust comes from honest information structure, not a flawless tone. CDC crisis guidance: say what's known and unknown. Buffett: tell the facts you'd want if positions were reversed.
Empathy Before Facts
People under threat defend rather than absorb information. Rosenberg's NVC separates observation-feeling-need-request; Airbnb's layoff memo is the model — empathy, then facts, then criteria, then next steps.
Contrast Creates Meaning
Strong messages show the gap between "what is" and "what could be," not a list of facts. Duarte's sparkline builds tension from that contrast — as in JFK's moon speech and MLK's dream.
Specific Call to Action
Clear communication ends in action, not just understanding. CDC crisis guidance stresses short, memorable action steps; Crucial Conversations makes "move to action" a core skill.
Safety & Feedback Loop
One-way delivery can't reduce misunderstanding. Crucial Conversations: make it safe, seek mutual purpose, explore others' paths, move to action — timeliness, transparency, and responsiveness together build trust.
Preserve capital first; buy value with a margin of safety.
Capital Preservation First
Lose 50% and you need +100% just to break even; lose 90%, you need +900%. What matters is permanent loss, not volatility — so Buffett puts this rule before any rule about making money.
Buy Value, Not Price
Price is what someone pays this morning; value is what the cash flows are worth across cycles. A rising chart is not an argument — past price action has nothing to do with what the business earns.
Demand a Margin of Safety
Your numbers will be wrong and the future will differ from any forecast. The gap between estimated value and price paid is error control — the noisier the inputs, the wider the margin must be.
A Stock Is a Piece of a Business
A stock is part-ownership of a real business, not a line on a screen. Ask "do I want to own this company for five years?" — if a 30% drop with unchanged fundamentals scares you, it was speculation.
Stay in Your Circle of Competence
The size of the circle doesn't matter; honesty about its edge does. "Plausible-sounding" is not "inside the circle" — an LLM agent will reason confidently about names where it has no real signal.
Quality at a Fair Price
A mediocre business bought cheap gets ground down; a great business at a fair price keeps compounding. Cheap is the floor, quality is the multiplier — checkable via pricing power, moat, and stable ROIC.
Verify Management & Capital Allocation
A great business can be wrecked by a CEO who issues shares cheap and buys back at the top. Earnings can only go five places — quality describes the business; capital allocation describes what's done with its cash.
Compound Long-Term
Compounding is multiplicative; every interruption — a tax event, a round-trip, a forced sale — takes a multiplicative bite. Sell only when the thesis breaks, quality deteriorates, or a clearly better idea needs funding.
Use Cycles & Crowd Psychology
Markets oscillate between greed and fear, amplified by reflexivity. Marks' second-level thinking: not "this company is great" but "everyone knows it's great — what price doesn't already assume it?"
Default to Low-Cost Diversification
An edge is a structural reason your returns differ from the market's — most investors and agents don't have one. Without it, the disciplined move is broad, low-cost, global diversification, not playing harder.
A decision document: why → problem → who → what → how → verify.
Anchor "Why" First
Open with why this work exists, why now, and what breaks if it doesn't happen. Never start with "what to build."
Frame an As-Is / To-Be Gap
Don't write the problem as a complaint or an idea. State the current state, target state, the gap, the root cause, and what to solve first.
Order by the Reader's Worries
A plan answers the questions an approver, developer, or investor will ask. Order sections by their anxieties: need → alternatives → cost vs value → feasibility → risk → execution → measurement.
Separate Claim From Evidence
Distinguish facts, data, and observed user needs from unverified assumptions; mark anything unsupported as an assumption. Pull from research, competitors, interviews, logs, and VOC.
Derive Requirements From Scenarios
Don't list features first. Define persona, situation, goal, journey, and key scenarios — functions must fall out of behavior, not the reverse.
Specify Without Ambiguity
"Provide search" is not a requirement. Each needs an ID, inputs, processing conditions, outputs, exceptions, priority, and acceptance criteria so dev, QA, and ops judge it the same way.
IA → Flow → Wireframe → Spec
Screens are not a gallery. Keep information architecture, user flow, screen list, and spec linked so every screen traces to a requirement and every requirement lands on a screen.
Policy & Exceptions First
Most schedule slips come from policy and exceptions, not the happy path. Pin down access policy, states, retention, notifications, approvals, and error handling before the spec stabilizes.
Prove Feasibility With Numbers
A plan doesn't end at persuasion. Commit to scope, out-of-scope, priority, schedule, headcount, dependencies, risks, alternatives, and a phased execution plan.
Close the Loop: QA → Launch → Ops
Development completion is not the end. Include QA scenarios, test cases, launch plan, ops runbook, CS response, KPIs, and a post-launch improvement cycle.
A drop-in operating contract for any coding agent.
Understand First
Restate the problem, goal, affected area, and expected outcome before coding. Don't assume silently.
Surface Uncertainty; Offer Options
If requirements are unclear, ask. For multiple valid readings, present two or three approaches and recommend the simplest sustainable one. If it's risky, say so.
Small & Cohesive Units
One file = one purpose; one function = one job. Functions ≤50 lines, nesting ≤4. Split by feature/domain, not by type — cohesion beats line count.
Explore, Then Plan in Small Steps
Read the relevant code before proposing changes. Break work into verifiable steps, each with its own check.
Keep Changes Surgical
Touch only what the task requires. Match existing style. Don't refactor, rename, or reformat unrelated code.
Reuse Before Reinventing
Search for existing utilities and patterns first. Write the minimum code that correctly solves the problem — avoid speculative features and needless configurability.
Fix Root Causes
Don't hide errors, silence failures, or patch symptoms. Find why the problem happens and fix that.
Test Before Trusting
For bugs, reproduce with a failing test first. For features, define expected behavior with tests. Test fails → minimal fix → test passes.
Verify Before Claiming Done
Run tests, lint, type checks, build, and integration checks. Report exactly what was verified — no success claims without evidence.
Protect the System
Consider side effects — data, APIs, permissions, migrations, caching, concurrency, security, backward compatibility. Never hardcode secrets; never run destructive deletes without confirmation.
Already shipped in many CLAUDE.md files — the router skips it inside Claude Code unless you ask.
Click any rule to expand why it matters. Full How / Checklist at the source link.
API Design
Fielding · Google AIPs · Stripe · Zalando
Clear, evolvable, safe HTTP contracts across many consumers.
Contract First
An API is a published promise; consumers couple to its shape, not your implementation. The OpenAPI Specification exists so the contract can be reviewed and tooled before any handler is written.
Resource Modeling
REST organizes an API around addressable resources, not remote procedure calls. Fielding's dissertation and Google's AIP-121 both center on nouns in paths and verbs in HTTP methods, keeping the surface predictable.
Correct HTTP Semantics
Misusing HTTP semantics silently breaks caches, proxies, and client retries. The Richardson Maturity Model treats correct verbs and status codes as the path from RPC-over-HTTP to true REST.
Backward Compatibility
You cannot see consumers' release schedules, so any breaking change becomes an outage you cannot test for. Zalando's guidelines: never remove, rename, or change the meaning of an existing field.
Versioning Strategy
Every parallel version is a maintenance cost. Stripe and Google treat a new version as a last resort and keep old versions running through a published deprecation timeline.
Consistent Errors
Clients spend as much code on failure paths as success. RFC 9457 Problem Details defines a standard JSON error body so you never invent a new format per service.
Idempotency & Safety
Networks fail mid-request, so clients retry. A retried POST without protection can charge a card twice. Stripe's idempotency-key pattern turns an unreliable network into exactly-once semantics.
Pagination & Filtering
A list endpoint that returns everything works in development and fails in production once the table grows. Microsoft and Google's API guidelines require pagination on every collection by default.
Security & Rate Limits
OWASP API Security Top 10 ranks broken authorization and authentication as the top risks. Unthrottled endpoints invite abuse and denial of service — authenticate, authorize per object, and rate-limit every call.
Documentation
Without documentation, even a well-designed API cannot be used. Stripe treats its docs as a product in their own right — the test is whether a consumer can onboard on day one without asking for help.
Model, move, and serve trustworthy data through reproducible pipelines.
Idempotent & Reproducible Pipelines
Pipelines fail, retry, and get backfilled. Without idempotency, a re-run double-counts rows and makes every downstream number untrustworthy — it is the foundational reliability property.
Dimensional Modeling & Grain
Kimball's design process calls declaring the grain the decision every dimension and fact depends on. A confused grain is the most common cause of double-counted metrics and unjoinable tables.
Data Quality Tests
Code has compilers and unit tests; data has neither unless you add them. Silent data corruption erodes analyst trust faster than any outage — untested data is a dead platform still running.
Data Contracts
Most data incidents start as an unannounced upstream change. Data contracts shift quality upstream by making the producer formally responsible for a stable, versioned interface.
Schema Evolution
Kleppmann frames this as forward and backward compatibility: new code must read old data and vice versa. Ignore it and a routine column change cascades into broken dashboards across teams.
Partitioning & Layout
Partitioning is the highest-leverage performance and cost decision in a warehouse or lake — it determines how much data each query scans and how a backfill rewrites only what it must.
Layered Architecture
Mixing ingestion and business logic in one step makes pipelines impossible to debug or reprocess. The medallion architecture and dbt's staging/intermediate/marts convention progressively refine data through named layers.
Orchestration & Dependencies
Pipelines that run "and hope the upstream finished" fail silently and intermittently. Orchestrators like Airflow model work as a DAG so a task starts only when its real inputs are ready.
Observability & Lineage
The worst data incidents are silent ones — a table that quietly stopped updating. Data observability plus column-level lineage lets you detect breakage before consumers do. OpenLineage standardizes this signal.
Domain Ownership & Data as Product
As platforms scale, the bottleneck shifts from compute to ownership. Zhamak Dehghani's Data Mesh names "data as a product" and "domain-oriented ownership" as core principles to keep a large data estate usable.
Build software so confidentiality, integrity, and availability hold under attack.
Broken Access Control
Broken Access Control is ranked #1 in the OWASP Top 10 (2021). When a user can act outside their intended permissions, every other control becomes bypassable — the highest-impact, most common real-world web vulnerability.
Never Trust Input
Every injection, XSS, and deserialization flaw traces to untrusted data treated as trusted. "Never trust client input" is the foundational axiom of application security; boundary validation is cheaper than scattered downstream fixes.
Prevent Injection
Injection ranks #3 in OWASP Top 10 (2021); 94% of tested applications showed some form. The root cause is always the same: an interpreter cannot tell attacker data from code. Parameterization removes the ambiguity structurally.
Authentication
Authentication failures rank #7 in OWASP Top 10 (2021). Weak passwords, broken session handling, and missing MFA let attackers impersonate users directly — authentication is the gate every other control sits behind.
Cryptography
Cryptographic Failures rank #2 in OWASP Top 10 (2021), frequently exposing passwords and personal data. Most failures are misuse, not broken math: missing encryption, weak algorithms, hardcoded keys, or homegrown schemes.
Secrets Management
Hardcoded credentials fall under OWASP A05 and are among the most common and damaging real-world breaches. A secret committed to a repository is effectively public the moment it is pushed, since history persists.
Least Privilege
Least privilege and fail-safe defaults are Saltzer and Schroeder's 1975 foundational principles. Minimizing each component's power means a compromise stays contained — defense in depth assumes any single layer can fail.
Dependency & Supply Chain
Vulnerable components rank #6 in OWASP Top 10 (2021). Modern apps are mostly third-party code, so an unpatched library or poisoned package becomes your vulnerability. NIST SSDF makes provenance and integrity a core practice.
