Bug Fix Support
SLA-backed bug fix resolution: severity classification (Critical system down or data loss risk, 2-hour response, same-day fix target; High major feature non-functional, 8-hour response, 24-hour fix target; Medium feature impaired with workaround, 24-hour response, 5-day fix target; Low cosmetic or minor, 5-day response, scheduled for next sprint), bug triage (receive bug reports via Jira/Linear/email triage severity, reproduce issue, provide ETA within SLA response window), fix implementation (root cause analysis, fix, regression test, staging verification, production deployment), monthly summary (bugs reported, resolved, mean time to resolution, open issues by severity).
Dependency & Security Updates
Monthly dependency audit (npm audit/pip audit identify new CVEs in production dependencies, assess exploitability and upgrade path), scheduled update sprints (quarterly or monthly dependency update sprint upgrade outdated dependencies, run full test suite, deploy to staging, deploy to production), security patch priority (CVEs rated Critical or High in CISA KEV catalogue patched and deployed within 48 hours), framework upgrades (Node.js LTS, Python major versions, Next.js major version planned and executed as separate engagement with testing).
Performance Monitoring
Proactive production monitoring: application monitoring (Sentry error tracking monitor new error spikes, first-seen errors, high-volume recurring errors), infrastructure monitoring (CloudWatch + Grafana CPU, memory, disk, response time dashboards; PagerDuty alerting for incidents), database monitoring (RDS performance metrics, slow query detection via pg_stat_statements, connection count monitoring), monthly performance report (key metrics P95 response time, error rate, uptime, database query performance trended over previous 30 days).
Feature Enhancements
Small feature development within maintenance retainer: sprint planning (monthly or bi-weekly planning session prioritise feature backlog, estimate effort, agree what fits within retainer capacity), development (work within existing codebase architecture new features follow existing patterns, not invented from scratch), code review and QA (all new features reviewed, tested, deployed to staging for verification, deployed to production via CI/CD), documentation (update technical documentation README, API docs, internal runbooks).
Proactive Health Reviews
Quarterly technical health reviews: code quality review (identify accumulating technical debt deprecated dependencies, patterns that will cause problems at scale, security risks not yet triggering incidents), infrastructure review (review cloud spend against usage identify right-sizing opportunities, unused resources, cost optimisation actions), roadmap consultation (quarterly conversation about upcoming features and technical requirements early identification of architecture decisions that need to be made before feature work begins).