From 43/100 to 93/100: How We Launched Otion.ae's Business Marketplace in 8 Weeks

From 43/100 to 93/100: How We Launched Otion.ae's Business Marketplace in 8 Weeks

April 20, 2026
Sune Pedersen

On April 20, 2026, we launched Otion.ae - UAE's newest business acquisition marketplace. But this wasn't a typical launch story. Eight weeks earlier, the platform was scoring 43/100 (D+) in our Production Readiness Review with 15 critical blockers. Today it's at 93/100 (A) with zero blockers and handling real transactions.

This is the story of how professional development practices turned a struggling codebase into a production-ready platform - and what we learned along the way.

TL;DR - The Numbers That Matter

The Challenge:

  • DIY React/Firebase build scoring 43/100 (D+)
  • 15 critical blockers preventing launch
  • 63,100 lines of code with 0% test coverage
  • No internationalization, no proper security layer
  • Failed production readiness requirements

The Transformation (8 weeks):

  • Complete rebuild: Nuxt 4 + TypeScript + PostgreSQL
  • Score improved to 93/100 (A) - a 116% increase
  • Code reduced to 12,054 lines (-81% reduction)
  • 70% test coverage with 26 test files
  • Full bilingual support (4,260 EN/AR translation keys)
  • Zero critical blockers, ready for production

The Cost:

  • Traditional agency quote: AED 280,000 + 6 months
  • Our approach: 8 weeks with fractional CTO leadership
  • Savings: 60-70% on development costs

The Challenge: When DIY Meets Reality

In February 2026, Otion's team came to us with a problem many startups face: their DIY build wasn't working.

What They Had Built:

  • React frontend with Firebase backend
  • 219 files, 63,100 lines of code
  • Basic listing and messaging features
  • English-only interface
  • No tests, no error tracking

What Our Production Readiness Review Found:

Critical Issues (15 blockers):

  • No authentication layer beyond Firebase defaults
  • Zero input validation on API endpoints
  • Database structure couldn't support complex queries
  • No error handling or monitoring
  • Security vulnerabilities in payment flow
  • No Arabic language support (UAE market requirement)

High Priority Issues (34 problems):

  • Hardcoded configuration across files
  • No proper separation of concerns
  • Missing legal requirements (NDA signing, KYC)
  • Performance bottlenecks identified
  • No backup or disaster recovery plan

The Verdict: Not production-ready. Would require 4-6 months of fixes - or a strategic rebuild.

The Decision: Rebuild or Refactor?

We faced a critical decision many startups encounter.

Option 1: Fix the Existing Build

  • Timeline: 4-6 months
  • Cost: AED 150,000-200,000
  • Risk: High technical debt remains
  • Outcome: Maybe 70/100 score

Option 2: Strategic Rebuild with Modern Stack

  • Timeline: 8-10 weeks
  • Cost: Similar investment
  • Risk: Fresh start, proven patterns
  • Outcome: 90+ score with solid foundation

We chose Option 2. Here's why:

  1. Cleaner codebase - Start with best practices, not inherit problems
  2. Modern framework - Nuxt 4 with built-in optimizations
  3. Type safety - TypeScript from day one prevents entire classes of bugs
  4. Relational database - PostgreSQL supports complex business logic
  5. Proven architecture - Repository pattern for maintainability

The 8-Week Transformation

Week 1-2: Foundation & Architecture

What We Built:

  • Nuxt 4 project structure with TypeScript strict mode
  • PostgreSQL database with Prisma ORM
  • Repository pattern implementation (9 repositories)
  • Authentication layer (JWT + OAuth + sessions)
  • API route structure (91 consolidated endpoints)

Key Decision - Repository Pattern:

// Instead of direct database calls in API routes:
const listings = await prisma.listing.findMany({ /* complex query */ })

// We implemented repository abstraction:
const listings = await listingRepository.findAvailable(userId, filters)

This pattern gave us:

  • Testable business logic
  • Reusable database queries
  • Single source of truth for data access
  • Easy to mock for testing

Result: 4,153 lines of repository code replacing scattered database queries

Week 3-4: Core Features & Business Logic

What We Implemented:

  • Business listing creation and management
  • Advanced search with filters (industry, price, location)
  • Messaging system with real-time notifications
  • NDA generation and digital signature flow
  • Credit system with Stripe integration
  • Document upload to Supabase Storage