Threat Modeling & Secure SDLC
OWASP Top 10 (2021) added A04 Insecure Design: flaws baked into the design cannot be patched away later. STRIDE (Microsoft) gives a structured way to enumerate Spoofing, Tampering, Repudiation, Disclosure, DoS, and Privilege Escalation.
Security Logging & Monitoring
Security Logging failures rank #9 in OWASP Top 10 (2021). Without reliable logs and alerting, breaches go undetected for weeks or months — detection and response are the last layer of defense in depth.
Set reliability targets, deliver change safely and fast, learn from failure.
SLO & Error Budget
The Google SRE Book makes the SLO the central control: the error budget is 1 minus the SLO, converting the abstract tension between shipping fast and staying up into one objective number both product and SRE agree on.
DORA Metrics
DORA/Accelerate research (Nicole Forsgren et al.) found four metrics that statistically predict software delivery performance: deployment frequency, lead time, change failure rate, and recovery time. Elite teams improve all four together.
Blameless Postmortems
When people fear punishment they hide facts and the organization repeats failures. DORA 2024 research confirms psychological safety is among the strongest predictors of delivery performance.
Observability
You cannot operate, debug, or set an SLO for a system you cannot see. Observability is built on metrics, logs, and traces; OpenTelemetry is now the vendor-neutral standard so instrumentation is no longer optional plumbing.
CI/CD & Small Batches
Large, infrequent releases concentrate risk. DORA/Accelerate shows continuous delivery and small batch sizes drive both higher throughput and lower change failure rate — an automated pipeline makes every change reproducible.
Progressive Delivery
A change hitting 100% of users at once turns a small defect into a full outage. Canary releases limit blast radius by exposing new versions to a small slice first; feature flags decouple deployment from release.
Infrastructure as Code
Hand-clicked servers cannot be reproduced or reviewed. Infrastructure as Code makes desired state a declarative artifact in version control; GitOps continuously reconciles live state to the committed state, so drift is detected automatically.
Incident Response
Ad hoc heroics during an outage make things worse. The Google SRE Book prescribes a structured incident-management process with clear roles so response scales calmly under pressure — mitigate first, diagnose later.
Eliminate Toil
Google SRE defines toil as manual, repetitive, automatable work devoid of enduring value that scales linearly with growth. Google caps toil at roughly 50% of an SRE's time so engineering capacity is protected for durable improvements.
Capacity Planning
Systems fail not only from bugs but from running out of headroom. The Google SRE Book treats capacity planning as forecasting demand, knowing each service's limits through load testing, and provisioning ahead of need.
Anthropic · OpenAI · NIST AI RMF · Google Rules of ML
Build reliable, safe, and observable LLM applications.
Evals Before Scaling
Without a measurable eval suite, you tune prompts on vibes and every change risks silent regression. Google's Rules of ML (Rule #2) makes metric design a top priority before modeling — eval-driven development is the contract.
Clear, Structured Prompts
The model only acts on what you actually said; ambiguity is the single largest source of bad output. Both Anthropic and OpenAI prompt guides converge on the same primitives: explicit instructions, delimiters, examples, and a defined output format.
Ground Answers with RAG
A frozen model cannot know your private or recent facts, and asking it to recall them invites fabrication. RAG (Lewis et al. 2020) pairs parametric knowledge with a non-parametric store — the primary structural defense against hallucination.
Treat Hallucination as Default
LLMs are trained to produce fluent, plausible text, not to know when they are wrong — confident fabrication is the expected baseline. NIST AI RMF names validity and reliability as trustworthiness characteristics that must be actively measured.
Guardrails & Validation
The model is an untrusted component; inputs can be adversarial (prompt injection) and outputs can be harmful or malformed. NIST AI RMF's Manage function requires controls on both I/O — treat it like any external boundary.
Human in the Loop
LLM outputs are probabilistic, so any irreversible or consequential action they trigger carries real-world risk no eval fully eliminates. NIST AI RMF stresses human oversight proportional to potential harm — automate only low-stakes, reversible work.
Trace Everything
LLM systems fail silently with plausible-but-wrong output. NIST AI RMF's Measure function depends on continuous monitoring — capturing prompt, context, response, latency, cost, and tool calls per request turns mysterious failures into diagnosable events.
Engineer Latency & Cost
Token-priced model calls make latency and cost product-defining constraints, not afterthoughts. Google's Rules of ML favor the simplest model that meets the bar — right-sizing is the highest-leverage lever and cost must be budgeted like any SLO.
Manage ML Technical Debt
Sculley et al. (NeurIPS 2015) shows ML systems accrue debt invisibly through data dependencies and hidden feedback loops. Prompts, embeddings, and model versions are configuration that drifts and rots — treat them like code in version control.
Responsible AI Governance
AI systems carry risks of bias, privacy harm, and misuse that technical metrics miss, and accountability cannot be retrofitted. NIST AI RMF's Govern function makes risk management an organizational practice — responsible AI is the durable license to operate.
Discover and deliver products that create measurable customer and business value.
Outcomes Over Output
Shipping is the cost, not the goal. Marty Cagan and SVPG define the modern product model around outcomes: teams accountable for moving a customer or business result, not for completing a feature list.
Frame the Problem First
Most failed products solve a problem no one has, or solve a real problem for the wrong person. Lean Startup treats every product as a hypothesis about a customer problem — if the problem is wrong, no amount of execution saves you.
De-risk the Four Big Risks
SVPG names four risks that kill products: value, usability, feasibility, and viability. Discovery exists to attack all four before delivery — teams that skip this validate ideas in production at the highest possible cost.
Talk to Customers Continuously
Teresa Torres defines continuous discovery as weekly customer touchpoints by the team building the product. Insight decays and markets shift, so a single research sprint goes stale fast — regular small contact keeps assumptions honest.
Anchor on the Job to Be Done
Clayton Christensen's JTBD theory reframes demand around the progress a customer is trying to make, not features. Christensen's milkshake study showed the real competitor was a banana — define the job, not the category.
Map Opportunities to Solutions
Teresa Torres's opportunity solution tree connects one outcome to customer opportunities and only then to solutions. Jumping straight to solutions hides the assumption that you picked the right problem — map first, solve second.
Define a North Star Metric
Amplitude's North Star Framework centers a team on a single metric capturing the value customers get. Without it, teams chase conflicting local metrics and ship features that look busy but create no value — a good North Star is a leading indicator of customer value and revenue.
Measure the Full Funnel
Dave McClure's AARRR metrics force teams to see the whole customer lifecycle. A product can win signups and die at activation or retention — measuring each stage isolates where value actually leaks. Retention is usually the truest test of product-market fit.
Prioritize with a Transparent Model
Intercom's RICE model scores by Reach × Impact × Confidence ÷ Effort, replacing HiPPO-driven roadmaps with an auditable score. The Confidence term is the discipline that stops optimistic estimates from inflating low-evidence bets.
Ship Small; Communicate Outcome Roadmaps
Eric Ries defines the MVP as the smallest thing yielding validated learning. SVPG warns that feature-and-date roadmaps create false certainty and rob teams of room to solve the problem — frame roadmaps by outcomes and confidence levels, not locked feature promises.
Study real user behavior and context to reduce risk and guide product decisions.
Define Question Before Method
Research that starts from a method instead of a decision produces data nobody uses. Erika Hall's Just Enough Research frames every study as serving a real question a team is stuck on — know the decision before choosing the method.
Observe Behavior, Not Opinions
Self-report is unreliable: users rationalize, want to please, and misremember. Steve Krug and Nielsen Norman Group insist on watching real task performance over collecting stated preferences — behavioral evidence is the spine of usability findings.
Test Early and Often
NN/G's research shows five participants surface roughly 85% of usability problems, so three small tests reveal more than one large one. Steve Krug's approach makes testing cheap enough to do monthly — catching issues before code ships is dramatically cheaper.
Match Method to Question
Qualitative methods explain why behavior happens and uncover unknown problems; quantitative methods measure how widespread an effect is. Using the wrong type yields confident but invalid answers — NN/G draws the line clearly.
Ask Without Leading
Leading questions produce biased answers because participants mimic the interviewer's wording and hopes. Nielsen Norman Group documents this as a top facilitation failure — open-ended questions plus the funnel technique must be engineered, not assumed.
Right-size the Sample
NN/G shows ~5 users suffice for qualitative testing while quantitative claims need far larger samples (40+). Using 5 users to compute metrics, or 40 to run an exploratory diagnostic, wastes effort and misleads — sample size follows the method.
Recruit the Right Users
ISO 9241-11 ties usability to specified users in a specified context, so testing the wrong people gives precisely wrong answers. Convenience samples — colleagues, friends — are a common and costly trap; recruit people who actually do the task today.
Evaluate Against Heuristics
Nielsen's 10 Usability Heuristics are the field's default inspection standard for surfacing problems without a full user test. A heuristic evaluation complements, never replaces, user testing — cheap enough to run before spending user sessions.
Design Out Bias
Erika Hall stresses the biggest threat to good research is the researcher's own blind spots. Confirmation bias makes you hear what you expected; sampling bias skews who you hear from — bias is the baseline state to actively counter, not an accident to apologize for later.
Turn Findings Into Decisions
Erika Hall's Just Enough Research is built on the premise that research exists to inform decisions, not produce reports. A study that ends in a deck nobody acts on has failed regardless of its rigor — rank findings by severity and map each to a concrete action.
Build repeatable, compounding systems that acquire, activate, retain, and monetize profitably.
Retention Is the Foundation
Reforge teaches that retention improvements have far larger valuation impact than equivalent CAC reductions because a small churn decrease compounds into much higher LTV. Fix retention before scaling spend — a leaking bucket cannot grow.
Earn Product/Market Fit First
Premature scaling is the most common cause of startup death — spend amplifies a product people do not yet need. Sean Ellis's must-have survey sets a concrete bar: 40%+ answering "very disappointed" is the green light to scale.
Position Deliberately
If you do not choose the market frame customers judge you in, they will choose one — usually unfavorable. April Dunford's Obviously Awesome starts from customers who love you and the true competitive alternatives they would otherwise use.
Message the Job
Clayton Christensen's JTBD: "People hire products to get a job done." Messaging that lists features misses the functional, social, and emotional job the customer is actually trying to make progress on — speak to the job, not the spec.
Build Loops, Not Just Funnels
Reforge argues growth loops are the new funnels: a funnel needs constant pouring at the top, but a loop turns its output back into its own input, creating compounding defensibility. Map your primary loop as a closed cycle.
Pursue Four Fits
Brian Balfour's Four Fits framework shows growth fails when product, channel, and monetization are treated as separate problems. Channels have constraints so products must be molded to fit the channel — pick a channel whose mechanics match how your product is naturally discovered.
Instrument the AARRR Funnel
You cannot improve a stage you do not measure. Dave McClure's Pirate Metrics give a shared map of the customer lifecycle — without instrumentation across all five stages, teams optimize the visible top and ignore where the real leak is.
Engineer Activation
Activation is where curiosity converts into experienced value — the strongest leading indicator of retention. Facebook's "7 friends in 10 days" is the classic activation metric tied to a setup milestone. Weak activation makes every dollar of acquisition decay before retention can hold.
Run Controlled Experiments
Durable growth comes from a high-velocity loop of hypotheses tested with controlled experiments. Sean Ellis's ICE model (Impact, Confidence, Ease) ranks ideas so limited capacity goes to the highest-leverage tests first — pre-calculate sample size and wait for significance.
