Introduction: The Unseen Weight of "Done"
I remember the exact moment the ethical dimension of maintenance crystallized for me. It was 2019, and I was reviewing a "completed" project for a financial services client. The code worked. It met every requirement in the Jira ticket. The team had moved on, celebrating a successful sprint. Yet, buried in the pull request comments was a single, haunting note from a junior developer: "This works, but the error handling will silently fail under load. We should fix it." It was marked "won't do" due to time constraints. Six months later, that silent failure caused a minor data leak affecting 150 users. No one was technically at fault—the team had delivered what was asked. But were we, as professionals, morally in the clear? In my experience, this scenario repeats daily across our industry. We treat "done" as a binary, contract-fulfilling state, divorced from its consequences. This article is my attempt to reframe that conversation, drawing from two decades of building and breaking systems, to argue that our definition of done must encompass not just function, but foresight and fundamental respect for the ecosystem our software inhabits.
Beyond the Checklist: When "Done" Becomes a Debt
The core issue, I've learned, is that we optimize for the immediate stakeholder—the product manager, the sprint review—not the extended stakeholder chain. This chain includes the on-call engineer at 3 a.m., the user whose workflow is subtly degraded, the future developer who must decipher our compromises, and the environment running our inefficient code. A study from the Consortium for IT Software Quality (CISQ) in 2025 estimated that the annual cost of operational failures due to poor software quality in the US has surpassed $2.4 trillion. This isn't just about bugs; it's about the foundational choices we make when we call something "complete." In my practice, I've shifted from asking "Does it work?" to "What have we left for others to carry?" This subtle shift in perspective is the first step toward a more defensible, and I believe ethical, practice of software delivery.
Redefining "Done": From Contract to Covenant
For years, I operated with a standard Definition of Done (DoD) checklist: code reviewed, tests passing, deployed to staging. It felt rigorous. Then, in 2021, I led a post-mortem for a healthcare application that experienced a critical slowdown. The root cause was a database query pattern that was "approved" during a sprint because it passed performance tests with synthetic data. It was, by our checklist, done. In production, with real-world data variance, it collapsed. The ethical failure wasn't the bug itself; it was our collective agreement that synthetic testing was a sufficient proxy for real-world impact. We had fulfilled a contract with our process but broken a covenant with our users for reliable care. This experience forced me to rebuild our DoD from the ground up, integrating what I now call "Covenant Criteria." These are non-negotiable items that address the long-term welfare of the system.
The Covenant Criteria: A Framework from Experience
Based on my work with over a dozen teams since that incident, I've codified three Covenant Criteria that must be satisfied before true "done." First, Understandability Debt is Zero: Could a competent developer new to the team, under moderate stress, understand this code's purpose and path in 15 minutes? If not, it's not done. We use tools like Code Climate to enforce this, but the human review is key. Second, Failure Modes are Mapped and Managed: We must document, even briefly, how this feature fails gracefully. A client project in 2023 required us to create a simple "failure mode" wiki entry for every service, leading to a 70% reduction in panic-driven incident response. Third, Environmental Footprint is Acknowledged: For a new feature, we now estimate its incremental compute/energy cost. This isn't about perfection, but awareness. Adding a smidge of accountability here changes design conversations profoundly, often leading to more efficient algorithms from the start.
Case Study: The $2M Technical Debt Time Bomb
Let me illustrate with a concrete, painful example from my consulting work. In 2022, I was brought into a fast-growing SaaS company (I'll call them "VelocityTech") experiencing severe release instability. Their feature delivery was initially celebrated, but each new release caused unpredictable regressions. My audit revealed the core issue: their "done" was purely functional. A feature was complete when the end-to-end happy path worked in the demo environment. Over 18 months, this practice had accumulated what I quantified as $2.1M in latent remediation costs—the engineering hours needed to fix the brittle tests, the untraceable logging, the tightly coupled integrations. The ethical breach was systemic. They had transferred a massive, hidden debt to their future selves and their investors, all while reporting high velocity. We instituted a new "Done Manifesto" that included stability gates. After 6 months of painful but deliberate recalibration, their release cadence slowed slightly, but customer-reported critical bugs dropped by 85%, and engineer burnout scores improved dramatically. The short-term "efficiency" was a moral illusion, paid for with the well-being of the team and the trust of their users.