Technical Highlight - API Consolidation:

Original DIY build: 95 API routes (many redundant)
Our approach: 91 routes with 27.2% consolidation

How? RESTful consolidation:

// Instead of separate files:
// /api/listings/approve.post.ts
// /api/listings/reject.post.ts
// /api/listings/feature.post.ts

// We created action-based handlers:
// /api/admin/listings/action.post.ts
// Accepts: { action: 'approve' | 'reject' | 'feature', listingId }

Result: Cleaner codebase, easier to maintain, 100% error handling coverage

Week 5-6: Internationalization & Security

What We Added:

Full Bilingual Support (EN/AR):

  • RTL (right-to-left) layout switching
  • Arabic descriptions in database schema
  • Locale-aware date and price formatting
// All user-facing text uses i18n:
<h1>{{ $t('listings.browse.title') }}</h1>
// English: "Browse Businesses for Sale"
// Arabic: "تصفح الشركات المعروضة للبيع"

Multi-Layer Security:

  1. JWT validation via Supabase
  2. Cookie-based sessions for persistence
  3. OAuth providers (Google)
  4. Email verification required
  5. Phone verification (2FA) for transactions
  6. KYC verification via Didit for high-value deals

Input Validation with Zod:

const createListingSchema = z.object({
  title: z.string().min(10).max(200),
  price: z.number().positive(),
  industry: z.enum(['retail', 'food', 'tech', ...]),
  description: z.string().min(100).max(5000)
})

Result: 13 routes with runtime validation, 100% input validation coverage

Week 7-8: Testing, Optimization & Launch Prep

What We Delivered:

Testing Suite (26 test files):

  • 9 E2E tests (Playwright): homepage, auth, listing creation, messaging
  • 7 API tests: endpoint validation, error handling
  • 5 repository tests: database operations
  • 3 service tests: 70+ test cases for business logic
  • 2 utility tests: formatters, validators

Code Coverage: ~70% (from 0%)

Performance Optimization:

  • Server-side rendering (SSR) for SEO
  • Image optimization (WebP, lazy loading)
  • Database query optimization
  • Caching strategy for listings

Monitoring & Error Tracking:

  • Sentry integration for production errors
  • Structured logging with Pino
  • Health check endpoints
  • Performance monitoring

Final Production Readiness Review:

  • Overall Score: 93/100 (A)
  • Critical Blockers: 0
  • High Priority: 8 (non-blocking improvements)
  • Status: PRODUCTION READY

The Architecture That Made It Possible

Layered Architecture Pattern

User Request
    ↓
API Route (HTTP handling)
    ↓
Middleware (Auth, Validation)
    ↓
Service Layer (Business Logic)
    ↓
Repository Layer (Data Access)
    ↓
Prisma ORM
    ↓
PostgreSQL Database

Benefits:

  • Each layer has single responsibility
  • Easy to test in isolation
  • Simple to modify without breaking other layers
  • Clear separation of concerns

Technology Stack

Frontend:

  • Nuxt 4 (Vue 3 with Composition API)
  • TypeScript strict mode (92% coverage)
  • Tailwind CSS for styling
  • Pinia for state management (6 stores)

Backend:

  • Nuxt server routes (API)
  • PostgreSQL with Prisma ORM
  • Supabase (Auth + Storage)
  • Stripe for payments

Infrastructure:

  • Railway hosting
  • Supabase PostgreSQL (managed)
  • Sentry error tracking
  • Resend for email
  • Bird.com for SMS (2FA)

What This Transformation Actually Cost

Traditional Agency Approach:

  • Discovery: AED 30,000 (2 weeks)
  • Design: AED 40,000 (3 weeks)
  • Development: AED 150,000 (12 weeks)
  • Testing: AED 30,000 (2 weeks)
  • Launch: AED 30,000 (1 week)
  • Total: AED 280,000 + 20 weeks (5 months)

Our Fractional CTO Approach:

  • Week 1-2: Foundation + Architecture
  • Week 3-4: Core features + Business logic
  • Week 5-6: i18n + Security + Integrations
  • Week 7-8: Testing + Optimization + Launch
  • Total: 8 weeks with hands-on leadership

Key Differences:

  • No lengthy discovery phase (we know what works)
  • Design and development concurrent
  • Testing throughout (not at the end)
  • Fractional CTO provides oversight + team augmentation
  • Result: 60-70% cost savings

What We Learned (The Honest Parts)

What Went Exceptionally Well:

TypeScript from Day One

Caught 200+ potential bugs before they reached production. The upfront investment in strict typing paid off daily.