Enforce LTV:CAC Discipline
Unit economics decide whether growth builds a business or burns cash. The widely used benchmark is an LTV:CAC ratio around 3:1 with payback inside 12 months — Reforge stresses that improving retention raises LTV and thus your allowable CAC.
Google Search Essentials · E-E-A-T · Core Web Vitals
Make content discoverable and trustworthy for the queries real people use, without manipulation.
People-First Content
Google's foundational guidance is to create helpful, people-first content that satisfies a real person. Original perspective — case studies, first-hand examples, analysis — outranks generic derivative answers; content built solely to rank is the defining trait Google's systems penalize.
Match Search Intent
Google ranks pages that best satisfy what the user actually wants, not those that merely contain the keyword. An intent mismatch — a product page for an informational query — loses regardless of technical quality; inspect the top results to validate intent before creating.
Crawlability & Indexing
Google must crawl a page, then index it, before it can rank — a hard gate, not an optimization. Pages blocked by robots.txt, marked noindex, or buried by canonical conflicts simply do not appear, so technical access is the precondition for every other SEO effort.
E-E-A-T & Trust
The Google Search Quality Rater Guidelines evaluate by E-E-A-T with Trust at the center. This is decisive for YMYL topics where weak credibility is actively suppressed — demonstrate first-hand experience and verifiable expertise; never just assert them.
On-page Optimization
Google Search Essentials instructs you to use the words people search for and place them in prominent locations — the title and main headings. Clear, unique, descriptive titles and a logical heading hierarchy improve relevance and click-through with minimal effort.
Avoid Manipulative Tactics
Google's spam policies prohibit link schemes, cloaking, and keyword stuffing; violations trigger algorithmic suppression or manual actions. These tactics produce short-lived gains and long-term penalties — the durable strategy is to earn rankings, never to manufacture them.
Internal Linking & Structure
Google discovers pages and understands their relationships by following internal links, and descriptive anchor text tells Google what the linked page is about. Clear structure improves both crawl efficiency and the searcher's path through the site.
Core Web Vitals
Core Web Vitals quantify real-user experience through LCP (loading), INP (responsiveness), and CLS (visual stability). Google treats page experience as a ranking signal, most decisive as a tie-breaker — measure with field data, not just lab scores.
Structured Data
Structured data using schema.org describes a page's entities in machine-readable form, making content eligible for rich results. Markup must describe content actually visible on the page — invalid or deceptive markup forfeits eligibility and can draw a manual action.
Measure & Iterate
SEO is a continuous loop, not a one-time setup: algorithms update, competitors move, and pages decay. Google Search Console grounds decisions in evidence — without measurement you cannot tell a winning change from a losing one or detect a regression before it costs traffic.
Prove a business can make money at scale through per-unit revenue and cost analysis.
Contribution Margin per Unit
Unit economics begins with one number: revenue per unit minus variable costs to deliver it — the contribution margin. Every other metric here (LTV, payback, break-even) is built on it, so a wrong contribution margin invalidates the rest.
LTV:CAC Above 3:1
David Skok's work made LTV:CAC the standard test of acquisition viability: spend $1, earn at least $3 of gross-margin lifetime value back. Below 3:1 the model rarely sustains growth; far above can mean underinvesting. Segment by channel and cohort, not blended averages.
CAC Payback Under 12 Months
A strong LTV:CAC ratio can still bankrupt a company if payback is slow — cash leaves today and returns over years. Skok and Bessemer both treat CAC payback period as the key capital-efficiency metric; under 12 months is the common SaaS benchmark.
Price Before You Build
Ramanujam's Monetizing Innovation argues the most common cause of new-product failure is treating price as an afterthought. Price is the single strongest lever on profit per unit — a few points of pricing discipline outweigh large cost-cutting efforts.
Protect Gross Margin
Gross margin sets the ceiling on every downstream metric — LTV, payback, and each retention point all scale with it. Bessemer's cloud research treats high, durable gross margin as a marker of true software economics; 40% margins signal a services business with different growth math.
Burn & Runway
Most companies die when they run out of cash, not ideas. Runway — cash on hand divided by net monthly burn — is the simplest survival metric. Knowing it turns vague anxiety into a deadline, forcing decisions while options still exist; start fundraising with at least 6 to 12 months remaining.
Net Revenue Retention
NRR measures how revenue from an existing cohort changes after expansion, contraction, and churn. Above 100% means the base grows on its own, compounding every future cohort. Bessemer benchmarks treat NRR of 120%+ as best-in-class and it is among the strongest valuation drivers.
Cohort Analysis Over Averages
Blended metrics mix old, loyal customers with new ones and hide what is actually happening. Cohort analysis is the standard tool for diagnosing unit economics — a rising blended number can mask deteriorating new cohorts; use observed cohort curves, not optimistic assumptions, to feed LTV.
Break-even & Fixed-cost Leverage
Break-even analysis answers how much you must sell to stop losing money: fixed costs divided by contribution margin per unit. Once fixed costs are covered, each additional unit's margin drops almost entirely to profit, exposing operating leverage before committing to pricing or cost decisions.
Honest, Consistent Inputs
Unit-economics metrics are only as trustworthy as their definitions. Skok and Bessemer stress fully loaded inputs: all acquisition cost in CAC, gross margin in LTV. When teams quietly redefine a metric to hit a target, they lose the ability to make real decisions.
Build a distinctive, memorable brand from strategy through verbal and visual systems.
Strategy Before Design
Neumeier defines a brand as a customer's gut feeling — not the logo your team controls. Aaker frames brand identity as the deliberate associations the strategist wants the brand to stand for. Design without a defined strategy produces decoration that no one can defend or extend.
Differentiate or Die
Neumeier (Zag) argues radical differentiation is what lets a brand be seen in a crowded market. The test is the onliness statement: if you cannot describe your brand using the word "only," you do not yet have a zag — a me-too brand competes on price and dies slowly.
Build Distinctive Assets
Byron Sharp and Ehrenberg-Bass (How Brands Grow) show growth depends on distinctive brand assets (DBAs) — colors, logos, characters — that uniquely trigger the brand from memory. A DBA must be both famous and unique, or it cues a competitor instead.
Mental & Physical Availability
Ehrenberg-Bass's central finding is that brands grow through two levers: mental availability (being easily recalled in buying situations) and physical availability (being easy to find and buy). Being strong in only one lever loses sales it could have won.
Start With Why
Sinek (Start With Why) shows durable brands lead with purpose — the why (belief), then how, then what. A brand communicating only features competes on commodity terms; a brand grounded in a clear why earns belief, loyalty, and a reason to choose it over equals.
Consistency Builds Recognition
Recognition is the cumulative result of repeated, consistent exposure to the same assets. Each consistent impression strengthens the memory link; each inconsistent one resets it and wastes prior investment. Treat consistency as compounding interest on every prior impression.
Name for Distinctiveness
Neumeier (The Brand Gap) argues a strong name is distinctive, short, easy to say and spell, and legally protectable — not a literal description every rival could also use. A name is the most repeated brand asset, so a poor one taxes every future impression.
Design the Verbal Identity
Words are a distinctive asset just like visuals — the way a brand speaks must be designed, not improvised. Defining voice (constant personality) versus tone (how that voice adapts to context) makes every writer sound like one brand and reinforces strategy in language.
Build the Visual System
Neumeier frames identity as a system that works together and flexes across media — not one fixed lockup. The visual system carries the distinctive brand assets that drive recognition; a system designed only for one hero application breaks the moment it meets a favicon or billboard.
Govern with a Living System
Neumeier stresses a brand is sustained by people and process, not a one-off style guide aging on a shelf. Without living governance, the consistency that builds recognition erodes as teams, vendors, and channels multiply — treat the brand system as a product, not a finished document.
Collect, use, and dispose of personal data lawfully, minimally, and purpose-bound.
Lawful Basis & Consent
GDPR Article 5 lists lawfulness first: no personal data may be processed without a valid legal basis. Korea PIPA goes further, requiring opt-in consent as the default. Processing without a basis is the most fundamental compliance failure, exposing the largest fines.
Data Minimization
Data minimization is a core GDPR Article 5 principle: data must be limited to what is necessary. NIST Privacy Framework treats minimization as a primary way to reduce privacy risk at the source — every extra field is a liability for breach and subject-access with no offsetting benefit.
Purpose Limitation
Purpose limitation is a GDPR Article 5 principle: data collected for one purpose must not be further processed in an incompatible way. Repurposing support data for marketing or production data for ML training breaks the original consent — a frequent enforcement trigger called "function creep."
Privacy by Design
Privacy by Design (Ann Cavoukian's 7 foundational principles) is now embedded in GDPR Article 25. It is proactive, not reactive: the most privacy-protective setting is the default — retrofitting privacy after launch is far costlier and rarely complete.
Security & Confidentiality
Integrity and confidentiality is a GDPR Article 5 principle. Privacy without security is hollow — a breach exposes the people behind the data regardless of how lawfully it was collected. Security is the safeguard every other privacy promise depends on.
Retention & Deletion
Storage limitation is a GDPR Article 5 principle: personal data must not be kept longer than necessary. Korea PIPA requires destruction once the purpose is fulfilled. Indefinite retention grows the breach blast radius and the cost of every subject-access request — delete on schedule.
User Rights
GDPR Chapter 3, CCPA/CPRA, and Korea PIPA all grant enforceable rights to access, correct, delete, and port personal data, generally within a fixed deadline (GDPR: one month). Failing to fulfill them on time is directly enforceable and a common source of complaints.
Transparency & Notice
Transparency is part of GDPR Article 5's first principle: people must be told in clear, plain language what happens to their data. A notice nobody can understand is not transparency — opaque or buried disclosures undermine consent and draw regulator scrutiny.
DPIA & Breach Response
GDPR Article 35 requires a DPIA before high-risk processing; Article 33 requires notifying the supervisory authority within 72 hours of a breach. These are deadline-driven duties — a missed DPIA or a late breach notice is itself a violation, compounding the underlying harm.
Cross-border Transfers
GDPR Chapter 5 prohibits transferring personal data outside the EEA without a valid mechanism (adequacy decision, SCCs, or BCRs). Korea PIPA imposes similar rules. Cloud regions and offshore vendors make transfers easy to trigger unknowingly — unauthorized transfers carry the highest fine tier.
Industry verticals — twenty-two domains for specific industries
Build for a specific industry — e-commerce, education, aviation, fintech and more. These layer the domain rules on top of the disciplines above. Click any rule to expand why it matters.
E-commerce & Retail
Baymard Institute · Nielsen Norman Group · PCI DSS v4 · Steve Krug
Build systems where the purchase funnel, inventory truth, payment security, and real-time performance translate directly into revenue.
Minimize Checkout Friction
Unnecessary fields and forced account creation directly raise abandonment rates. Offering guest checkout as the default path and reducing address fields to the minimum measurably recovers orders.
Inventory State as Single Source of Truth
Channels that keep separate stock counters will inevitably diverge, causing oversells and costly cancellations. A single inventory service with atomic decrement operations prevents double-selling under concurrent load.
Never Touch Raw Card Data; Delegate to a Certified Vault
Handling a raw PAN even once expands PCI DSS scope dramatically and exposes the merchant to fines and fraud liability. PSP-hosted iframe fields keep card data off your servers entirely, reducing compliance scope to SAQ A.
Mark Up Every Product with Schema.org Product + Offer
Without structured data, product pages compete on title and description alone, missing price and availability rich results. Correct JSON-LD markup unlocks Google rich results and surfaces products to AI-powered shopping surfaces.
