Technical · Back End
Boring on purpose.
The back end is where my systems obsession lives. Nothing here is clever for its own sake: one source of record, authorization enforced at the row, jobs that audit themselves, and AI with guardrails you can point to. I build the quiet machinery that lets small teams act big, then I measure it by what runs without me.
001
One system of record
Every mess I have been asked to fix was five copies of the truth disagreeing with each other. ASG ran on per-page scripts against a third-party API until I replaced it with one Postgres database serving every surface through a typed API. The schema is versioned history: migrations are appended, never rewritten, so the database can explain every decision that shaped it.
002
Authorization lives in the database
Broken access control is the number one application security risk in the current OWASP Top 10, and it happens when ownership checks live scattered across endpoints. So I push them down: row-level security on every table means a query physically cannot return another user's data, even if the application layer has a bug. Least privilege by construction, not by memory.
003
Systems over effort
Effort is finite, systems compound. When a problem shows up twice, the third occurrence should hit a system, not a person. At ASG, a signed seller intake spawns the CRM record, the Asana project, and a drafted marketing package before anyone touches a keyboard. That is how a 32-agent team runs on one marketing director.
004
Jobs must explain themselves
Fourteen scheduled sync jobs keep ASG's external systems fresh, and every run writes an audit record: what ran, what changed, what failed. Sync logic is idempotent, so a retry is always safe. A job that cannot account for its last run cannot be trusted with the next one.
005
Guardrails beat vibes
AI in production needs mechanical limits, not good intentions. The ASG marketing agent runs with a hard cost ceiling per run and human review on everything it drafts. AXON is built by AI agents inside a gated environment: every commit traces to a numbered requirement, and eight quality gates reject bad code without asking an AI's opinion.
006
Data is useless until it becomes action
A dashboard nobody acts on is decoration. I have built dozens; the ones that survived had a clear action tied to each metric, and the rest became wallpaper by month two. Every report I ship now defines the decision it changes, and if there is no decision, I kill the report.
How I work
005
- 01TypeScript on Fastify with Supabase Postgres for platforms, Swift when the client is native, Apps Script where glue is the honest answer.
- 02Secrets live in the environment, never in code and never in a prompt. Connectors wrap every external system, ten of them at ASG, each replaceable without touching the core.
- 03Contracts are typed end to end: one schema definition feeds the API, the client, and the validation layer, so a mismatch is a compile error instead of a production incident.
- 04AI agents do the typing, gates do the judging. CI runs the exact same checks as my machine, and an adversarial reviewer audits every change with fresh eyes.
- 05The meta-system is TimOS, an Obsidian vault where beliefs are files, decisions are logged, and 1,200 archived AI conversations get distilled into principles like the ones on this page.