Client & Professional Work

Prototype Deployment Platform

An internal platform for deploying, managing, and gating access to client-facing prototype applications, with per-prototype infrastructure provisioned on demand.

Highlights

  • Designed an auth-proxy sidecar pattern that gates every prototype behind platform sessions with fail-closed security
  • Built runtime, per-prototype AWS infrastructure provisioning via the AWS SDK rather than static Terraform
  • Applied Clean Architecture across a full-stack TypeScript monorepo with comprehensive automated testing

Skills

Cloud platform engineeringAWS / container orchestrationClean ArchitectureInfrastructure-as-codeSecure access control

Confidentiality: This describes work delivered under a consulting engagement. The client's identity and all internal/proprietary identifiers have been withheld; only my own work, the general architecture, and the technologies used are described.

Overview#

A lightweight platform for deploying, managing, and providing controlled access to prototype applications — built so a product team could spin up isolated, access-gated prototypes for stakeholders without standing up bespoke infrastructure each time. It's a full-stack TypeScript monorepo organized around Clean Architecture.

The Problem#

Sharing in-progress prototypes with the right audience — and only that audience — usually means manual deployments and ad-hoc access control. The goal was a platform that could deploy a prototype, provision its infrastructure automatically, and enforce per-prototype access through a single sign-in, all while keeping prototypes isolated from one another.

My Role#

Senior Software Engineer on the engagement.

Architecture & Approach#

  • Backend (Clean Architecture). A Node/Express + TypeScript API split into domain, application, infrastructure, and presentation layers, with use-cases orchestrating business logic, repositories abstracting data access, and dependency injection wiring it together. A Result<T, E> pattern is used in place of thrown exceptions, with value objects for domain primitives.
  • Frontend. A React + TypeScript app mirroring the backend's domain in its core layer, organized into isolated components with colocated tests and distinct admin/auth/client layouts.
  • Per-prototype runtime infrastructure. Rather than static infrastructure-as-code, the platform creates and destroys each prototype's task definitions, services, target groups, and routing rules at runtime through the AWS SDK. Terraform owns only the shared, long-lived infrastructure.

Technical Highlights#

  • Auth-proxy sidecar. Every prototype runs alongside a sidecar that intercepts requests, validates the platform session against an internal authorization endpoint, and proxies to the prototype over loopback only after authorization. It fails closed on error, redirects unauthenticated users to login, and the prototype container is never directly reachable. A response-rewriting layer injects an isolated "prototype" banner into HTML responses without disturbing the prototype's own styling.
  • Container orchestration. AWS ECS Fargate runs both the platform and every prototype across separate clusters behind load balancers in private subnets, with on-demand image builds and per-prototype DNS managed programmatically.
  • Engineering rigor. Strict TypeScript, a layered test strategy (unit, integration, end-to-end), and an in-memory PostgreSQL-compatible database for fast test runs.

Skills Demonstrated#

Cloud platform engineering, AWS and container orchestration, Clean Architecture, infrastructure-as-code, and secure access-control design.