Type - An extension of an existing government records platform. It added the whole security-clearance vetting lifecycle on top - cleared persons, their security records, validity tracking, bulk onboarding, configurable exports, and statutory forms.
My role - Architected the extension, built the entire backend and the frontend data layer.
Stack - Vue 3, Vite, Tailwind, Python, Flask, PostgreSQL.
8
record types per person
100%
of the load-bearing logic
~50
API routes
What I worked on
- The entire backend and the frontend data layer
- The extension architecture on top of the existing platform, including a full backend rewrite
- The authorization model and the clearance business rules
- New functionality - a validity dashboard, bulk spreadsheet onboarding, configurable exports, statutory printable forms
- Bulk data onboarding - standing up a whole organizational unit's records in one import
The hardest problem
- Correct access control on two independent axes, on every endpoint.
- A mistake either leaks classified-personnel data or blocks legitimate work.
What I've learned
- Extending a live system is different from greenfield. You inherit constraints, data, and users, and every change has to respect them.
- Deadlines force tradeoffs. The senior move is making them consciously.
- Building in the same domain twice is the fastest way to see your own growth.
- Real-world data is dirty. Importing it safely is its own discipline.