LCP Under 2.5 s and CLS Under 0.1 on Every Product Page
Research shows every 100 ms of LCP improvement correlates with a measurable conversion lift. CLS above 0.1 causes price labels and add-to-cart buttons to jump after render, eroding user trust and triggering accidental clicks.
Surface Trust Signals at Every Moment of Purchase Doubt
Buyers leave the moment they feel uncertain, and they will not hunt for reassurance. Placing return policy summaries, star ratings, and security indicators at the exact points of highest doubt — near the cart button and payment step — directly reduces abandonment.
Faceted Search and Relevance Must Match Buyer Intent
Site search users convert at 2 to 3 times the rate of browse-only visitors, yet SQL LIKE queries fail on synonyms and typos, silently hiding valid products. A dedicated inverted index with synonym expansion and typo tolerance is the foundation of search revenue.
Thumb-Reachable Targets and Single-Tap Payment on Mobile
Mobile drives over 60% of e-commerce traffic yet converts at half the desktop rate, largely due to keyboard mismatches and undersized tap targets. Surfacing Apple Pay and Google Pay before the manual form short-circuits the entire card-entry flow and measurably lifts mobile conversion.
Model the Order Lifecycle as an Explicit, Auditable State Machine
Implicit status strings cannot enforce which transitions are legal, and they provide no audit trail for chargeback disputes or tax filings. An explicit transition map with an immutable event log per order is both an operational and a legal requirement.
Isolate Promotion and Pricing Logic from the Catalog and Order Core
Promotions change weekly while catalog and order data must remain stable; mixing them means a bad promotion deploy can price every product at zero or break checkout entirely. Storing promotion definitions as data and routing every price through a dedicated pipeline isolates that risk.
Richard Mayer · Brown, Roediger & McDaniel · CAST UDL Guidelines 3.0 · IMS Global / ADL xAPI
Building EdTech means delivering pedagogically sound, legally compliant, accessible learning experiences at scale.
Student Data Privacy (FERPA / COPPA)
FERPA and COPPA restrict disclosure of student records; a single violation can trigger FTC enforcement, loss of federal funding, and complete institutional distrust. Collect only what the learning feature requires and sign a Data Processing Agreement with every third-party processor before go-live.
Interoperability Standards (xAPI / SCORM / LTI)
EdTech buyers operate multi-vendor LMS ecosystems; a product requiring custom integration for every institution fails at procurement. Implement SCORM, xAPI, and LTI 1.3 Advantage as standard connection points to unblock enterprise sales.
Mayer's Cognitive Theory of Multimedia Learning shows that decorative graphics, redundant on-screen text, and competing audio measurably reduce learning outcomes. Apply the Coherence, Segmenting, and Modality principles to lower extraneous load and improve comprehension.
Retrieval Practice Engine (Spaced Repetition)
Passive consumption produces fast forgetting curves and poor skill transfer, damaging Net Promoter Score and enterprise renewal rates. Implement a spaced-repetition scheduler and require at least two correct spaced retrievals before marking a concept mastered.
Accessibility and Universal Design for Learning
WCAG 2.2 AA is a legal requirement for products sold to educational institutions, and accessibility failures disproportionately exclude learners who most need educational tools. Apply CAST UDL Guidelines on top of WCAG to offer multiple means of Representation, Action, and Engagement.
Progress Tracking and Verifiable Credentials
Forged certificates and non-exportable records destroy trust with employers and institutions. Implement Open Badges 3.0 with a public verification URL, and decouple progress records from content versions so historical completions remain accurate after course updates.
Content Authoring Pipeline (Separate Content from Delivery)
Coupling content to a specific renderer creates re-authoring debt and blocks localization and institutional import. Store content as a structured JSON learning-object model and support IMS Common Cartridge import and export to avoid vendor lock-in.
Learner Engagement and Dropout Prevention
Online course completion rates have historically hovered at 5-15%, and dropout is the primary driver of churn. Instrument dropout signals at the activity level and design lightweight social accountability features and graceful streak mechanics to bring learners back.
Assessment Integrity
A compromised assessment invalidates the credential it produces and can constitute fraud in regulated contexts such as professional licensure. Enforce time limits server-side, randomize question and answer order from a pool, and obtain explicit consent before any proctoring data collection.
Institutional Billing and Licensing
EdTech revenue is dominated by institutional B2B deals, so retrofitting institutional requirements onto a consumer billing model is expensive and blocks enterprise sales. Model the Organization > License > Cohort > Enrollment > Learner hierarchy from day one and implement SAML 2.0 or OIDC SSO from the first institutional pilot.
Building software for Media & Streaming means operating video delivery pipelines at internet scale where rebuffer events, DRM failures, or recommendation misses translate directly into subscriber churn.
Adaptive Bitrate Pipeline
Rebuffering is the single largest driver of viewer abandonment; a two-second stall raises abandonment probability by 6%. ABR encodes each title at multiple bitrate rungs and serves them via HLS or MPEG-DASH manifests so the player switches quality segment-by-segment as network conditions change.
Multi-DRM Content Protection
Studio licensing agreements mandate DRM as a contractual condition, and a single missing system blocks an entire device ecosystem. Widevine, FairPlay, and PlayReady cover non-overlapping platforms, so all three are required for any commercial OTT service.
CDN-Origin Architecture
A streaming origin cannot directly serve millions of concurrent viewers; CDN cache hit ratio determines whether the origin survives peak load. Separate TTL policies for manifests and segments, combined with a multi-CDN failover strategy, prevent cache-miss storms from cascading to origin overload.
Playback Quality Metrics
Streaming quality is invisible in server logs and only observable at the player; a 1% rise in rebuffer rate correlates with measurable churn. VMAF is the canonical perceptual quality metric because PSNR and SSIM correlate poorly with human perception at streaming bitrates.
Content Metadata Catalog
The content catalog underpins the recommender system, search, parental controls, geo-rights, and royalty reporting. Media metadata includes legally significant fields such as age ratings and licensed territories that must be correct at ingest time, not corrected lazily.
Recommender System Design
Over 80% of Netflix watch hours are driven by recommendations, yet ranking millions of titles at request time in a single pass is computationally infeasible. A two-stage retrieval-then-ranking pipeline with post-retrieval entitlement filtering is the industry standard solution.
Subscription and Entitlement
Every entitlement bypass is a direct revenue loss and potential licensing violation. A short-lived signed playback token encoding tier, DRM compatibility, and territory must be issued at playback request time, not just at browse time, because subscriptions can lapse between the two.
Churn and Retention Signals
Retaining a subscriber costs four to eight times less than acquiring a new one, and churn follows predictable signals such as declining session frequency and shortened watch duration. Without session-level engagement events feeding a churn model, cancellation is only visible at the moment it occurs, too late to intervene.
Live Streaming Reliability
Live failures carry no replay value, making them uniquely high-stakes; unlike VOD, every pipeline stage from ingest to CDN operates in a real-time chain where a single failure surfaces instantly to all viewers. N+1 redundancy at each stage with automated failover within seconds is the minimum viable design.
Global Compliance and Geo-Rights
Licensing agreements specify exact permitted territories and breaching them risks contract termination and financial penalties. Application-layer checks alone are insufficient; territory and rating claims must be embedded in signed playback tokens and enforced at the CDN edge as a secondary layer.
Raph Koster · Sergei Vasiuk · Charlie Czerkawski · Fair Play Alliance
Building sustainable live services means treating session loop, monetization, safety, and availability as first-class engineering concerns.
Session Loop Integrity
Player retention depends on a repeatable enter-engage-reward-anticipate cycle; once that loop breaks, no content patch recovers the drop-off. Define Day-1 and Day-7 retention targets and instrument every transition in the loop with telemetry.
LiveOps Event Cadence
Players return habitually when they can anticipate the next event; unpredictable cadence breaks that habit. The event pipeline must be treated as a deployable artifact with versioning, rollback, and remote activation.
Telemetry-First Design
Telemetry added after launch wastes weeks diagnosing patch regressions that early instrumentation would have caught within hours. Write the event schema in every feature spec first, and have core KPI dashboards live before the first public build ships.
Fair Monetization
Exploitative monetization patterns produce short-term revenue spikes followed by community collapse and churn, and now attract EU regulatory scrutiny. Selling genuine value and eliminating dark patterns is both an ethics position and a risk-management decision.
Loot-Box Regulatory Compliance
Belgium and the Netherlands have ruled paid random rewards illegal gambling, and platform holders independently require odds disclosure. Per-jurisdiction feature flags and server-authoritative odds tables must be designed in from the start to avoid market delisting.
Anti-Cheat Architecture
Client-side anti-cheat is only a detection layer that a determined attacker will defeat; the server must be the sole authority for all game-state mutations. All client inputs must be validated server-side with rate-limiting and physical impossibility checks.
Player Trust and Safety
Harassment-driven churn is a leading cause of player loss, and client-side filters are trivially circumvented. Reporting, risk-scoring, and enforcement must be built as backend service concerns with defined appeal SLAs.
Live Service Availability
A live service competes for limited leisure time, so a player who encounters downtime will not wait and return. Blue/green deploys, pre-event autoscaling, and a player-visible status page are non-negotiable infrastructure requirements.
Progression and Economy Balance
When currency faucets outpace sinks, reward value collapses and monetization declines; when sinks are too aggressive, pay-to-progress pressure drives churn. An economy simulation model, a daily supply dashboard, and pre-event reward-table reviews are required for continuous data-driven tuning.
Data Privacy and Minors Protection
Games are disproportionately played by minors, making them a high-risk data context with multi-million dollar FTC fines and app store removal as consequences for violations. Age-gating at account creation, disabling behavioral ad SDKs for underage accounts, and auditing every third-party SDK are mandatory compliance steps.
Andrew Chen · Kraut & Resnick · Santa Clara Principles · Metcalfe's Law / Reed's Law
Building systems where user-generated content, social graphs, and community norms are the product itself, not a feature layered on top.
Cold Start: Seed the Atomic Network
An empty community is self-reinforcing failure: new visitors see no content, leave, and the network never tips. Every successful platform first found an atomic network — the minimum user cluster that makes the product valuable — before opening to everyone.
Content Moderation Policy: Publish and Enforce Clear Community Rules
Community norms must be stated, visible, and consistently enforced. Research shows explicit norms reduce antisocial behavior more reliably than reactive banning, and inconsistent enforcement destroys trust faster than having no rules at all.
Trust and Safety Tooling: Build the Infrastructure Before Abuse Arrives
Abuse and illegal content appear the moment a platform is publicly accessible, not gradually at scale. Trust-and-safety infrastructure built reactively always lags the harm it must stop, and a single high-profile incident can cause irreversible reputational damage.
Contribution Incentives: Design for the 1% Who Create, Sustain the 99% Who Consume
Every large UGC platform follows a contribution inequality where roughly 1% create the majority of content. Contribution is not a default — it must be designed through incentives and reduced friction, because when creators churn, the entire platform's content supply collapses.
Identity and Pseudonymity: Support Pseudonymity with Accountability Anchors
Real-name systems increase civility in some contexts but suppress speech in others such as LGBTQ communities and political dissidents. However, pseudonymity without any accountability layer enables ban evasion and coordinated harassment at scale.
Feed Ranking and Freshness: Rank by Relevance and Recency; Never Bury New Voices
Engagement-optimized ranking creates a rich-get-richer loop that surfaces already-popular content, causing content diversity to collapse over time. Unlike media consumption feeds, community feeds must serve participation, so ranking must actively protect new contributors' ability to be heard.
