Part of the infrastructure team, responsible for making the multi-tenant security model usable end-to-end across the Flow Management Platform backend.

Integrated backend services with existing PostgreSQL Row Level Security (RLS) policies by ensuring that all queries run with the correct tenant context, rather than defining the RLS policies themselves.

Designed a tenant-aware context using a PostgreSQL GUC (app.tenant_id) together with custom EF Core transaction interceptors so each request opens a new transaction, sets the correct tenant, and avoids leaking tenant context through the connection pool.

Designed and configured separate “admin” and “default” connection strings so that migrations and special admin operations can safely bypass RLS, while all normal business queries remain fully RLS-enforced.

Implemented a tenant-aware secure login function that uses an admin connection during authentication to validate the user, resolve the correct tenant, and issue a JWT containing tenantId.

Integrated end-to-end tenant propagation by wiring tenantId from the React frontend (JWT) through NestJS REST APIs into Apache Kafka topics and finally into a .NET data-processing worker, so all background processing runs under the correct tenant.

Research: Analyzed PostgreSQL connection pooling and GUC behavior to prove that a new transaction per EF Core request is required to prevent tenant context from “sticking” between requests.

Helped define and implement a cross-cutting Event service that publishes and consumes tenant-aware events over Kafka across multiple backend services.

Supported other feature teams by explaining the multi-tenant model, reviewing their queries and APIs, and guiding them on how to adapt their code to work correctly with RLS and the tenant GUC.

Validated multi-tenant security, login flow and RLS behavior in a Docker / Docker Compose environment and collaborated via Git/GitHub pull requests and code reviews under the guidance of an industry mentor and tech lead.

Audit Trail & Version Control System

• Centralized Audit Trail Mechanism - Implemented a centralized Audit Trail mechanism using Database Triggers to automatically and consistently log every data change, enabling reliable record version restoration.
• Performance & Retention Management - Designed the Audit system for high-performance and managed a Retention Policy to clean up old versions based on defined criteria (e.g., number of latest versions or maximum age).
• JSON Change Identification - Developed a JSONBDEEPDIFF function to accurately identify changes, including in nested JSON values, and present them in a readable format (Path, Old Value, New Value).

Kafka Backup & Replay System

• Kafka Backup Service - Developed a Kafka Backup Service that reads events, temporarily stores them in dedicated Buffers, and efficiently writes them to the Database while maintaining event order and using Checkpoints for failure recovery.
• Managed Scheduler Service - Designed and developed a Scheduler Service for automated background task management, featuring Cron-based configuration and handling of Task Dependencies.
• Controlled Replay System - Built a comprehensive Replay Control System for reprocessing and resending historical events to parallel Kafka queues, featuring real-time monitoring via WebSockets. The system utilizes a Priority Semaphore for task prioritization, Cancellation Tokens for safe cancel-in-flight functionality, and Checkpointing to ensure reliable recovery after failure or cancellation.
• Range Splitter Algorithm - Implemented the RangeSplitter algorithm for optimization by resolving overlapping ranges ('Last-Wins' logic), ensuring every Timestamp is processed exactly once by the most recent source.
• Event Order Synchronization in Replay - Researched and adopted a Synchronization mechanism to resolve event order challenges in the Replay process (e.g., 'Timestamp Ties' and 'Clock Skew'), ensuring deterministic processing.

JSON Change Identification - Developed a JSONBDEEPDIFF function to accurately identify changes, including in nested JSON values, and present them in a readable format (Path, Old Value, New Value).

Kafka Backup Service - Developed a Kafka Backup Service that reads events, temporarily stores them in dedicated Buffers, and efficiently writes them to the Database while maintaining event order and using Checkpoints for failure recovery.

Managed Scheduler Service - Designed and Developed a Scheduler Service for automated background task management, featuring Cron-based configuration and handling of Task Dependencies.

Controlled Replay System - Built a comprehensive Replay Control System for reprocessing and resending historical events to parallel Kafka queues, featuring real-time monitoring via WebSockets. The system utilizes a Priority Semaphore – for task prioritization (e.g., prioritizing a high-value tenant), Cancellation Tokens – for safe cancel-in-flight functionality, and Checkpointing – to ensure reliable recovery after failure or cancellation. The restoration is directed to parallel queues to separate processes and avoid unwanted side effects during replay.

Range Splitter Algorithm - Implemented the RangeSplitter algorithm for optimization by resolving overlapping ranges ('Last-Wins' logic), ensuring every Timestamp is processed exactly once by the most recent source.

Event Order Synchronization in Replay - Researched and Adopted a Synchronization mechanism to resolve event order challenges in the Replay process (e.g., 'Timestamp Ties' and 'Clock Skew'), ensuring deterministic processing.

Object-Based Reporting Layer (NestJS + React) • Built per-object reporting tables by aggregating daily backup data — creating clean, query-optimized tables for events, processes, users, and more. • Developed retrieval endpoints in NestJS (TypeScript) with deep filtering, FTS/Trigram search, and high-performance SQL queries — powering fast audit and analysis tools. • Built a React/Vite reporting UI with structured tables, advanced filters, pagination, and formatted JSON preview for Kafka event data.

Generic Dynamic GET Engine • Implemented a generic GET engine driven by a centralized Resource Registry, supporting filtering, sorting, pagination, field selection, FTS, and Trigram search — unifying all system resources under one consistent querying mechanism. • Added full registry configs per resource, enabling new entities to be onboarded without writing new controllers or queries.

Event UPDATE & DELETE — End-to-End • Built complete UPDATE and DELETE event flows (React → NestJS → Kafka → C# → SQL), including validation, DTO schemas, Kafka topics, and processing — ensuring accurate modification and removal of events across all layers.

Testing & Validation • Designed and executed unit, integration, and E2E tests across NestJS and C# flows — validating backup extraction, GET engine behavior, and event lifecycle correctness.

developed the RBAC module (Roles & Permissions) and implemented permission enforcement across frontend and backend.

Led the architectural migration from a Single-Tenant system to a fully Multi-Tenant platform using PostgreSQL RLS and a TenantId-based schema design.

Built CRUD APIs and React + MUI management screens.

Designed Kafka workflows for role/permission events and validations, working in a Docker-based microservices environment with Git, branching and code reviews.

Mentored other developers in using the authorization layer and prepared clear technical documentation detailing the multi-tenant architecture and its enforcement model.