Type - A government records platform for classified-information administration across six regulated security domains. Strict access control, statutory reports, audit logging.
My role - My first project that went to production. I coded it end to end, with feedback from a senior developer and a product manager who shaped the product.
Stack - React 18, TypeScript, Vite, Tailwind, Python, Flask, PostgreSQL.
136
endpoints
20
entities
6
security domains
What I worked on
- The entire application - architecture, backend, frontend, delivery
- A design-doc-first backend in clean layers
- Role- and region-based access control
- The validation layer end to end
- Statutory reporting, audit logging, core domain workflows
The hardest problem
- Every clerk must see exactly their own scope and nothing else, across every entity and endpoint.
- In this domain, getting that wrong is not an option.
What I've learned
- Design before you build. The system was designed on paper first, and the shipped code matched it.
- Authorization has to live in one place. The same rule implemented twice will drift.
- Owning a whole production system teaches you every layer, and your own weak spots.
- Feedback is leverage. A senior developer's reviews and a product manager's direction made me better, fast.
- Understand the problem first. You can only build the thing right for the user when you actually understand what they need.