Skip to content

heyitskuril/product-development-playbook

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

12 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation


What is this?

The Product Development Playbook is a free, open-source reference guide for engineers, product managers, CTOs, and indie hackers who want to build tech products the right way β€” with industry-standard practices at every phase of the lifecycle.

It covers everything from validating a problem to launching a production-ready product and iterating post-launch, with every phase backed by real references from recognized books, standards bodies, and engineering organizations.

No fluff. No opinions without citations. Just a practical, validated guide you can actually use β€” whether you're building solo or leading a team of 50.

Methodology: Lean + Agile + Shape Up hybrid
Scope: Any tech product β€” web app, mobile app, SaaS, platform, API, or internal tool
Standard: Industry-grade, production-ready


Why this exists

Most product failures aren't caused by bad code. They're caused by:

  • Building something the market doesn't need (42% of startup failures β€” CB Insights, 2021)
  • Skipping architecture decisions that become expensive to reverse
  • Treating security and testing as afterthoughts
  • Having no shared process across roles

This playbook is the shared process.


Who is this for?

Role How to use this guide
πŸ§‘β€πŸ’» Solo Developer / Indie Hacker Follow the 17 phases end-to-end before writing a single line of code
πŸ‘₯ Small Development Team (2–10) Use as a shared team standard and onboarding reference
🏒 Engineering Manager / Tech Lead Use phases as sprint planning inputs and definition-of-done references
πŸ§‘β€πŸ’Ό Product Manager Use discovery, scoping, and roadmap phases as PM workflow
πŸ—οΈ CTO / Architect Use architecture, auth, data modeling, and security phases as design review checklists
πŸš€ DevOps / Platform Engineer Use deployment, monitoring, and security phases as infrastructure runbooks
πŸŽ“ Student / Bootcamp Graduate Learn how production-grade products are actually planned and built

The 17 Phases at a Glance

The full guide covers 17 sequential phases, each with a checklist, deliverables, validated references, and role assignments.

The order matters. Each phase depends on the one before it. The guide is designed to prevent the most common mistake in software: building before you've validated the problem, the data model, or the architecture.

DISCOVERY ──────────────────────────────────────────────────────────────────────────┐
  Phase 1: Product Discovery & Definition                                            β”‚
  Phase 2: Feature Scoping (MVP First)                                               β”‚
                                                                                     β”‚
DESIGN ──────────────────────────────────────────────────────────────────────────────
  Phase 3: User Flow & Journey Mapping                                               β”‚
  Phase 9: UI/UX Design                                                              β”‚
                                                                                     β”‚
ARCHITECTURE ────────────────────────────────────────────────────────────────────────
  Phase 4: Data Modeling & Database Design                                           β”‚
  Phase 5: System Architecture                                                       β”‚
  Phase 6: Authentication & Authorization                                            β”‚
                                                                                     β”‚
LOGIC & API ─────────────────────────────────────────────────────────────────────────
  Phase 7: Business Logic Definition                                                 β”‚
  Phase 8: API Design (Contract First)                                               β”‚
  Phase 10: Edge Case & Failure Planning                                             β”‚
                                                                                     β”‚
DEVELOPMENT ─────────────────────────────────────────────────────────────────────────
  Phase 11: Project Structure & Coding Standards                                     β”‚
  Phase 12: Development Roadmap                                                      β”‚
  Phase 13: Testing Strategy                                                         β”‚
                                                                                     β”‚
OPERATIONS ──────────────────────────────────────────────────────────────────────────
  Phase 14: Deployment Plan                                                          β”‚
  Phase 15: Monitoring & Observability                                               β”‚
  Phase 16: Security Checklist                                                       β”‚
  Phase 17: Post-Launch & Iteration                                                  β”‚
                                                                                     β”‚
LAUNCH β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Phase Summary