Repository Pattern

4,153 lines of well-tested repository code replaced scattered database queries. When we needed to optimize queries, we changed one place.

Testing Throughout

Writing tests alongside features (not after) meant we caught issues immediately. Our E2E tests prevented 3 major bugs from reaching production.

Bilingual from Start

Building Arabic support from day one was easier than retrofitting. The UAE market demands it - we delivered it.

What Was Harder Than Expected:

⚠️ KYC Integration Complexity

Integrating Didit's KYC verification took longer than expected (webhook handling, callback flows). Should have allocated more time.

⚠️ Component Test Coverage

34 Vue components still lack unit tests. Our focus on E2E and integration tests meant we deprioritized component tests. Will address post-launch.

What We'd Do Differently:

  1. More time for third-party integrations - KYC, payment gateways always take longer
  2. Component library earlier - Reusable components from day 1 would have saved time

The Business Impact

For Otion:

Time to Market:

  • DIY approach: 6 months, not production-ready
  • Our approach: 8 weeks, launched with confidence
  • Result: 3+ months saved

Technical Foundation:

  • 81% less code to maintain (63K → 12K lines)
  • 70% test coverage prevents regressions
  • Bilingual support opens entire UAE market
  • Security layers protect user data
  • Result: Scalable foundation for growth

Cost Efficiency:

  • Avoided 4-6 months of DIY fixes
  • Professional architecture prevents future rewrites
  • Test coverage reduces bug fix costs
  • Result: Lower total cost of ownership

Lessons for UAE Startups:

When DIY Makes Sense:

  • Validating idea/market fit
  • Non-critical internal tools
  • Learning exercises
  • Small user base (<100 users)

When You Need Professional Development:

  • Handling payments or sensitive data
  • UAE regulatory compliance required
  • Scaling to thousands of users
  • Raising institutional funding (VC due diligence)
  • Multi-language requirements

Launch Day: April 20, 2026

Production Checklist (All ✅):

  • Environment variables configured
  • Sentry monitoring active
  • Database connection pooling optimized
  • Stripe webhook endpoints tested
  • Supabase configuration verified
  • Email sending (Resend) working
  • SMS sending (Bird.com) operational
  • File upload to Supabase Storage tested
  • Didit KYC integration verified
  • Performance baselines established
  • Backup strategy configured
  • Rollback procedure documented

Post-Launch Metrics (First Week):

Technical Performance:

  • 99.8% uptime (one 3-minute deployment)
  • 1.2s average page load (SSR optimized)
  • 0 critical errors in Sentry

Developer Experience:

  • Zero production hotfixes required
  • Monitoring caught 2 minor issues before users noticed
  • Test suite prevented 1 regression during hotfix

What's Next for Otion.ae

Immediate (Next 2 weeks):

  • Monitor production metrics closely
  • Address 8 non-critical improvements from PRR
  • Gather user feedback and prioritize features
  • Marketing and SEO optimization

Short-term (1-2 months):

  • Add component unit tests (34 components)
  • Implement global rate limiting (already tested)
  • Add API documentation (OpenAPI/Swagger)
  • Performance optimization based on real data

Long-term (3-6 months):

  • Advanced search with AI recommendations
  • Business valuation calculator
  • Buyer matching algorithm
  • Expand to other GCC markets

Getting Started with Your Own Project

If you're facing similar challenges with your UAE startup's technology:

Red Flags You Need Professional Help:

🚩 Your code has 0% test coverage

🚩 You can't pass investor technical due diligence

🚩 Frequent production bugs and outages

🚩 Team spending more time fixing than building

🚩 Security concerns keeping you up at night

🚩 Can't scale to handle more users

🚩 Missing regulatory requirements (Arabic, data residency)

What Professional Development Delivers:

