RMS (Resource Management System)

Problem: Different teams needed granular access to different parts of the system. A flat permission model caused security risks, poor separation of responsibilities, and made it difficult to scale permissions as the platform grew.

Solution: Implemented comprehensive role-based access control using AWS Cognito groups via AWS Amplify. Defined five core roles: Admin (unrestricted access), HR (employee management, voting system, reports), PM (project management, standups, financial data for assigned projects), Growth (products, commissions, business reports), and AWS (billing and AWS-specific reports). Permissions are centrally managed and enforced at multiple layers.

Architecture: Authentication is handled by AWS Cognito with email-based sign-in. User group information is injected into the frontend via AWS Amplify and automatically available in the React context. Permissions are enforced at three levels: UI components conditionally render based on user roles, Next.js middleware protects routes server-side before rendering, and API routes perform server-side permission checks before processing requests. Permission definitions are centralized in TypeScript types for maintainability.

Problem: Daily standups were manual, inconsistent, and hard to track across multiple projects and teams. PMs had to manually coordinate standups, track responses, and compile summaries. There was no centralized way to review historical standup data or ensure consistency.

Solution: Built a fully configurable standup automation system where PMs create standup configurations with custom questions, assign participants, set reporting times, and specify days of the week. The system automatically sends Slack prompts to employees at scheduled times, collects responses directly in Slack threads, and posts formatted summaries back to project channels. A centralized dashboard allows reviewing all standup responses and generating reports.

Architecture: Standup configurations are stored in PostgreSQL with relationships to questions, participants, and responses. Next.js API routes handle cron job scheduling for standup notifications. The system integrates with Slack API using bot tokens and signing secrets for secure communication. When a standup is triggered, the system sends interactive Slack messages to participants, collects responses via Slack webhooks, parses and stores responses in the database, and formats summaries that are posted back to designated Slack channels. The frontend dashboard uses SWR for real-time data fetching and displays standup history, response rates, and detailed reports.

Problem: AWS costs were difficult to track across multiple accounts with no centralized visibility, forecasting, or historical analysis. Teams lacked insight into spending trends, cost optimization opportunities, and budget planning capabilities.

Solution: Built a comprehensive AWS billing management system that supports multiple AWS accounts. The system securely stores account credentials, automatically fetches monthly billing data using AWS Cost Explorer APIs, and provides dashboards showing historical costs, current month-to-date spending, and forecasted expenses. Automated alerts notify teams when usage exceeds predefined thresholds, and detailed reports help identify cost optimization opportunities.

Architecture: AWS account credentials are securely stored in PostgreSQL with encrypted sensitive fields. Next.js API routes authenticate with AWS using stored credentials and fetch billing data via AWS Cost Explorer API. The system normalizes billing data across different accounts and stores it in structured tables (AwsAccount, AwsBill) using Prisma ORM. Scheduled cron jobs periodically refresh billing data to keep dashboards up-to-date. The frontend uses Recharts for visualizing cost trends over time, and AG Grid for displaying detailed billing tables. Forecasting logic analyzes historical patterns to predict future spending.

Problem: Manual attendance tracking lacked accuracy and approval workflows, especially for hybrid and remote work.

Solution: Implemented a check-in / check-out system with office Wi-Fi validation, manual entry approval flow, and admin oversight.

Architecture: Attendance events are recorded through secure API routes. Validation logic runs server-side. Admin approvals and edits are persisted in PostgreSQL using Prisma.