# Phase Category Key Outputs Primary Roles
1 🧠 Product Discovery & Definition Discovery Product Brief, Personas, Competitor Analysis PM, CTO
2 πŸ“‹ Feature Scoping (MVP First) Discovery Feature List (MoSCoW), User Stories + Acceptance Criteria PM, CTO
3 πŸ”„ User Flow & Journey Mapping Design Flow Diagrams, Screen Inventory, Journey Map UX, PM
4 🧱 Data Modeling & Database Design Architecture ERD, Data Dictionary, DB Schema CTO, Dev
5 βš™οΈ System Architecture Architecture Architecture Diagram (C4), ADRs, Tech Stack Doc CTO, Dev
6 πŸ” Authentication & Authorization Architecture Auth Flow, RBAC Matrix, Token Lifecycle CTO, Dev, Security
7 🧩 Business Logic Definition Logic & API Business Rules, State Machines, Formula Docs PM, CTO, Dev
8 πŸ”Œ API Design (Contract First) Logic & API OpenAPI Spec, Mock Server, API Docs CTO, Dev
9 🎨 UI/UX Design Design Wireframes, Mockups, Design System UX, PM
10 ⚠️ Edge Case & Failure Planning Logic & API Edge Case Checklist, Error Message Library CTO, Dev, PM
11 πŸ—‚οΈ Project Structure & Standards Development Scaffold, README, CONTRIBUTING, Linter Config CTO, Dev
12 πŸ“… Development Roadmap Development Milestone Plan, Definition of Done, Sprint Board PM, CTO
13 πŸ§ͺ Testing Strategy Development Unit + Integration + E2E Test Suites, Testing Plan Dev, CTO
14 πŸš€ Deployment Plan Operations CI/CD Pipeline, Deployment Runbook, Rollback Plan DevOps, CTO
15 πŸ“Š Monitoring & Observability Operations Dashboards, Alerts, Runbooks, SLO Definitions DevOps, CTO, Dev
16 πŸ”’ Security Checklist Operations OWASP Coverage, Security Scan Results, Threat Model Security, CTO, Dev
17 πŸ” Post-Launch & Iteration Operations Post-Launch Report, Updated Backlog PM, CTO, Dev

What each phase contains

Every phase in the full guide includes:

βœ… Action Checklist β€” Concrete, specific tasks with no ambiguity about what "done" means.

πŸ“Œ Deliverable Outputs β€” Exact files and artifacts produced (e.g., docs/erd.png, openapi.yaml, ci.yml).

⚠️ Critical Warnings β€” Real data on what goes wrong when this phase is skipped, with citations.

πŸ“š Book References β€” Validated recommendations with author, year, and rationale for relevance.

πŸ”— Online Resources β€” Links to recognized standards bodies: OWASP, W3C, NIST, IETF, Google, Microsoft, ThoughtWorks.

πŸ‘₯ Role Assignments β€” Which roles are responsible and which are consulted per phase.

πŸ”— Prerequisite Dependencies β€” Which phases must be completed first, and why.


Dependency Map

Not all phases are independent. The map below shows what must be complete before you can begin each phase:

Phase 1 (Discovery)
    └── Phase 2 (Scoping)
            β”œβ”€β”€ Phase 3 (Flows)
            β”‚       └── Phase 9 (UI/UX Design)
            β”œβ”€β”€ Phase 4 (Data Model)
            β”‚       └── Phase 5 (Architecture)
            β”‚               └── Phase 6 (Auth)
            β”‚                       └── Phase 7 (Business Logic)
            β”‚                               └── Phase 8 (API Design)
            β”‚                                       └── Phase 10 (Edge Cases)
            β”‚                                               └── Phase 13 (Testing)
            └── Phase 11 (Project Standards)
                    └── Phase 12 (Roadmap)
                            └── Phase 14 (Deployment)
                                    β”œβ”€β”€ Phase 15 (Monitoring)
                                    β”œβ”€β”€ Phase 16 (Security)
                                    └── Phase 17 (Post-Launch)

Quick Start

Option A β€” Read online

Go straight to GUIDE.md and start from Phase 1. Use the Table of Contents to jump to any phase.

Option B β€” Clone locally

git clone https://github.com/heyitskuril/product-development-playbook.git
cd product-development-playbook

Open GUIDE.md in your Markdown viewer, VS Code, or Obsidian.