Group and Space Governance: Give Sub-Community Owners Real Governance Tools
Platforms scale moderation by distributing it to volunteer moderators who govern thousands of sub-communities. This model only works when sub-community owners have genuine governance tools; platforms that centralize all moderation authority consistently fail to maintain content quality at scale.
Network Effects and Retention: Optimize for DAU/MAU Stickiness, Not Vanity Metrics
Community platforms derive their defensibility from network effects, but those effects only compound if users return. A platform can show impressive MAU growth while its DAU/MAU ratio decays, signaling a weakening network effect even as headline numbers look positive.
UGC Data Model: Model Content, Reactions, and Threads as First-Class Entities
UGC in community platforms requires posts that survive edits, deletions that preserve social traces, deeply nested threads, and content that survives moderation actions without losing relational integrity. Retrofitting these requirements onto a naive data model causes cascading schema migrations that compound with every new feature.
Transparency and Appeals: Give Every Enforcement Action a Reason and an Appeal Path
Enforcement errors are inevitable at scale: a platform removing 10 million posts monthly at 99% accuracy still produces 100,000 wrongful removals. Without an appeals mechanism there is no error-correction path, and wrongly penalized users become public adversaries of the platform.
Build software that ingests, governs, transforms, serves, and audits large-scale organizational data with trust and accountability.
Lineage First
Regulated industries require every data point to be auditable and legally provable. Without end-to-end lineage, impact analysis, GDPR erasure, and incorrect-output tracing are all impossible.
Ontology-Driven Model
Raw-table models scatter inconsistent business logic across dozens of services. Mapping datasets to named business entities and relationships via object types, link types, and action types dramatically reduces integration friction.
Attribute-Based Access Control
RBAC cannot express multi-tenant, multi-geography constraints without combinatorial role explosion. ABAC evaluates subject, resource, and environmental attributes together — the standard model for SOC 2 and government security frameworks.
Immutable Audit Log
SOC 2, GDPR, HIPAA, and FedRAMP all require tamper-evident proof of access control. An audit log that can be deleted or overwritten is a liability, not a control.
Data Contracts
Without formal contracts, every schema migration is a silent breaking change that surfaces as incorrect analytics weeks later. Data contracts move failures to pipeline registration time, where they are cheap to fix.
Domain Ownership
Centralised data engineering teams become bottlenecks that produce poorly labelled data. Shifting ownership to the domain team that generates the data produces higher-quality, better-understood data products.
Semantic Consistency
Teams computing the same metric with different definitions deliver conflicting numbers that destroy executive trust. Enforcing one canonical definition per business term in a governed glossary eliminates reconciliation meetings.
Tiered Data Quality Gates
Unvalidated data flowing freely into the analytical tier corrupts dashboards, feature stores, and decisions. The bronze/silver/gold medallion pattern gates promotion so analysts and models only consume data that has passed documented quality checks.
Late-Binding Schema
A single gold-tier dataset may serve dozens of consumers simultaneously. Tight coupling of storage schema to query schema makes every upstream change require coordinated consumer migration, which is operationally impossible at scale.
Operational Observability
Data pipelines succeed operationally yet produce incorrect output — a failure mode invisible to infrastructure monitoring. A separate data-health observability layer measuring freshness, row-count deviation, and null-rate change is required to catch SLA breaches before downstream users do.
ANSI/ISA-95 · ISA/IEC 62443 · OPC Foundation IEC 62541 · MESA International
Building software for this industry means connecting shop-floor OT devices to enterprise IT systems while meeting strict uptime, traceability, and safety requirements.
Model Every Integration Against the ISA-95 Hierarchy
Without the ISA-95 hierarchy, data crossing level boundaries creates brittle, untestable integrations. Skipping the canonical object model leads to reconciliation failures at shift handovers and undetectable production gaps.
Use OPC UA as the Lingua Franca for OT/IT Data Exchange
Without a neutral transport, every new machine requires a custom driver that becomes unmaintainable technical debt and locks the factory to a single integrator. OPC UA provides built-in security and structured data models that enable cross-line OEE aggregation.
Own the Work-Order Lifecycle End-to-End in MES
When ERP, MES, and SCADA each hold a partial copy of a work order with no authoritative master, operators act on stale data and quality events go uncaptured. MES must be the single system of authority so all systems read from the same execution state.
Record Full Material and Process Genealogy at Every Step
Traceability is not a reporting feature — it is the mechanism for isolating a defect before it reaches the customer. Incomplete genealogy records result in full-plant recalls or regulatory shutdown in pharma, automotive, and semiconductor environments.
A flat IT/OT network turns a commodity phishing email into a factory outage, as demonstrated by real-world incidents at water treatment plants and automotive suppliers. The IEC 62443 zone-and-conduit model controls this risk by grouping assets by security level and allowing only explicitly defined communication paths between zones.
Treat Alarms as Engineered Objects, Not Log Lines
Alarm floods incapacitate operators: studies show that above 10 alarms per 10-minute window, effective response is impossible, which has contributed to major safety incidents. Every alarm must have a documented rationalization — consequence, required response, and maximum response time — before it enters production.
Represent Every Asset with an Asset Administration Shell
Without a standardized container, engineering, operational, and maintenance data for each machine lives in siloed systems and is lost when equipment is transferred or decommissioned. The IEC 63278 Asset Administration Shell provides a vendor-neutral digital representation that enables plug-and-produce integration and predictive maintenance.
Surface OEE and Downtime Causes in Near-Real-Time
Classifying downtime only at shift end via paper forms produces inaccurate data and arrives too late for same-shift corrective action. The gap between world-class OEE of 85% and the typical sub-60% baseline is almost entirely recoverable through automated real-time detection of downtime events.
Gate Every Software Change Through Validation and MOC
In regulated manufacturing, a software change to MES or recipe management is a process change — an unvalidated modification can silently alter product quality and ship defects to customers before detection. Management of Change gating is the industrial-standard control that prevents this, and skipping it creates liability that typically costs far more than the deployment delay.
Design Edge Nodes to Operate Fully Offline
Factory floors are not cloud-native environments and network partitions happen routinely. If an edge node requires a round-trip to a central server to display a work instruction or record a quality measurement, any network outage halts production and may scrap in-process high-value material.
ASCM SCOR Digital Standard v14 · GS1 Global Standards · Martin Christopher "Logistics and Supply Chain Management" · Goldratt & Cox "The Goal"
Building software for logistics means engineering systems that move physical goods reliably under regulatory constraints, where correctness in identifiers, state transitions, and timestamps directly determines whether freight arrives on time.
Model Every Shipment as an Explicit State Machine
A shipment passes through a dozen or more discrete states, each carrying legal and financial consequences. Ad hoc string comparisons or boolean flags accumulate invalid state combinations that silently corrupt billing, customer notifications, and SLA timers.
Use GS1/Industry Canonical IDs Throughout
Logistics networks span dozens of carriers, 3PLs, and customs authorities that share no internal database. Without canonical identifiers such as GTIN, SSCC, and GLN, every integration becomes a bespoke mapping exercise that breaks when a partner changes their schema.
Publish Location and ETA Events in Near-Real Time
Logistics decisions such as dock scheduling, labor allocation, and customs pre-clearance are made against expected arrival windows. Stale ETAs cascade into missed appointments, idle labour, and failed customer SLAs.
Surface and Protect the System Constraint
Goldratt's Theory of Constraints proves that throughput is determined by the weakest link. Scheduling software that optimises each local step independently while ignoring the system bottleneck will worsen throughput rather than improve it.
Enforce Regulatory Rules at the Data Layer
Logistics is one of the most regulated industries, spanning hazmat, FMCSA carrier safety, customs HS codes, and cold-chain requirements. Allowing non-compliant data to be saved even temporarily creates compliance gaps that auditors find and regulators penalise.
Make Every EDI and API Exchange Idempotent
Logistics EDI networks do not guarantee exactly-once delivery; duplicate events are a daily occurrence at scale. A non-idempotent integration will double-count inventory receipts, fire duplicate notifications, and generate phantom charges.
Treat Inventory Accuracy as a Safety-Critical Property
Every downstream fulfillment process depends on WMS inventory as ground truth. Discrepancies between system and physical inventory cause wave failures, orders promised against phantom stock, and carrier pickups arriving at empty docks.
Design Last-Mile UX Around Delivery-Attempt Success
Last-mile delivery accounts for 41 to 53 percent of total shipping cost and is the most failure-prone segment. A failed attempt requires a re-delivery that can cost more than the original shipment margin, making the driver app and notification flow the primary software lever.
Instrument Cost-to-Serve at the Shipment Level
Martin Christopher's research shows many customers who appear profitable on revenue are net destroyers of value once full service cost is attributed to them. Platforms that only aggregate to lane or customer averages cannot surface this, making per-shipment cost instrumentation essential.
Architect for Carrier and Lane Failure
Carrier network disruptions from weather, labor actions, and regulatory suspensions are recurring realities, not exceptional events. A TMS that can only tender to one carrier per lane will strand shipments and miss SLAs, so multi-carrier tender waterfall logic must be baked into the tendering architecture from the start.
Tod Golding · AICPA SOC 2 · NIST IR 7316 · SaaStr / Jason Lemkin
Build software that serves many enterprise tenants on one shared platform — safely, reliably, and profitably.
Tenant Isolation
Multi-tenancy's defining constraint is data isolation: a single missing tenant-ID filter can expose one enterprise customer's data to another, ending contracts and triggering regulatory penalties. Isolation is a structural invariant every layer of the stack must enforce, not an optional feature.
SSO and SCIM Provisioning
Enterprise buyers require employees to authenticate via SAML or OIDC and demand SCIM-driven deprovisioning when staff leave. The absence of these two capabilities is a hard procurement blocker that is far costlier to add after the product architecture is set.
SOC 2 Enterprise Readiness
Over 60% of enterprises require a SOC 2 report before procurement approval, and many B2B SaaS companies report losing deals due to missing certification. Building controls retroactively is far more expensive than designing them in from the start.
Role-Based Authorization per Tenant
Enterprise buyers expect the product to mirror their org hierarchy, and over-permissive access is a security risk flagged by SOC 2 auditors. Authorization must be evaluated at the API layer via a dedicated policy engine, scoped to (tenant, role, resource, action) tuples.
Usage Metering and Accurate Billing
Inaccurate billing destroys enterprise trust faster than downtime, as finance teams reconcile invoices line by line. The metering pipeline must emit durable, idempotent usage events at the moment they occur and must never reconstruct usage after the fact.
Automated Tenant Onboarding
Time-to-value is the strongest predictor of trial-to-paid conversion in B2B SaaS. Every manual step in tenant creation adds days to TTV, introduces inconsistency, and increases the risk of data mixing between tenants.
Net Revenue Retention and Expansion Design
NRR above 120% means the revenue base grows even without new customer acquisition, making it the single most important growth metric in B2B SaaS. NRR is a product problem before it is a sales problem — every feature decision should be evaluated against its expansion or retention impact.
Reliability and SLA Commitments
Enterprise SaaS agreements include SLA clauses with financial remedies and termination rights tied to availability metrics. Engineering decisions about deployment and incident response must treat the SLA target as a hard constraint, tracked via a monthly error budget.
Noisy Neighbor Control
In a pooled architecture a single tenant's bulk operation can exhaust shared resources and degrade every other tenant simultaneously. The fix is per-tenant rate limits and concurrency caps enforced at the gateway, not over-provisioning the entire cluster for the worst-case tenant.
