Full-Stack Applications
Multi-Stage Procurement Approval Platform
A full-stack purchasing/procurement web application that replaced a manual, spreadsheet/form-based process with a guided workflow engine, document handling, notifications, and leadership reporting.
Multi-pass, before any code written
Design review
100% least-privilege audit
Service accounts IAM-reviewed
Quarantine → scan → promote
Document handling
The Problem
Purchase requests (software, hardware, facilities, services) were tracked through a manual, spreadsheet-based process with no real workflow engine, inconsistent routing, and no analytics — slow for requesters and opaque for leadership.
My Approach
- Modeled the domain explicitly as a state machine: a request moves through a defined, ordered set of approval stages computed centrally from its category and configurable dollar-amount thresholds, so business rules live in configuration, not scattered conditional logic.
- Designed distinct experiences for each audience: requesters (guided submission wizard, status tracking), approvers (per-stage review queues, structured review checklists), administrators (approver/delegation management), and leadership (spend, cycle-time, and renewal reporting).
- Built secure document handling: uploaded files land in a quarantine bucket, are malware-scanned, and are only promoted to the visible record after passing — with certain sensitive document types restricted from certain audiences by design.
- Automated a nightly export pipeline from the operational database into an analytics warehouse, powering leadership dashboards without touching production data directly.
- Ran a structured, multi-pass internal design review before building — explicitly reviewing the plan for gaps and logging findings/remediations — rather than designing once and building immediately.
- Conducted a least-privilege review of every service account's IAM role as part of the security documentation, and shipped with CI pipelines for both correctness and dependency security scanning.
Stack
Backend
Python (FastAPI)Workflow/state-machine domain modeling
Frontend
React (SPA)
Cloud/Data
Google Cloud — Firestore (operational)BigQuery (analytics)Cloud RunCloud FunctionsCloud Storage (malware scanning)Looker Studio
Integrations
Gmail API & Google Chat API (notifications)DocuSign (optional signature stage)
IaC
Terraform
Practices
Explicit workflow/state-machine domain modelingConfiguration-driven business rulesLeast-privilege IAM reviewStructured multi-pass design reviewCI security scanning
Skills Demonstrated
- ▸Workflow-engine and domain-driven design for a real, multi-stakeholder business process
- ▸Full-stack, cloud-native application architecture (API, SPA, data warehouse, dashboards)
- ▸Secure document-handling pipeline design
- ▸Data governance and least-privilege access review as a first-class deliverable, not an afterthought
- ▸Disciplined engineering process: structured design review before build, configuration over hard-coded business logic