All work
Full-Stack Applications

Multi-Stage Procurement Approval Platform

A full-stack purchasing/procurement web application that replaced a manual, spreadsheet/form-based process with a guided workflow engine, document handling, notifications, and leadership reporting.

Multi-pass, before any code written

Design review

100% least-privilege audit

Service accounts IAM-reviewed

Quarantine → scan → promote

Document handling

The Problem

Purchase requests (software, hardware, facilities, services) were tracked through a manual, spreadsheet-based process with no real workflow engine, inconsistent routing, and no analytics — slow for requesters and opaque for leadership.

My Approach

  • Modeled the domain explicitly as a state machine: a request moves through a defined, ordered set of approval stages computed centrally from its category and configurable dollar-amount thresholds, so business rules live in configuration, not scattered conditional logic.
  • Designed distinct experiences for each audience: requesters (guided submission wizard, status tracking), approvers (per-stage review queues, structured review checklists), administrators (approver/delegation management), and leadership (spend, cycle-time, and renewal reporting).
  • Built secure document handling: uploaded files land in a quarantine bucket, are malware-scanned, and are only promoted to the visible record after passing — with certain sensitive document types restricted from certain audiences by design.
  • Automated a nightly export pipeline from the operational database into an analytics warehouse, powering leadership dashboards without touching production data directly.
  • Ran a structured, multi-pass internal design review before building — explicitly reviewing the plan for gaps and logging findings/remediations — rather than designing once and building immediately.
  • Conducted a least-privilege review of every service account's IAM role as part of the security documentation, and shipped with CI pipelines for both correctness and dependency security scanning.

Stack

Backend

Python (FastAPI)Workflow/state-machine domain modeling

Frontend

React (SPA)

Cloud/Data

Google Cloud — Firestore (operational)BigQuery (analytics)Cloud RunCloud FunctionsCloud Storage (malware scanning)Looker Studio

Integrations

Gmail API & Google Chat API (notifications)DocuSign (optional signature stage)

IaC

Terraform

Practices

Explicit workflow/state-machine domain modelingConfiguration-driven business rulesLeast-privilege IAM reviewStructured multi-pass design reviewCI security scanning

Skills Demonstrated

  • Workflow-engine and domain-driven design for a real, multi-stakeholder business process
  • Full-stack, cloud-native application architecture (API, SPA, data warehouse, dashboards)
  • Secure document-handling pipeline design
  • Data governance and least-privilege access review as a first-class deliverable, not an afterthought
  • Disciplined engineering process: structured design review before build, configuration over hard-coded business logic