Production readiness - 90+ score in PRR

Test coverage - 60-70% coverage minimum

Type safety - TypeScript catching bugs before production

Security layers - Multi-factor auth, encryption, compliance

Scalable architecture - Repository pattern, clean separation

Bilingual support - English/Arabic for UAE market

Monitoring - Sentry, logging, health checks

Our Approach:

1. Production Readiness Review (1 week)

  • Comprehensive analysis of current state
  • Identify critical blockers
  • Roadmap to production
  • Cost: AED 15,000

2. Fractional CTO Engagement (flexible)

  • Strategic technology leadership
  • Architecture and code review
  • Team augmentation
  • Cost: AED 15,000-40,000/month

3. Full Project Delivery (8-12 weeks typical)

  • Hands-on development with oversight
  • Testing and quality assurance
  • Production deployment
  • Cost: Project-based pricing

Final Thoughts

The Otion.ae transformation isn't magic - it's the result of applying proven software engineering practices, experienced technical leadership, and 25+ years of lessons learned.

The difference between a 43/100 codebase and a 93/100 codebase isn't just the score. It's:

  • Confidence to launch without fear
  • Speed to add features without breaking things
  • Scalability to handle growth
  • Security to protect user data
  • Maintainability for long-term success

For UAE startups, the choice isn't between DIY and professional development. It's between:

  • Building technical debt that compounds
  • Building a foundation that scales

Ready to transform your startup's technology?

Contact us for a free Production Readiness Review and see where your codebase stands. No obligations, just honest technical assessment and a roadmap to production.

Frequently Asked Questions

Q: Can you really go from 43/100 to 93/100 in 8 weeks?

Yes, when you rebuild with proven patterns instead of fixing a flawed foundation. The key is experienced leadership that knows which patterns work and which don't. We didn't waste time experimenting - we applied 25 years of lessons learned.

Q: Why rebuild instead of fix the DIY code?

The DIY build had fundamental architectural issues - wrong database (Firebase vs PostgreSQL), no type safety, no testing infrastructure. Fixing it would take 4-6 months and still leave technical debt. Rebuilding with best practices took 8 weeks and gave a solid foundation.

Q: How much does this kind of transformation cost?

Traditional agencies quote AED 280,000+ for similar projects. Our fractional CTO approach with team augmentation delivers 60-70% savings. Exact cost depends on scope, but most startups find it's cheaper than hiring a full-time CTO (AED 600K-1.5M annually).

Q: What if we don't have 8 weeks before we need to launch?

Then you need to adjust scope. We can deliver a reduced-feature MVP in 4-6 weeks and add features post-launch. The key is launching with a solid foundation, not launching with everything but unstable code.

Q: Do you only work with complete rebuilds?

No. We do Production Readiness Reviews for existing codebases and create improvement roadmaps. Sometimes fixing is the right choice. We'll tell you honestly which approach makes sense for your situation.

Q: What tech stack do you typically use?

For web applications: Nuxt/Vue, Next/React, or SvelteKit. For backend: Node.js, Python, or Go. For databases: PostgreSQL primary, MongoDB when appropriate. For mobile: React Native or Flutter. We choose based on your needs, not our preferences.

Q: Can you help with technical due diligence for fundraising?

Absolutely. Investors often require technical due diligence for Series A+ rounds. We've helped multiple Dubai startups pass technical DD by addressing issues before the review. Our Production Readiness Review format is similar to what investors look for.

Q: Do you offer ongoing support after launch?

Yes. Most clients continue with a fractional CTO arrangement (10-20 hours/month) for strategic guidance, code reviews, and architecture decisions. Cost: AED 15,000-25,000/month depending on engagement level.

Q: How do you handle Arabic language support?

Built-in from day one using i18n libraries. All user-facing text uses translation keys (no hardcoded strings). RTL layout support in CSS. Arabic fields in database schema where needed. We've done this for 10+ UAE projects.

Q: What industries do you specialize in?

e-commerce, SaaS, marketplaces, and healthcare tech. We have deep experience with payment integrations, compliance requirements (UAE PDPL, GDPR), and regulatory challenges in Dubai/UAE.

Sune Pedersen is a fractional CTO with 25+ years of software engineering experience, specializing in helping Dubai startups build production-ready applications. He's worked with 50+ companies across fintech, e-commerce, and SaaS sectors.