Evidence

Why teams trust
the studio.

We don't ask you to take our word for it. Here's the evidence.

Trust in a software engagement comes from verifiable evidence, not assertions. Every claim on this page is backed by something you can check: a public GitHub repo, a certification verification link, a methodology document, a test suite count.

Live receipts Certifications Code Quality Testing CI/CD Infrastructure Data handling Guarantees What could go wrong Open Source References

Live receipts

What we promise, in numbers.

Operational facts that should be true before you send a deposit. Each one is something you can verify today.

Reply window

< 48h

Well-matched inquiries get a response within two business days. No “I’ll get back to you” ghosting.

NDA on request

Same day

Mutual NDA available before scope discussion. Template at /legal/nda — sign electronically, no lawyer required.

Production posture

Stripe + Supabase + AWS

Same stack we ship for clients. Daily encrypted backups, IAM-scoped access, OIDC-only deploys.

Code transparency

Public repo

This site’s source is open. Every commit is auditable history of how the studio actually operates.

Evidence

Receipts from real shipped infrastructure.

These are not stock images. Every tile below maps to a real artifact in the public repo — CI logs, test reports, scans, and infra configs. Click into the source to verify.

Performance

Lighthouse CI gating every PR — perf, a11y, SEO, and best-practices budgets enforced before merge.

E2E Tests

Playwright suite running on every commit — cross-browser regression coverage on critical user flows.

CI/CD

GitHub Actions pipeline: install → lint → typecheck → test → build → deploy — no manual steps.

Security

CodeQL + dependency review on every PR. Vulnerabilities surface before they ship, not after.

Infra

Terraform-managed AWS landing zone — IAM, OIDC, networking, all in version control.

Visual QA

Percy visual regression on every deploy — pixel-level diff before changes hit production.

Certifications

9 active certifications across testing, cloud, and networking.

All certifications are active. Verification links available on request — just ask during a discovery call.

ISTQB

Certified Tester Foundation Level (CTFL)

Active

ISTQB

Test Automation Engineer (TAE)

Active

ISTQB

Certified Tester AI Testing (CT-AI)

Active

AWS

Certified Cloud Practitioner

Active

AWS

Certified Solutions Architect — Associate

Active

AWS

Certified Developer — Associate

Active

AWS

Certified SysOps Administrator — Associate

Active

AWS

Certified DevOps Engineer — Professional

Active

Cisco

CCNA (Routing & Switching)

Active

Code Quality

Every project ships with these standards enforced.

TypeScript strict mode (no implicit any, no unchecked returns)

ESLint + Prettier configured and enforced in CI

Husky pre-commit hooks (lint, type-check, test)

Minimum test coverage: 60% line coverage enforced by CI gate

All external API calls have error handling and retry logic

No hardcoded secrets — all credentials via environment variables or AWS Secrets Manager

Dependency audits: npm audit / pip audit in CI, no known critical vulnerabilities shipped

Testing Infrastructure

13 testing frameworks. Every layer covered.

See the Quality Telemetry case study for the full architecture.

Unit

Jest, Vitest

Component

Testing Library

API

Supertest

Contract

Pact

E2E

Playwright, Cypress

Performance

k6, Lighthouse CI

Security

OWASP ZAP

Accessibility

Axe

Visual regression

Percy / Chromatic

BDD

Cucumber

CI/CD Standards

No code ships without passing CI gates.

TypeScript type check — every PR

ESLint (zero warnings policy)

Full unit test suite

Build verification

E2E smoke test

Security scan (OWASP ZAP on deployment pipelines)

Lighthouse CI performance budget check

GitHub Actions for all CI/CD

Environment segregation: dev / staging / production

GitHub OIDC for AWS deployments (no long-lived credentials)

Rollback capability on all production deployments

Infrastructure

Terraform-managed. Security-scanned. Auditable.

All infrastructure provisioned via Terraform.

VPC with public/private subnet architecture

S3 + CloudFront for static assets (no public bucket access)

Lambda + API Gateway for serverless workloads

GitHub OIDC for CI/CD authentication (no IAM user keys)

AWS Secrets Manager for credential management

CloudTrail + Security Hub enabled by default

tfsec + checkov security scanning on all Terraform PRs

Open-Source Record

106 public repositories. 1,438 commits in the last year.

All open-source projects are publicly available and maintained. The commit history is not curated for appearances — it's the actual development record.