Data Portability and Offboarding
Enterprise procurement teams now require data-portability clauses as standard, and GDPR Article 20 plus CCPA grant users the right to receive their data in a portable format. Platforms that make exit difficult face regulatory risk and difficulty closing new deals where legal teams scrutinize vendor lock-in.
Building software for IoT means managing a physical-plus-cloud system where firmware runs on constrained hardware, security failures cause real-world harm, and a single design flaw can affect millions of deployed devices.
Secure Device Identity
A shared or spoofable identity lets one compromised device impersonate an entire fleet. Hardware-backed certificates stored in a TPM or secure element are the only trust anchor that survives firmware extraction.
OTA Firmware Lifecycle
Partial or unsigned updates create a remote code execution vector listed as OWASP IoT I4. An A/B partition scheme guarantees automatic rollback on boot failure, preventing bricked devices in the field.
MQTT Telemetry Protocol
Applying QoS uniformly wastes broker capacity, and large JSON payloads exhaust data budgets on NB-IoT or LoRaWAN links. Topic hierarchy design and binary serialization are architectural decisions that determine fleet scalability.
Time-Series Data Model
Overwriting sensor readings destroys audit trails, breaks anomaly detection baselines, and causes compliance violations in regulated verticals. A purpose-built time-series store is required to handle the millions of events per second normal at fleet scale.
Edge Compute Offload
Cloud round-trip latency of 20 to 200 ms is too slow for safety interlocks or real-time control loops. Edge pre-processing and filtering reduce cloud costs by orders of magnitude while enabling offline-capable operation.
Device Fleet Provisioning
Manual provisioning creates security gaps such as duplicated certificates and wrong policy assignments and does not scale beyond hundreds of devices. Treating device configuration as code makes the entire fleet state reproducible and auditable.
Connectivity Resilience
Devices operate in tunnels, warehouses, and moving vehicles where connectivity drops constantly. Offline-first resilience through local queuing and idempotent sync must be built in from initial design; it cannot be retrofitted later.
Digital Twin / Device Shadow
Multiple applications must read and command a device without polling it directly when it is offline or on a metered link. The shadow pattern separates desired from reported state, making command acknowledgment a first-class concern.
OWASP IoT Hardening
A physically accessible device is vulnerable to firmware extraction via UART, key reading from unencrypted flash, and local network pivoting. Weaknesses that depend on hardware decisions, such as hardcoded credentials or open debug ports, cannot be patched remotely after the device ships.
Regulatory Compliance & Data Residency
IoT data is not generic: smart meter readings are PII, medical device traces are protected health information, and industrial control logs may fall under critical infrastructure law. Correcting a wrong region choice after deployment requires migrating millions of records across borders, potentially violating GDPR transfer restrictions.
Building software for Energy & Utilities means operating at the intersection of safety-critical operational technology, regulated metering, real-time grid telemetry, and mandatory emissions and reliability reporting.
OT/IT Network Boundary Isolation
A compromise that pivots from the IT network into the OT network can cause physical damage and cascading outages that no software patch can instantly reverse; NERC CIP-005 and NIST SP 800-82 treat this boundary as a mandatory control, not an architectural preference.
NERC CIP as a Hard Non-Negotiable Constraint
NERC CIP standards are mandatory federal regulations for any entity touching the Bulk Electric System in North America, with civil penalties up to $1 million per violation per day; they must shape the design from the first commit, not be retrofitted later.
Settlement-Grade Metering and Billing Integrity
Errors in interval metering data propagate directly into invoices, market settlement statements, and regulatory filings; raw meter reads must be stored append-only and every correction must carry a full lineage chain through the VEE pipeline.
Model Grid Assets with IEC 61850 Logical Nodes
Substation equipment from dozens of vendors has a 20-to-40-year asset life, making IEC 61850 logical node modeling and SCL-based configuration the only sustainable path to interoperability and long-term maintainability.
Implement Demand Response over Certified OpenADR 2.0
A proprietary DR signal path cannot interoperate with utility programs or be certified for market participation; FERC Order 2222 wholesale participation requires a certified OpenADR 2.0b implementation backed by settlement-grade metering for measured and verified load reduction.
Grid Telemetry Pipelines Must Meet Deterministic Latency SLAs
Grid operators make switching and dispatch decisions based on near-real-time state estimates, so non-deterministic latency in telemetry pipelines can cause protective relay misoperation, state estimator divergence, and market settlement disputes.
Separate and Trace Scope 1, 2, and 3 Emissions at Source
Conflating emission scopes or computing them as a single unauditable figure breaks comparability, fails external assurance, and exposes the reporting entity to enforcement under mandatory disclosure regimes such as the SEC climate rule and EU CSRD.
Retain Operational and Billing Records per Jurisdiction-Specific Mandates
Energy utilities operate under layered retention mandates from FERC, NERC CIP, state PUCs, and privacy laws simultaneously; a single uniform TTL will violate some obligations while over-retaining for others, and each regulating body sets its own penalty.
Field and Substation Software Must Operate Without WAN Connectivity
Power outages — the events that most demand field crew software — are correlated with communication infrastructure failures, making offline-first architecture the correct default, not an optional feature addition.
Encode Tariff Logic as Versioned, Testable Rate Rules
Tariff logic embedded in application code requires a code deployment for every regulatory rate change, and billing errors from incorrect tariff implementation generate customer complaints, regulatory investigations, and mandatory refund programs that cost far more than a proper rate engine.
PCI DSS v4.0.1 · PSD2 / EBA RTS on SCA · FATF 40 Recommendations · Modern Treasury Ledger Design
Build financial platforms where payment correctness, identity verification, and regulatory compliance are non-negotiable constraints, not afterthoughts.
Immutable Double-Entry Ledger
Double-entry bookkeeping makes balance errors detectable; overwriting records destroys the audit trail required for dispute resolution and tax filings. An append-only, reversible ledger is the foundation on which every other financial guarantee rests.
Idempotent Payment Operations
Without idempotency, a retry charges the customer twice or creates duplicate refunds, causing real financial harm and expensive manual remediation. An idempotency key ensures any mutating operation executes exactly once regardless of retries.
PCI DSS Cardholder Data Scope
Any system that touches raw Primary Account Numbers must meet PCI DSS v4.0.1 controls; a breach triggers mandatory disclosure, card-brand fines, and loss of the right to accept cards. Tokenizing at the point of entry via a certified processor means raw PANs never reach your servers, shrinking PCI scope to the minimum.
KYC/AML Customer Due Diligence
FATF Recommendation 10 requires identity verification, beneficial-owner identification, and ongoing transaction monitoring; failure exposes the platform to large regulatory fines and license revocation. The KYC/AML obligation is non-delegable even when using a banking-as-a-service partner.
Strong Customer Authentication
PSD2 and the EBA RTS on SCA mandate combining two independent authentication factors for payment initiation; after enforcement, fraud rates on authenticated transactions dropped measurably. The authentication code must be dynamically linked to the specific transaction amount and payee to prevent replay attacks.
Regulatory Audit Trail
PCI DSS Requirement 10 and FATF Recommendation 11 require a complete, tamper-evident record of all actions affecting funds, identity data, and consent. A gap or inconsistency in the audit log is treated as a system defect or evidence of a cover-up in fraud investigations and legal proceedings.
Financial Data Isolation
Regulators require that client funds are never commingled with operating funds, and a data model without hard boundaries between tenants or currencies will eventually produce incorrect balances. During insolvency, commingled client funds may be inaccessible to customers.
Reconciliation and Settlement
Discrepancies between the internal ledger and external settlement files arise from timing differences, failed reversals, and integration bugs; undetected, they become write-offs or regulatory findings. Card networks require daily settlement file processing and impose fines for late settlement.
Fraud and Velocity Controls
Payment fraud operates in seconds; once a fraudulent payment settles, recovery rates are low and reversal costs are high. Velocity controls and behavioral anomaly detection must be enforced synchronously before payment authorization, not asynchronously after the fact.
Regulatory Reporting and Data Residency
Missing a regulatory filing deadline or submitting incorrect data results in fines and heightened supervisory scrutiny. Data residency laws such as GDPR, India DPDP, and China PIPL restrict where financial data may be stored, and a fintech entering a new market without understanding these rules can face an immediate cease-and-desist.
Building software for healthcare means treating regulatory compliance as a precondition for patient safety, not a launch blocker.
PHI Data Protection
The HIPAA Security Rule requires encryption, MFA, and audit controls for all electronic PHI, and the 2025 NPRM makes every safeguard mandatory. A breach triggers mandatory notification, fines, and reputational damage that can threaten the organization's ability to operate.
FHIR Interoperability
The ONC 21st Century Cures Act Final Rule mandates FHIR R4 for certified EHRs and patient-data APIs. Using a proprietary schema locks patients out of their data and exposes the organization to information-blocking penalties of up to $1 million per violation.
SaMD Regulatory Classification
A feature that diagnoses, recommends treatment, or supports clinical decisions can classify the entire product as a Class II or III medical device requiring FDA clearance. Building first and classifying later is the most expensive mistake in digital health, often requiring market withdrawal.
Clinical Terminology
Healthcare data stored as free text or proprietary codes cannot be aggregated, billed, or safely exchanged across providers. Coding errors also create billing fraud risk and care-continuity failures when records move between organizations.
Patient Consent Lifecycle
Consent given at registration does not cover new data-sharing integrations added later, and continuing to share data after a patient withdraws consent is both a HIPAA violation and a statutory tort in many states.
Information Blocking and Openness
The ONC 21st Century Cures Act Final Rule prohibits information blocking — including slow exports, excessive manual steps, and portal designs that bury data — with penalties up to $1 million per violation for health IT developers.
Clinical Safety Risk Management
NHS England mandates DCB0129 and DCB0160 compliance from manufacturers and deployers respectively, while IEC 62304 and ISO 14971 apply globally for SaMD. Miscalculated drug doses or missed alert thresholds can directly injure or kill patients.
Accessibility and Health Equity
HHS Section 504 requires WCAG 2.1 AA for all patient-facing web content and mobile applications by May 2026. An inaccessible patient portal creates a care gap for the elderly, disabled, and low-literacy patients who need digital access most.
Audit Trail and Non-Repudiation
HIPAA requires audit controls for all systems containing ePHI, and the 2025 NPRM elevates comprehensive logging to a mandatory specification. Log gaps are independently sanctionable, and the audit trail is the authoritative record in breach investigations and legal disputes.
Availability and Graceful Degradation
Clinicians depend on EHR access to prescribe and review allergies, and HIPAA contingency plan requirements mandate data backup, disaster recovery, and emergency mode operation plans. Unlike consumer apps, healthcare systems cannot simply show a maintenance page — downtime must be managed with documented clinical workarounds.
The INSURTECH Book · Insurance Technology (Haynes) · NAIC Model Laws · ACORD Data Standards
Building insurance software means every data field and decision rule carries legal, financial, and solvency consequences inside a state-regulated, actuarially-priced risk-transfer industry.
Regulatory Compliance by Design
Insurance is licensed state by state; every rate, form, and underwriting rule must be filed and approved before use. Retrofitting compliance into a live system costs far more than building it in from day one.
ACORD Canonical Data Model
ACORD maintains over 1,200 standardized transaction types covering policy, claims, billing, and reinsurance. Teams that skip ACORD and invent internal schemas pay the cost in every future integration project.
Policy Lifecycle State Machine
A policy moves through legally distinct states — quoted, bound, in-force, endorsed, lapsed, cancelled, reinstated — and the rules governing data mutation and claims eligibility differ at each state. Treating it as a mutable flat record leads to invalid state combinations and regulatory penalties.