Option C β€” Use as a project template

Fork this repo and use the /docs structure as the foundation for your own product documentation:

your-project/
β”œβ”€β”€ docs/
β”‚   β”œβ”€β”€ product-brief.md          ← Phase 1
β”‚   β”œβ”€β”€ feature-list.md           ← Phase 2
β”‚   β”œβ”€β”€ user-stories.md           ← Phase 2
β”‚   β”œβ”€β”€ flows/                    ← Phase 3
β”‚   β”œβ”€β”€ screen-inventory.md       ← Phase 3
β”‚   β”œβ”€β”€ erd.png                   ← Phase 4
β”‚   β”œβ”€β”€ data-dictionary.md        ← Phase 4
β”‚   β”œβ”€β”€ architecture.md           ← Phase 5
β”‚   β”œβ”€β”€ tech-stack.md             ← Phase 5
β”‚   β”œβ”€β”€ adr/                      ← Phase 5
β”‚   β”œβ”€β”€ auth-flow.md              ← Phase 6
β”‚   β”œβ”€β”€ rbac-matrix.md            ← Phase 6
β”‚   β”œβ”€β”€ business-rules.md         ← Phase 7
β”‚   β”œβ”€β”€ state-machines.md         ← Phase 7
β”‚   β”œβ”€β”€ api/
β”‚   β”‚   β”œβ”€β”€ openapi.yaml          ← Phase 8
β”‚   β”‚   └── README.md             ← Phase 8
β”‚   β”œβ”€β”€ design-system.md          ← Phase 9
β”‚   β”œβ”€β”€ edge-cases.md             ← Phase 10
β”‚   β”œβ”€β”€ roadmap.md                ← Phase 12
β”‚   β”œβ”€β”€ testing-plan.md           ← Phase 13
β”‚   β”œβ”€β”€ deployment.md             ← Phase 14
β”‚   β”œβ”€β”€ rollback.md               ← Phase 14
β”‚   β”œβ”€β”€ monitoring.md             ← Phase 15
β”‚   β”œβ”€β”€ runbooks/                 ← Phase 15
β”‚   β”œβ”€β”€ security-checklist.md     ← Phase 16
β”‚   β”œβ”€β”€ threat-model.md           ← Phase 16
β”‚   └── post-launch-report.md     ← Phase 17
β”œβ”€β”€ design/
β”‚   β”œβ”€β”€ wireframes/               ← Phase 9
β”‚   └── mockups/                  ← Phase 9
β”œβ”€β”€ tests/                        ← Phase 13
β”œβ”€β”€ .env.example                  ← Phase 11
β”œβ”€β”€ README.md
└── CONTRIBUTING.md               ← Phase 11

Referenced Standards & Organizations

This guide is grounded in industry-recognized standards and research, not opinion:

Standard / Source Category Used In
OWASP Top 10 (2021) Security Phases 6, 16
OWASP Cheat Sheet Series Security Phases 6, 16
NIST SP 800-63B Identity & Passwords Phase 16
OpenAPI 3.1 Specification API Design Phase 8
WCAG 2.1 β€” W3C Accessibility Phase 9
RFC 8725 β€” JWT Best Practices (IETF) Auth Phase 6
DORA Research Engineering Performance Phases 12, 14
The 12-Factor App Cloud-Native Phases 5, 14
C4 Model Architecture Diagramming Phase 5
ADR Format Architecture Decisions Phase 5
Google SRE Book Site Reliability Phase 15
OpenTelemetry Observability Phase 15
Google Core Web Vitals Performance Phases 13, 15
Conventional Commits Version Control Phase 11
Semantic Versioning Version Control Phase 11

Key Book References

The guide references 27 industry-standard books. The most frequently cited:

Book Author Year Phases
Inspired (2nd Ed) Marty Cagan 2018 1, 2
The Lean Startup Eric Ries 2011 1, 17
The Mom Test Rob Fitzpatrick 2013 1
Shape Up Ryan Singer (Basecamp) 2019 2, 12
Domain-Driven Design Eric Evans 2003 7
Designing Data-Intensive Applications Martin Kleppmann 2017 4, 5
Clean Architecture Robert C. Martin 2017 5, 11
Building Microservices (2nd Ed) Sam Newman 2021 5
Accelerate Forsgren, Humble, Kim 2018 12, 14
Continuous Delivery Humble & Farley 2010 14
Release It! (2nd Ed) Michael Nygard 2018 10
Site Reliability Engineering Google 2016 15
Refactoring UI Wathan & Schoger 2018 9
The Pragmatic Programmer (20th Ed) Hunt & Thomas 2019 11, 13

Full reference list with rationale is in GUIDE.md β†’ Master Reference Library.