106

Public repositories

1,438

Commits (last 12 months)

Pull requests (last 12 months)

GitHub followers

View GitHub profile

Data handling

Where your data lives, who can read it, and how long.

The facts. No SOC-2 certificate yet — the studio is too young to have one. Here’s the operational equivalent: a plain-English description of how the studio handles client data, sub-processors, and incidents.

Where data lives

Customer data lives in Supabase (Postgres, US-East-2) and Stripe. No analytics platform stores PII beyond hashed identifiers — Vercel Analytics is privacy-first by design.

Retention

Inquiry records: kept for two years from last contact, then auto-purged. Engagement artifacts: kept for the duration of the engagement plus 12 months unless an MSA specifies longer.

Access

Service-role keys are server-side only. Row-level security on every customer-facing table. No third-party support seat has read access to customer data — the studio is one operator.

Sub-processors

Vercel (hosting/CDN), Supabase (database & auth), Stripe (payments), Resend (transactional email), AWS (infrastructure for client work). Full list maintained on /legal/privacy.

Incident response

Security incidents are disclosed to affected clients within 72 hours. Post-incident report includes root cause, blast radius, and remediation steps — no PR-spin.

Right to delete

Email sage@sageideas.dev with a deletion request and your records are purged within five business days, including downstream caches and backups in the next rotation.

Engagement guarantees

What we put in writing.

Every engagement signs an MSA + SOW. These five guarantees show up in every one of them — not as marketing copy, as contractual terms.

Fixed price means fixed price

Quoted scope is what you pay. Scope changes require a written amendment and explicit approval before any additional work begins. No surprise invoices, ever.

Refund before work begins

If we haven’t started, we issue a full refund. No questions, no friction. Once work begins, one-time engagements are non-refundable but always negotiable on outcome.

Cancel monthly anytime

Site Care, Brand Care, Content Care, Scale, Operate, Content Engine — all cancel through Stripe in two clicks. Billed through end-of-cycle. No 12-month lock-ins.

Handoff that survives

Every engagement ships with documentation, runbooks, and a knowledge-transfer call. The system survives without me on the next call — that’s the bar.

No bait-and-switch staffing

The person who scopes the work is the person who builds it. There’s no “we’ll assign a team” — it’s one operator on every line of code.

What could go wrong

Here’s when we are the wrong fit.

The fastest way to lose your time and ours is pretending we’re right for every situation. We aren’t. These are the most common mismatches — if you see yourself here, save us both a discovery call.

If — You need a 10-person delivery team this quarter

Sage Ideas is one operator. We can do extraordinary depth on one or two parallel workstreams — not breadth across ten. If you need a staffing agency, we are the wrong fit and we will say so on the first call.

If — You want a full-time, on-call, replace-your-CTO arrangement

Studio Engagement is up to 30 hours per week with defined response windows. It is not 24/7 on-call. If you need a fulltime engineering lead embedded in your team, hire one — we’ll help you scope the role.

If — You’re shopping on price alone

Productized engagements start at $1,500 because that’s the floor at which the work is actually high-quality. There is no $500 audit. Cheap consulting is expensive when it’s wrong.

If — You expect equity-only or revenue-share

For pre-revenue startups in specific circumstances, we’ll consider partial equity (cash + equity, not equity-only). Pure speculation arrangements are declined politely.

If — You need someone to ship code fast and ask questions later

We scope before we build. Discovery and architecture come first — always. If you want a contractor who builds whatever you ask without pushback, we are the wrong choice.

References

Talk to past collaborators directly.

Sage Ideas is a young studio. Rather than ship cherry-picked testimonials, every prospective client gets the option to talk directly to people I've built things with — fintech engineers, founders, ops leads. Real phone numbers, real conversations, no scripts.

Industries shipped into

Most engagements run under NDA. Names withheld until written permission lands.

Fintech (NDA)

Trading platform

B2B SaaS (NDA)

Internal tooling

Developer tooling

Open source

AI platform (NDA)

LLM tooling

Infrastructure startup

Cloud platform

Sage Ideas (internal)

Nexural / Vesper / Stellaris

Most engagements operate under NDA. Real names + logos appear here only with written permission, replacing the monogram tile in place.

Reference available

Engineering lead

Fintech · 5 years

Worked alongside on production trading systems for 5+ years. Available for technical reference calls — code quality, on-call discipline, incident behavior.