Explainable Underwriting Decisions
An adverse underwriting decision is legally required to be explainable to the applicant in most US states and to regulators under the NAIC AI Model Bulletin. Using opaque ML models without explainability infrastructure creates regulatory exposure and anti-discrimination liability.
Claims Straight-Through Processing
Straight-through processing is the competitive differentiator for digital insurers, but speed without correctness destroys combined ratios. Every STP path must gate on policy state, coverage match, fraud score, and payment limit before releasing funds.
Fraud Detection Layered Controls
Insurance fraud costs the US industry over $300 billion annually and fraudsters adapt quickly to single-signal detection. Digital-first platforms that automate claims require multi-layer defenses combining rules, ML scoring, and network analysis.
Actuarial Rate Integrity
Insurance rates are filed with and approved by state regulators; selling coverage at an unapproved rate triggers refunds, fines, and potential license suspension. Rate tables must be treated with the same discipline as financial ledger entries.
Data Security Under NAIC Model Law
Insurance systems hold dense concentrations of sensitive personal data, making them high-value targets. NAIC Model Law #668, adopted by most US states, mandates a written information security program, cybersecurity event investigation, and commissioner notification.
Policyholder Trust and Transparency
Misalignment between what the customer believed they bought and what the policy actually covers is the largest driver of complaints, bad-faith litigation, and regulatory sanctions. Clarity at point of sale prevents disputes at point of claim.
Resilience for Catastrophic Event Spikes
A regional catastrophe can generate thousands of simultaneous first notices of loss in hours, and insurance cannot defer claims intake — the FNOL starts the regulatory response clock in most states. Systems designed for average load will collapse precisely when policyholders need them most.
GOV.UK Service Standard (CDDO) · US Digital Services Playbook (USDS) · NIST SP 800-63-4 · Section 508 / WCAG 2.2
Building for government means designing the only option citizens have, where failure is a public harm, not a product inconvenience.
User Need Over Organisational Convenience
Government services have no competing provider, so design must centre on actual user needs rather than departmental structure. Building the wrong thing at scale means citizens cannot access benefits, renew licences, or file required documents.
Accessibility as Legal Baseline
Section 508 and the Public Sector Bodies Accessibility Regulations legally require WCAG 2.2 AA conformance; inaccessible services deny statutory rights and expose the agency to legal challenge. Government user populations have above-average rates of disability and cognitive impairment.
Plain Language Content
The Plain Writing Act legally requires US federal agencies to use clear language; bureaucratic wording causes citizens to misunderstand eligibility and miss deadlines, generating avoidable contact and appeals at public expense.
Digital Identity Assurance
NIST SP 800-63-4 defines structured assurance levels (IAL/AAL/FAL) matched to transaction risk; applying a higher level than required excludes the most dependent citizens, while a lower level enables fraud against public funds.
Open by Default Data
Data produced with public funds is public property; publishing it in DCAT-compliant, open formats enables civic innovation and policy scrutiny that freedom-of-information requests alone cannot achieve. Siloing data undermines transparency obligations and wastes staff time on avoidable requests.
Design for Assisted Digital
Roughly 10 to 20 percent of adults in developed economies cannot use digital services independently, and they are disproportionately those most dependent on government support. A service with no assisted path effectively denies access to the most vulnerable citizens.
Incremental Delivery in the Open
Large-batch government IT projects have a documented record of cost overruns and scope failures; incremental delivery reduces the cost of being wrong and creates public accountability that big-bang launches cannot provide.
Technology Ownership and Exit
Governments have historically been trapped by proprietary lock-in when long-term IT contracts ended, facing ruinous rebuild costs; retaining code and data ownership and using open standards is the structural remedy.
Performance Transparency
Government services are funded by taxpayers, creating an accountability obligation to publish the four baseline KPIs: completion rate, user satisfaction, cost per transaction, and digital take-up. Published performance data also creates internal pressure to improve.
Security and Privacy by Design
Government services hold sensitive personal data that makes them high-value attack targets, and data protection obligations under GDPR and the Privacy Act attach at the point of collection, not at the point of breach. Security and privacy not embedded from the first sprint will not be embedded at all.
IATA NDC/Airline Retailing Standards · PCI DSS 4.0 · EU GDPR & PNR Directive · US DOT Air Carrier Access Act
Build booking software at the intersection of real-time distributed inventory, multi-party supply chains, and strict government data mandates.
Real-Time Inventory and Idempotency
Airline seats and hotel rooms are finite resources consumed concurrently by thousands of sessions. Without idempotency keys, network retries silently create duplicate bookings, each triggering a real fare charge.
IATA NDC and the Offers/Orders Model
The legacy GDS model strips ancillary content and personalization. Software that ignores NDC cannot sell ancillaries through third-party agents and is architecturally obsolete for new airline distribution work.
PNR and Passenger Data Privacy Compliance
A Passenger Name Record is subject to at least two overlapping regulatory regimes simultaneously: EU GDPR and the EU PNR Directive 2016/681. Conflating operational use with security-reporting use violates both.
PCI DSS Payment Isolation
A single booking may route card data through multiple PCI scope boundaries. PCI DSS 4.0 added 64 new requirements, and non-compliance fines can reach $100,000 per month.
Disruption and Irregular Operations Handling
Irregular operations are routine states affecting millions of passengers daily, triggering strict legal obligations. The rebooking engine must be automated, prioritized by loyalty tier, and idempotent at hub-cancellation scale.
Rate Parity and Revenue Management Integration
Hotels are contractually bound to rate parity clauses with major OTAs; a silent parity break triggers penalties and potential contract termination. The channel manager must deliver rate changes to all channels within seconds and confirm delivery.
GDS and Multi-Source Content Aggregation
Content from multiple GDS and NDC sources uses different field names, unit conventions, and content models. Displaying raw supplier content without normalization produces duplicate results and unit mismatches that directly reduce revenue.
Accessibility: ACAA and WCAG 2.0 AA
The US Air Carrier Access Act explicitly requires all airlines operating US flights to conform to WCAG 2.0 AA across core booking functions. The EU European Accessibility Act extends comparable requirements to airport digital touchpoints from June 2025.
Ancillary and Upsell Merchandising
Ancillary revenue represents up to 50% of total revenue for low-cost carriers. Both EU and US regulations require upfront fee disclosure before the payment step, and hidden fees are the top driver of booking abandonment.
Search Performance and Cache Strategy
Fare and rate search is the highest-traffic, highest-latency operation in any travel platform. Without caching the GDS quota is exhausted quickly, but serving a stale cached fare forces either manual repricing or selling at a loss.
IAB Tech Lab OpenRTB 2.6 · IAB Europe TCF v2.2 · CDP Institute · Hacking Growth
Build systems that collect and activate customer data, trade advertising inventory in real time, and satisfy overlapping privacy regulations at web scale.
Consent Signal Propagation
GDPR and the TCF require a lawful basis encoded in a TC String before any vendor in the supply chain processes personal data. Failing to carry consent signals downstream exposes every party to joint-controller liability, not just the consent management platform.
First-Party Data Ownership
Safari and Firefox have blocked third-party cookies since 2020 and iOS App Tracking Transparency cut IDFA availability by over 60%. Brands that built first-party data programs through CDPs weathered these changes; those relying on rented audience segments saw targeting accuracy collapse.
OpenRTB Bid Contract
A single field deviation causes the buying platform to reject the bid, misprice inventory, or apply incorrect targeting. Injecting false values is the primary mechanism of ad fraud, which cost the industry an estimated $84 billion globally in 2023.
Identity Resolution
Without resolution, the CDP sends duplicate messages, attribution double-counts conversions, and frequency capping fails. Probabilistic matching carries a false-positive rate that, if untracked, corrupts downstream model training.
Attribution and Incrementality
Rule-based attribution systematically over-credits bottom-funnel touchpoints that would have converted anyway, leading to over-investment in retargeting. Incrementality testing — randomly withholding ads from a holdout group — is the only causal measurement method available to marketers.
Ad Quality and Brand Safety
Without proactive controls, a brand's ad can appear next to extremist content or be served inside hidden iframes that no human ever sees. The ANA estimated $13 billion in wasted spend on invalid traffic in 2023 alone.
Latency Budget for Auctions
OpenRTB exchanges enforce a hard bid-timeout — typically 80 to 150 ms — after which the bid is discarded, not queued. A 5% timeout rate on a platform processing 500,000 QPS represents 25,000 lost impressions per second.
Data Activation Pipeline
A customer who abandons a cart at 14:00 and receives a retargeting ad at 14:05 converts at a dramatically higher rate than one reached after an overnight batch job. CDPs relying on nightly ETL cannot support real-time personalization or dynamic creative optimization.
Revenue and Yield Controls
Without floor prices, premium inventory clears at a fraction of its direct-sold CPM, permanently anchoring buyer expectations at that low price. Publishers who set no floors or misconfigure sellers.json lose 20 to 40% of addressable revenue to information asymmetry that favors buyers.
Growth Experiment Hygiene
Teams launching experiments with inadequate sample sizes and calling winners after two days scale budgets on noise rather than signal. Because marketing spend is irreversible, false positives are asymmetrically expensive compared to other engineering domains.
Build real estate software where regulated listing data, federal law, and high-stakes transactions intersect.
RESO Data Dictionary Conformance
RESO Data Dictionary 2.0 defines canonical field names and enumerations for all NAR-affiliated MLSs. Non-conformant schemas break IDX feed ingestion and third-party syndication, compounding into technical debt at scale.
Fair Housing Compliance by Design
The Fair Housing Act warns that algorithmic tools can produce disparate impact without explicit discriminatory intent. Filters or recommendation inputs that act as protected-class proxies create federal liability regardless of intent.
Listing Data Freshness and Status Accuracy
In competitive markets, homes go pending within hours. Stale "For Sale" badges are the most common source of consumer complaints and can constitute a misleading business practice under FTC guidelines.
Map-First Geospatial Search UX
Real estate is fundamentally location-bound, and eye-tracking studies from major portals consistently show map interaction precedes filter engagement. Polygon-draw search increases time-on-site and lead capture versus ZIP-code-only search.
AVM Transparency and Confidence Communication
AVMs carry meaningful error rates, and displaying a single authoritative-looking number causes consumers to anchor incorrectly. Failing to communicate uncertainty creates FTC deceptive-practices risk and misrepresents appraisal-grade precision.
Transaction Compliance: RESPA, TRID, and State Disclosures
RESPA and TRID impose strict timing and content requirements on loan disclosures; violations carry per-violation fines and can void transactions. These rules must be enforced in code, not in training documents.
Media Quality and Virtual Tours as First-Class Data
Listings with professional photos sell 32% faster and 58% of younger buyers made offers after a virtual-only tour. A pipeline that accepts substandard media undermines listing-agent confidence in the platform.
Lead Capture and Licensed-Agent Routing
Lead value drops 10x after the first five minutes, and misrouting an inquiry to an unlicensed assistant or lapsed-license agent creates unlicensed-practice-of-real-estate liability.
Property Data Provenance and Chain of Custody
Multiple sources such as MLS, county assessors, and FEMA regularly conflict on the same field. Which system displayed which number at the time of offer can determine liability in disputes.
Trust and Fraud Prevention at Every Transaction Touch Point
Wire fraud in real estate closings cost $446 million in 2022. High transaction values and first-time-buyer unfamiliarity make real estate one of the most socially-engineered financial domains.
GTFS / MobilityData · Open Charge Alliance OCPP 2.1 · OECD MaaS Data Architecture · Yan et al., Naval Research Logistics 2020
Building software for this industry means operating real-time, safety-critical platforms where location data, regulatory compliance, and fare calculation must be correct, auditable, and available around the clock.