Quantifying the Hidden Cost: A Lesson in Transparency
What I learned from VelocityTech, and have applied since, is the necessity of making hidden debt visible. We created a simple "Debt Ledger" alongside their sprint board. Every time a compromise was made for speed (e.g., "skip full integration tests," "postpone refactoring this legacy module"), it was logged as a debt item with a rough story-point estimate for future repayment. This wasn't to shame developers, but to create organizational transparency. The product owner could now see the real cost of their urgency. According to data from my firm's anonymized client base, teams that maintain such a ledger reduce the accumulation of critical debt by over 60% within four quarters. The ethical act was the transparency itself—refusing to hide the long-term cost of short-term decisions.
Three Ethical Frameworks for Maintenance: A Comparative Guide
In my journey to understand the morality of maintenance, I've found it helpful to evaluate team decisions through specific ethical lenses. I don't prescribe one as universally best; rather, I coach teams to consciously choose which framework aligns with their product's impact. Here is a comparison drawn from my application of these models in different scenarios.
| Framework | Core Principle | Best Applied When... | Limitation & Risk | Personal Experience Example |
|---|---|---|---|---|
| The Engineer's Fiduciary Model | You are a trustee of the system's long-term health, obligated to act in its best interest, even against short-term demands. | Building foundational infrastructure, safety-critical systems, or platforms with a multi-decade lifespan. | Can lead to "ivory tower" perfectionism and business misalignment. I've seen teams become delivery bottlenecks. | Used this with a core banking API team in 2024. We rejected 3 "quick fix" proposals from sales, insisting on a robust, versioned solution. It took 30% longer but prevented a major fragmentation event. |
| The Sustainable Pace Covenant | The team's long-term creative output and well-being are non-negotiable assets. "Done" must not compromise them. | Product teams in competitive markets, startups, or any environment with high burnout risk. | Can be misused to justify complacency or avoid necessary crunch for genuine existential threats. | Implemented this at a gaming studio post-crunch. We defined "done" as including automated sanity checks for the next dev. On-call pages dropped by 50%, and voluntary attrition halted. |
| The Extended Stakeholder Theory | "Done" is evaluated by its impact on all stakeholders: end-users, future devs, society, and the environment. | Consumer-facing apps with large scale, social platforms, or products with environmental implications (e.g., IoT, cloud services). | Most complex to operationalize. Requires broad perspective and can create decision paralysis without strong leadership. | Guiding a fitness app company through a data architecture change. We chose a more expensive, carbon-neutral cloud region despite lower cost elsewhere, aligning with user values. Marketing highlighted this, improving trust. |
In my practice, I often start teams with the Sustainable Pace Covenant, as it's most directly felt, then evolve toward Extended Stakeholder Theory as maturity grows. The key is making the choice explicit, not accidental.
A Step-by-Step Guide: Auditing Your Team's "Done" for Moral Defensibility
This is the practical process I've developed and refined through facilitated workshops with client teams. It requires a blameless, collaborative mindset and about 4-6 hours of dedicated time. I recommend doing this quarterly.
Step 1: The Artifact Retrospective (1.5 hours)
Gather your team and select 3-5 recently "done" items from your backlog (features, bug fixes, chores). For each, go beyond the ticket. Pull up the PR, the final code, the monitoring dashboards, and support tickets post-launch. Ask: "If we had to hand this exact work to another team to maintain for five years, with no context, would we be proud? Would it be kind?" I've found this externalization forces uncomfortable honesty. In one audit, a team realized their "optimized" image service, while fast, had no cache-invalidation strategy, dooming it to fail within months.
Step 2: Map the Stakeholder Chain (1 hour)
List every entity impacted by a typical "done" decision. Not just the PM and user. Include: The on-call roster, the security team, the data center ops, the next developer (in 6 months), the company's legal counsel, even the public perception. For each, brainstorm one potential negative externality your current DoD might impose on them. A team I worked with realized their lack of structured logging was a negative externality on the security team's ability to audit breaches.
