All playbooks

Freelancers, boutique agencies, and rescue-project leads

Inherited codebase takeover playbook

The first takeover mistake is treating the repo like an implementation task before it has been treated like a risk object. This playbook turns the first review into an evidence-backed intake process.

Step 1

Freeze the first estimate

Do not quote fixed cleanup or rewrite work until the repository can be built, mapped, and risk-scored. The first deliverable is discovery.

  • Confirm repository access, default branch, deploy target, and owner contacts
  • List frameworks, lockfiles, package managers, and runtime versions
  • Identify auth, billing, data deletion, permissions, and payment flows
  • Document unknowns that require credentials or client answers

Step 2

Map the operational surface

A folder tree is not enough. Find the entry points and external edges where a change can break production.

  • Routes, API handlers, jobs, webhooks, CLIs, and scheduled tasks
  • Database models, migrations, seed scripts, and backup assumptions
  • Payment, email, storage, analytics, AI, and GitHub integrations
  • Manual deploy steps, CI checks, and rollback path

Step 3

Rank risks before improvements

Separate containment work from cleanup. Security, data, deployment, and billing findings change the project shape before refactors matter.

  • Committed secret signals and required rotations
  • Known vulnerable dependencies and blocked upgrades
  • Missing tests around critical product flows
  • Oversized files, duplicated logic, dead code, and unclear module boundaries

Step 4

Turn discovery into a paid plan

The client should receive a short, concrete artifact: what is risky, what should happen first, and what implementation work is worth buying.

  • Executive summary with top risks and recommendation
  • Architecture map and evidence paths
  • 30/60/90-day repair sequence
  • GitHub issues for accepted work

Run this playbook on a real repository

CodeTruss builds the architecture map, health scores, ranked findings, report, GitHub issues, and opt-in fix PRs from the repository itself.