( 01 — The brief )
Tame the retrofit paperwork mountain.
Domestic energy retrofit in the UK runs on PAS 2035 — a standard whose rigour is matched only by the volume of paperwork it generates. The client wanted all of it — intake, assessment, design, installation evidence, monitoring, handover, document generation, lodgement readiness — runnable from one place, by the person with the hardest job in the chain. The brief, verbatim: “make v1 the best Retrofit Coordinator control tower available.”
— The client, in every case on these pages, was us. We are a demanding client.
( 02 — The craft )
Shaped like the actual work.
The audit workspace mirrors how auditors genuinely proceed — setup, evidence intake, assessment checks, core documents, findings — rather than forcing a database’s idea of order onto a professional’s. Every document carries a readiness state from Not Started to Complete, so a coordinator can read a project’s health at a glance. Seven roles, from organisation owner down to read-only auditor, see exactly what their job requires and nothing more.
And the front door is a gift: a free public XML checker anyone in the industry can use, no signup — retrofit files are parsed in memory, compared pre-and-post, and never stored. Genuinely useful first, commercial second.
( 03 — The engine )
One gate guards everything.
Thirty single-responsibility domain classes handle organisations, projects, measures, evidence, documents, audits and support — but the design’s quiet triumph is that every object access funnels through a single organisation-scoping gate. Multi-tenancy isn’t sprinkled through the code as a thousand if-statements; it’s one choke point that makes cross-tenant access structurally impossible.
The toolset includes a pre/post retrofit XML diff with landscape PDF exports for auditors, and opt-in AI audit assistance — documents streamed to the Anthropic API for analysis and never persisted on the server.
( 04 — Foundations )
Reviewed, and not by us.
An independent code review concluded: “a well-built, security-conscious WordPress codebase — clearly above the average custom plugin. SQL is consistently parameterised, output is consistently escaped, every state-changing request is nonce-protected.” We’ll take that.
XML parsing is hardened against external-entity attacks, every mutation is nonce-checked, and the tenancy gate itself is covered by its own test suite — because the wall between organisations is the one thing that must never crack. Hosted on DigitalOcean with schema migrations that reconcile themselves on every update.
Rigorous standards, calm software. Compliance without the chaos.
( In brief )
- Standard
- PAS 2035
- Roles
- 7 graduated
- Domain classes
- 30
- XML checker
- Free, for everyone