PracticeEngineering · Governance · Operations

BasedMadeira, Portugal · United States

PostureNDA by default · References on completion

An engineering studio for software built faster than it was thought through.

We take prototypes shipped in days and turn them into production software that still works in six months.

Railloom is a small practice. Our clients come to us after an AI-assisted build has met its first real users — and its first real problems. We audit what was shipped, model what can go wrong, and return a codebase that is secure, observable, and trusted by the people who operate it.

Request an audit Read the process

§ 01Practice

Shipping was the easy part. Everything that followed, less so.

The prototype works. The next user breaks it.

The first demo is convincing and the second user is not supposed to see the first user's data. Failure modes that were acceptable at one seat are not acceptable at ten.

No auth worth trusting. No tests worth running. No audit trail worth producing.

Passwords are hashed with a library chosen at random. There is no rate limit. Nothing in the database can be rolled back. No one can prove what happened on Tuesday.

The person responsible cannot read the code. Often that person is the founder.

The generator wrote eighteen files no one has read. The parts that are understood have quietly diverged from the parts that are not. Every change risks a regression in a module no one has opened.

§ 02Principles

A small number of rules, kept strictly.

Write less code than we inherit.

The best rescue reduces the surface area of the problem. Features are removed as readily as they are added. We do not charge by the line.

II.

Leave a paper trail a stranger can follow.

Every change arrives in small, reviewable units with a written note. When we leave, the next engineer can read the history without us in the room.

III.

Auth and audit before features. Always.

Identity, authorization, and an event log that can be replayed come first. Everything else is negotiable and most of it is postponed.

IV.

The system is not finished until it can be operated.

Runbooks, dashboards, alerting, and an on-call rotation are part of the deliverable. A codebase that cannot be operated is not yet production software.

Speak plainly. Write it down.

Weekly written status, not standups. A recommendation memo before every contract. A post-engagement report when we finish. Nothing important said only in a meeting.

Signed at the founding. Held under every engagement.

§ 03Services

What we will take on, and at what depth.

Railloom's current focus is operational intelligence — systems that watch customer and ops data through AI agents, surface what matters to the operators who run the business, and do so with audit trails, source citations, and no autonomous action without human approval. Rescue, Harden, and Build are the three shapes this work takes.

Rescue

We inherit a vibe-coded codebase and return it production-safe.

A written audit, a threat model, and a scoped remediation plan delivered before any contract is signed. From there, a fixed four to six weeks to bring the system to a state you can operate.

Threat model & code audit · Dependency & secret hygiene · Rollback & recovery plan

Harden

We add authentication, audit trails, observability, and tests to what is already shipped.

The fewest changes that take a product from "it demos" to "it holds." You are left with runbooks, dashboards, and a test suite the next engineer can read without us in the room.

Auth · RBAC · sessions · Logging · tracing · alerts · Integration test coverage

Build

We build new systems to the same discipline: quickly, but engineered to last.

When a rewrite is the fastest path, we take it — using the same generation tools a founder would, under the supervision of engineers who have operated software in production for a decade.

Greenfield product work · Infra & deploy foundation · Handoff, not dependency

§ 04Process

An order of operations we do not depart from.

Intake & written audit

Three days reading your code with fresh eyes. You receive a written assessment, under NDA, before a contract is signed.

3 daysWritten report

Threat model & scope

We decide together what matters: auth, data, compliance, uptime. Everything else is deferred on purpose, in writing.

1 weekScoped plan

III

Rescue & harden

Two to three weeks of shipping, daily written updates. Pull requests in small, reviewable units under continuous test.

2–3 weeksProduction build

Handoff & post-engagement report

Dashboards, tests, a paging rotation, and a written report your next engineer — or your auditor — can read without us present.

2 daysRunbook & training

§ 05What we will not touch

Work we refuse, as a matter of practice.

Growth hacks dressed as infrastructure.

If the ask is a "viral loop" or a "dark pattern," we are the wrong studio. We will recommend someone honestly, at no charge.

Systems we cannot audit end to end.

We do not take responsibility for code we are not allowed to read. If a vendor blackbox is load-bearing, that is a scoping conversation before a contract.

Trading, gambling, or unregulated finance.

A liability we’ve chosen not to carry. Better to say so before a first conversation than after.

Consultancy without a deliverable.

We will not staff a standing meeting. Every engagement has a written deliverable, an end date, and a post-engagement report.

Rewrites dressed as rescues.

If the fastest path is a rewrite, we will say so in the audit. We will not quietly bill a rescue while rebuilding a system from zero.

Engagements without a named operator.

A system with no one on call is not software we can hand back. If no one is prepared to operate it, that is our first conversation.

§ 06The Practice

A studio of working engineers, run as a practice rather than a firm.

Railloom is run by working engineers. Between us, a decade of building software that runs in production — automation at the edge of operational systems, payment and release pipelines, integrations that hold under real load.

We started Railloom because the tools for shipping have outpaced the discipline for operating. Anyone can now build an app in an afternoon. Fewer people can make it survive its first real Tuesday.

We take on a small number of engagements per quarter. We still write the code ourselves. If we pick up the phone, we intend to fix it.

— Railloom, founding partners

§ 07Terms

The adults in the room carry the paperwork.

ConfidentialityNDA by defaultMutual, signed before any code is read.

ReferencesOn completion of first engagementsPublished as engagements complete.

AvailabilityAccepting first engagements · Q2 2026Written reply within 48 hours.

§ 08Contact

Written reply · within 48 hours

Send us your messiest codebase.

Directstudio@railloom.comWrite ↗Audit requestRequest a written assessmentForm ↗ReferencesOn completion of first engagementsRequest ↗