GTFS and GTFS-Realtime Feed Integrity
A single malformed GTFS file simultaneously propagates incorrect journeys to every downstream consumer. Without GTFS-Realtime, apps display scheduled times during actual delays, destroying rider trust.
Real-Time Matching and Dispatch
Batched matching over a 3-5 second window outperforms greedy one-at-a-time dispatch by 15-20% on utilization and ETA. Any latency spike directly increases pickup time, which is the strongest predictor of rider churn.
Routing and Map Accuracy
Straight-line distance cannot be used for ETA or navigation because it ignores one-way streets, turn restrictions, and speed limits. A single incorrect turn restriction causes a driver to circle the block, inflating fare and ETA simultaneously.
Dynamic Pricing Transparency
Regulators treat undisclosed fare changes as deceptive trade practice and have sanctioned platforms for opaque surge practices. When riders explicitly confirm a surge multiplier before committing, dispute rates drop significantly.
OCPP EV Charging Compliance
Without OCPP, each hardware vendor requires a proprietary integration that breaks whenever firmware changes. EU AFIR regulations now mandate OCPP compliance for public charging infrastructure, making non-compliance a certification blocker.
Passenger Safety and TNC Regulatory Compliance
The software platform is the mechanism through which safety mandates are enforced, not a neutral technology layer. Missing driver onboarding fields or absent incident-reporting endpoints constitutes a regulatory violation by the platform itself.
Location Data Privacy
Four spatio-temporal GPS points are sufficient to re-identify 95% of individuals in a mobility dataset. Without explicit data minimization and retention limits, mobility platforms become surveillance infrastructure by default under GDPR and CPRA.
Offline and Degraded-Mode Operation
Mobility apps handle in-progress financial transactions and safety-critical physical journeys, so any unhandled offline edge case creates both a financial dispute and a support escalation. Full trip state must be cached on-device at trip start to operate navigation and metering for at least 30 minutes without server contact.
Accessibility and Multimodal Interoperability
The ADA and equivalent regulations require accessibility, and ignoring GTFS wheelchair fields actively misleads riders with disabilities. The MaaS model requires standardized deep-link and API contracts so users can plan mixed-mode journeys end-to-end.
Fare and Payment Auditability
Regulators under EU PSD2 and CFPB Reg E require that any charged amount be traceable to a documented calculation. Because distances, surge multipliers, and promotions change by the second, inputs must be stored in an immutable ledger at calculation time so disputes can be resolved without retrospective recomputation.
TM Forum Frameworx · 3GPP TS 32.290 · GSMA Open Gateway · ETSI TS 101 671
Building software for this industry means operating inside a regulated, real-time, carrier-grade environment where every transaction carries monetary and legal weight.
Model Domain Entities Using TM Forum SID
Telecom entities have been modelled internationally for decades; reinventing them breaks at the first integration point with a carrier partner or OSS vendor. Aligning to TM Forum SID's canonical hierarchy eliminates expensive translation layers and downstream billing data failures.
Design for 99.999% Uptime from Day One
Telecoms are legally bound by SLAs; a provisioning outage that blocks activations or emergency calls triggers regulatory penalties and contract breach. Carrier-grade availability (five nines) must be an architectural constraint embedded from the first design decision, not patched in later.
Implement Charging Per 3GPP Converged Charging Architecture
The old dual-path OCS/OFCS model accumulates reconciliation debt that produces revenue leakage or overbilling, both of which attract regulatory action. The 3GPP converged CHF unifies real-time quota management and CDR generation in a single path, eliminating the mismatch.
Align Workflows to the eTOM Process Framework
Deviating from eTOM naming forces a custom mapping exercise at every third-party integration point. Separating Fulfilment, Assurance, and Billing domains via asynchronous events is the only path to an auditable, automatable order-to-cash cycle.
Treat Number Portability as a Hard Dependency
Skipping the NPAC/MNP query causes double-assignment where two carriers own the same MSISDN, producing call routing failures and regulatory complaints. The portability database query is a mandatory synchronous gate; no subscriber record may be written until portability status is confirmed.
Expose and Consume TM Forum Open APIs for BSS/OSS Integration
Carriers now mandate TM Forum Open API conformance in RFPs; a proprietary API guarantees integration friction at every partner connection. Generating server stubs from the official TMF OAS3 specification reduces integration test time from months to days and enables conformance certification.
Build Lawful Intercept and Data Retention Hooks from the Start
Every licensed carrier is legally required to support lawful intercept; retrofitting it into a live network requires a full architecture review and network freeze. The conflict between GDPR erasure rights and regulatory retention mandates can only be resolved at design time by modelling a legal-hold flag from the start.
Propagate Network Slice Context Through the Software Stack
BSS/OSS software that ignores slice context and applies uniform policies violates the enterprise SLAs that 5G slicing is sold to deliver. The S-NSSAI identifier must flow without loss through every order, provisioning, charging, and assurance workflow from entry point to policy enforcement.
Follow GSMA RSP Specifications for eSIM and Profile Management
Any deviation from the GSMA provisioning protocol flows produces devices that cannot roam to partner networks, fail compliance audits, or expose profile keys to interception. SGP.22 for consumer and SGP.32 for IoT have fundamentally different architectures and must not be conflated.
Expose Network Capabilities via GSMA Open Gateway and CAMARA APIs
Carriers that expose proprietary network APIs create a per-operator integration burden that developers reject in favour of competitors with standardised access. The CAMARA "write once, deploy across all operators" promise is the commercially decisive argument for enterprise customers choosing a connectivity partner.
Building software for HR tech and recruiting means embedding fairness, privacy, and system interoperability from day one, because hiring platforms are where employment decisions are made, regulated, and audited.
Audit Every Selection Step for Disparate Impact
Employment law holds employers liable for discriminatory outcomes regardless of intent, and a biased algorithm scales discriminatory effects to every applicant in real time. The EEOC Strategic Enforcement Plan 2024-2028 explicitly identifies AI hiring tools as a priority enforcement area.
Collect Minimum Data; Honor Deletion Rights
Candidate data is governed by GDPR and equivalent laws, and retaining resume data beyond the vacancy or reusing it without fresh consent is a common violation. Fines can reach 4% of global annual revenue.
Map Jobs and Candidates to a Standard Skills Ontology
Using uncontrolled free-text vocabulary degrades search recall, causes automated matching to misfire, and makes skill-gap analytics meaningless. Without anchoring to O*NET or ESCO, the platform cannot interoperate with job boards, government labor data, or partner HRIS systems.
Use SCIM 2.0 and Standard HR APIs for System Sync
Without a standard protocol, each integration becomes a bespoke ETL job that breaks on provider updates. Implementing SCIM 2.0 eliminates months of custom integration work per enterprise customer and reduces offboarding security risk from delayed account deprovisioning.
Structured interviews have twice the predictive validity of unstructured ones (0.51 vs 0.20), and inconsistent processes expose employers to discrimination claims. An ATS that allows skipping scorecard fields or overriding pipeline stages undermines both validity and legal defensibility.
Every Touchpoint Must Be Fast, Clear, and Mobile-First
More than 60% of job searches occur on mobile, yet most ATS career sites were designed for desktop, making the apply step the single largest funnel drop-off point. High-quality passive candidates will abandon a friction-heavy application within seconds.
Log Every Hiring Decision with Actor, Timestamp, and Rationale
EEOC investigations and employment lawsuits routinely demand hiring records going back two years, and federal contractors must retain applicant flow data under 41 CFR Part 60. Without an immutable audit log, an employer cannot prove rejections were based on legitimate job-related factors.
Standardize Job Schema for Multi-Channel Syndication
Every board has its own ingestion format but all derive from schema.org/JobPosting, so without a canonical internal schema every new board integration requires custom field mapping that breaks on API changes. Missing structured data also degrades SEO on the employer's own career site.
Bridge the Offer-to-Day-One Gap Without Data Re-Entry
Manual re-entry between ATS and HRIS introduces errors in payroll setup and benefits enrollment, and background check delays frequently cause start-date slippage and rescinded offers. The onboarding handoff is also compliance-critical as it is where I-9 employment eligibility verification must be completed.
Strictly Isolate Recruiter-Company Data in Shared Infrastructure
A single query missing a tenant filter can expose one customer's candidates to another, triggering a GDPR breach notification within 72 hours and mass customer churn. SOC 2 Type II certification is a baseline procurement requirement for mid-market and enterprise ATS sales.
Charity Navigator · Nielsen Norman Group · W3C WCAG 2.1/2.2 · GDPR (EU 2016/679)
Software for mission-driven organizations must uphold donor trust, regulatory transparency, and equitable access at every layer of the stack.
Donor Trust and Financial Transparency
Seventy-two percent of donors say a charity rating badge increases their likelihood of giving. Placing financial ratios and IRS Form 990 within one click of the donation CTA is both a UX obligation and a legal one.
Donation Form Conversion
Multi-step donation flows cause a 52% drop-off compared to single-step forms, and donation intent is emotionally fragile. The form must contain only the fields required to process the payment and issue a tax receipt.
WCAG Accessibility as Baseline
The DOJ's April 2024 final rule mandates WCAG 2.1 AA for government-partnered civic platforms, and nonprofits are not exempt from ADA Title III claims. An inaccessible donation form is a lost gift from every user it excludes.
Donor Data Consent and Privacy
GDPR applies to any nonprofit worldwide that processes EU resident data, with penalties up to 4% of annual revenue. Lawful basis for fundraising contact is almost always explicit consent, making pre-checked opt-in boxes invalid.
Impact Reporting Display
Donors ask whether their gift changed anything; displaying only activity counts leaves that question unanswered. Outcome metrics placed adjacent to the giving ask also close the 90-day peak re-engagement window after each donation.
Recurring Giving and Donor Retention
Recurring donors have a lifetime value three to five times higher than one-time equivalents, and most involuntary churn stems from card failures rather than intent to cancel. Proactive dunning sequences and a self-service payment portal prevent the majority of this loss.
Low-Bandwidth and Inclusive Resilience
International NGOs serve beneficiaries and field staff on 2G connections and low-end Android devices with 512 MB RAM. A site optimized only for broadband users structurally excludes many of the people it is meant to serve.
Payment Security and PCI DSS Scope Reduction
Nonprofits are frequent fraud targets due to limited security staffing. Tokenization via hosted payment fields keeps card data off application servers and reduces PCI scope from SAQ D to SAQ A, cutting compliance overhead by roughly 90%.
Volunteer and Civic Engagement Flows
Not every visitor can give money, but many can donate time, skills, or a signature. Low-friction volunteer and civic engagement flows are the on-ramp for future donors, and on civic platforms every participation barrier is also a democratic barrier.
Mission and Governance Disclosure
Institutional donors and grant agencies research governance before committing major gifts. Hiding board composition or conflict-of-interest policies signals either disorganization or concealment, and for publicly funded civic organizations governance disclosure is often a legal condition of the grant.
# clone the skill
git clone https://github.com/cskwork/ten-rules-skill.git
# symlink into Claude Code so it auto-discovers
ln -s"$PWD/ten-rules-skill" ~/.claude/skills/ten-rules
# later: re-sync rules from the 5 upstream repos
./ten-rules-skill/scripts/refresh.sh
Then just work.
SKILL.md를 가리키세요.">In Claude Code it triggers on matching tasks automatically — or say "apply the ten-rules skill". For Codex or Gemini, point the tool at the directory's SKILL.md.