Master Progress Checklist

Use this as a project kick-off tracker:

# Phase Status Primary Output
1 Product Discovery & Definition ⬜ Not started Product Brief, Personas
2 Feature Scoping (MVP First) ⬜ Not started Feature List, User Stories
3 User Flow & Journey Mapping ⬜ Not started Flow Diagrams, Screen Inventory
4 Data Modeling & Database Design ⬜ Not started ERD, Data Dictionary
5 System Architecture ⬜ Not started Architecture Diagram, ADRs
6 Authentication & Authorization ⬜ Not started Auth Flow, RBAC Matrix
7 Business Logic Definition ⬜ Not started Business Rules, State Machines
8 API Design (Contract First) ⬜ Not started OpenAPI Spec, API Docs
9 UI/UX Design ⬜ Not started Wireframes, Design System
10 Edge Case & Failure Planning ⬜ Not started Edge Case Checklist
11 Project Structure & Standards ⬜ Not started Scaffold, README, CONTRIBUTING
12 Development Roadmap ⬜ Not started Milestone Plan, Sprint Board
13 Testing Strategy ⬜ Not started Test Suite, Testing Plan
14 Deployment Plan ⬜ Not started CI/CD Pipeline, Runbook
15 Monitoring & Observability ⬜ Not started Dashboards, Alerts, Runbooks
16 Security Checklist ⬜ Not started OWASP Coverage, Threat Model
17 Post-Launch & Iteration ⬜ Not started Post-Launch Report

OWASP Top 10 Coverage (2021)

Security is not a single phase β€” it runs through the entire guide. Here's the OWASP Top 10 coverage map:

Rank Risk Covered In
A01 Broken Access Control Phase 6 (RBAC design), Phase 16 (server-side enforcement)
A02 Cryptographic Failures Phase 6 (token storage), Phase 16 (password hashing, data-at-rest encryption)
A03 Injection (SQL, XSS, etc.) Phase 16 (parameterized queries, input sanitization, CSP header)
A04 Insecure Design Phase 5 (threat modeling), Phase 6 (security requirements in design)
A05 Security Misconfiguration Phase 14 (environment hardening), Phase 16 (security headers)
A06 Vulnerable Components Phase 16 (dependency scanning: npm audit, Snyk, Dependabot)
A07 Auth & Session Failures Phase 6 (httpOnly cookies, token lifetimes, logout invalidation)
A08 Software Integrity Failures Phase 14 (dependency lockfiles, CI integrity checks)
A09 Logging & Monitoring Failures Phase 15 (structured logging, auth event logging, anomaly alerts)
A10 SSRF Phase 16 (URL allowlisting, internal IP range blocking)

Contributing

This guide is open to contributions from the community. Found a broken link? Know a better reference? Want to add a missing best practice or translate a phase?

πŸ‘‰ Read CONTRIBUTING.md to get started.

Ways to contribute:

  • Fix a broken link or outdated reference
  • Add a missing tool, book, or online resource to any phase
  • Improve clarity or fix a typo
  • Add a language translation
  • Share how you adapted this guide for your team

All contributions β€” large or small β€” are reviewed and appreciated. Please open an issue before submitting a large change so we can discuss the approach first.


Changelog

Version Date Summary
v1.0.0 April 2026 Initial public release β€” 17 phases, full reference library

License

This project is licensed under the MIT License.

You are free to use, copy, modify, distribute, and adapt this guide β€” for personal, team, or commercial use β€” with attribution.


About the author

Kuril

A dreamer… who still working on it to make it real.

LinkedIn Instagram GitHub Email


If this guide saved you time or helped your team ship better β€” consider giving it a ⭐
It helps others find it.


⭐ Star on GitHub


Technology-agnostic. Language-agnostic. Team-size-agnostic.
Validated against: OWASP Top 10 (2021) Β· WCAG 2.1 Β· OpenAPI 3.1 Β· DORA (2023) Β· 12-Factor App Β· C4 Model

Releases

No releases published

Packages

 
 
 

Contributors