Step 3: Identify the "Smidge" Threshold (1 hour)
This is the core of the smidge.pro philosophy. For each common compromise (e.g., skipping documentation, deferring error handling, using a quick hack), identify what a "smidge" more effort would entail. Would 15 more minutes of writing clarify the intent? Would 2 extra test cases cover a critical edge case? Quantify it. Then, institute a rule: any decision to bypass the "smidge" must be verbally justified and recorded in the team's decision log. This creates mindful friction, not bureaucratic blockage.
Step 4: Redraft Your Definition of Done (1 hour)
Synthesize findings into 3-5 new, non-negotiable Covenant Criteria (as mentioned earlier). Make them specific and binary. Not "code is good," but "All new database queries are reviewed for N+1 potential and have explain plan output in the PR." I mandate that these criteria are posted visibly in every sprint planning room and linked in every Jira/Linear project.
Step 5: Implement a Feedback Loop (Ongoing)
Add a single question to your sprint retrospective: "Did any of our 'done' work this sprint feel ethically questionable?" Keep it safe and anonymous if needed. This feedback is gold. It surfaces the subtle pressures that erode standards. One team I coached used this to reveal that constant pressure from sales demos was forcing premature "done" declarations on API prototypes, which then became production debt.
Common Objections and Ethical Dilemmas: Navigating the Gray Areas
When I present this framework, I consistently hear several reasonable objections. Let me address them from my experience, acknowledging the genuine tensions.
"We Don't Have the Time or Resources for This Idealism."
This is the most frequent pushback. My counter, based on data from teams that have made the shift, is that this isn't idealism—it's deferred pragmatism. The time you "save" by cutting corners is multiplied and paid back with interest during incidents, onboarding, and refactoring. I show them the VelocityTech case study. The resource question is valid, however. My recommendation is to start with the single highest-leverage Covenant Criterion. Often, it's "Failure Modes are Mapped." This one practice alone can save dozens of future hours. It's about choosing which smidge of effort yields the largest downstream return.
"Aren't We Overstepping? Our Job is to Build What's Asked."
This confuses the role of a technician with that of a professional. A technician executes instructions. A professional provides expert judgment on the best way to achieve an outcome, including advising on risks. I argue that part of our professional duty is to illuminate the long-term trade-offs of "done." We must be humble—the business context matters—but we must also be brave enough to speak up. I've found framing it as risk management ("If we do it this quick way, we incur a 40% risk of a Sev-2 incident within 3 months") is more effective than moralizing.
"This Will Kill Our Velocity and Innovation."
Initially, yes, velocity as measured by story points completed will drop. This is a necessary detox period. But true innovation isn't just shipping new features; it's shipping sustainable, adaptable foundations for future innovation. Within 2-3 sprints, teams I've worked with find their velocity stabilizes at a lower but far more predictable and high-quality level. The innovation shifts from chaotic feature factories to thoughtful product evolution. Reduced fire-fighting also frees up mental bandwidth for genuine creative problem-solving.
Conclusion: The Moral Imperative of the Smidge
After countless post-mortems, late-night incidents, and conversations with weary engineers, I am convinced that the ethics of software maintenance boil down to a simple, profound choice: do we care for the future? Calling something "done" is an act of closure for us, but it is an act of creation for the future. We are creating the conditions under which someone else will work, a user will trust, and a system will endure. In my practice, I have seen that investing a smidge more—that extra review, that clearer comment, that robustness test—is rarely about technical perfection. It is an act of professional respect and foresight. It is a signal that we value the longevity of our craft and the dignity of those who encounter our work. I challenge you to run the audit, to have the conversation, to add that one covenant criterion. The morality of your maintenance isn't found in grand gestures, but in the small, defensible decisions you make every time you mark a ticket "Done."
Comments (0)
Please sign in to post a comment.
Don't have an account? Create one
No comments yet. Be the first to comment!