Type - A full-stack accommodation platform for a public-sector organization. Public application form, multi-stage approvals, room inventory, contracts, invoicing, statutory reporting. Two security zones with a one-way sync.
My role - Primary author. Built almost the whole system end to end.
Stack - Python, Flask, PostgreSQL, Vue 3, TypeScript, Tailwind, Playwright, Vitest.
2
security zones
24
backend service modules
189
Vue components
8
workflow stages
What I worked on
- Almost the entire platform - backend, frontend, deployment
- An 8-stage approval workflow engine
- Authentication with modern token security
- The one-way sync between the public and internal zones
- Statutory reporting to state authorities
- Document generation, data imports, audit logging
- A pre-launch security audit of the public stack
The hardest problem
- The security policy banned any direct connection between the public zone and the internal one.
- I designed a one-way, crash-safe sync that satisfies the policy with the smallest attack surface.
Public zoneOne-way syncInternal system
What I've learned
- Security constraints can produce better architecture. The restriction forced a simpler design.
- A workflow system lives or dies on its state model.
- Owning the security audit before launch beats reacting after.