Atelier Ops
GitHub Email us

Services

Six disciplines. One delivery model.

Each engagement adopts one problem — one snowflake, one stalled decision, one observability gap — and hands it back as a paved road with the trade-offs written down. Small, scoped, audit-ready by default.

  • Architecture

    Bring the decision that has stalled across three meetings. We write the ADR, run the dissent, and ship a migration plan a new hire can read.

    Outputs
    decision record (Nygard format) · trade-off matrix · 6-week migration runbook
    • Stack selection (decision frame · trade-off matrix)
    • Service boundaries (DDD / event storming)
    • Multi-region & data-locality (CRDT / multi-write trade-offs)
    • ADR governance bootstrap (Proposed → Accepted lifecycle)
    ADRs / engagement illustrative · synthetic

  • DevOps paved road

    Replace one snowflake. We pick the highest-friction part of your CI/CD, design the paved road, and migrate ≥80% of teams onto it before we leave.

    Outputs
    paved-road blueprint · reference pipeline · deprecation path
    • CI/CD modernization (GitLab CI · Argo CD)
    • IaC consolidation (Terraform / Pulumi / OpenTofu)
    • Kubernetes & cost engineering (HPA / Karpenter / FinOps unit-cost)
    • Developer productivity instrumentation (DORA · SPACE)
    Adoption rate weeks since launch · synthetic

  • SRE error-budget program

    Stand up an SLO program that survives the second burn. We tie each SLO to a consequence the team agrees to, write the burn-rate alerts, and shadow oncall for 90 days before you own it.

    Outputs
    SLO catalogue · burn-rate alert pack · postmortem template
    • SLO definition & telemetry (OpenSLO / sloth)
    • Burn-rate alerts (multi-window · multi-burn-rate)
    • Blameless postmortems (RCA review cadence)
    • Oncall design (sustainable rotation · page rate ≤2/wk target)
    Pages / wk 12 wks post-program · synthetic

  • SecOps & supply-chain

    Move from compliance theatre to evidence by default. We model the threats your auditor actually asks about, design pipelines that target SLSA-aligned attestation, and assemble an audit packet mapped to your SOC 2 or ISO 27001 controls — evidence-against-control, not evidence-of-effort.

    Outputs
    threat model · signed-provenance pipeline · audit packet
    • Build provenance (sigstore · SLSA L3 attestation)
    • Admission policy (OPA / Kyverno)
    • Runtime detection (Falco / Tetragon · eBPF)
    • Secrets distribution (Vault three-tier · file-rendered, never env-var)
    Attestation coverage % of builds · synthetic

  • MLOps

    Self-host the inference that is burning your provider bill, eval the model already in production, or size the GPU budget that survives a finance review. We pick the smallest model that does the job and prove it with a harness, not a hunch.

    Outputs
    serving stack · eval harness · capacity model
    • Self-hosted inference (vLLM · SGLang · TensorRT-LLM)
    • RAG retrieval (BGE-M3 / nomic-embed + rerankers)
    • Fine-tuning (LoRA / QLoRA on 24–80 GB)
    • Eval pipelines (RAGAS · promptfoo · Inspect)
    p95 inference ms · before / after · synthetic

  • Internal developer platform

    An IDP that respects the developer's afternoon. We design a contract surface a developer can hold in their head — ≤5 commands — build the golden path, and refuse to bolt on the sixth.

    Outputs
    contract spec · reference platform · adoption runbook
    • Contract design (CLI · portal · API parity)
    • Self-service onboarding (templates · scaffolds)
    • Golden-path templates (vetted by SRE + SecOps)
    • Adoption guardrails (time-to-first-deploy · drift alerts)
    Time-to-first-deploy minutes p50 · synthetic