Project logo
2023
OTC Stores LLC.

Enterprise CRM Ecosystem & Security Infrastructure

Re-architecting core business operations: from a legacy monolith to a secure, decoupled ecosystem.

The Concept: The Operational Backbone Replacing a legacy CRM is open-heart surgery for a business. It requires more than just coding new interfaces; it demands building a safety net around data and creating tools that allow the distributed team to work without friction.

The Challenge: Fragile Operations

The company was running on an outdated monolith that had become a bottleneck. Beyond technical debt, we identified critical operational risks:

  • Data Danger: The external inventory platform (SkuVault) lacked "Read-Only" keys. Any developer querying the API had full admin rights—one bad script could erase the warehouse.
  • Access Friction: The distributed team struggled with services requiring SMS 2FA. With employees in different time zones, sharing a single physical phone for OTP codes was impossible.
  • Migration Risks: Replacing the core system required zero downtime.

The Solution: Full-Stack Re-Architecture

I led the design of a modern ecosystem, moving from a rigid monolith to a service-oriented architecture.

1. Core CRM (Quasar + Symfony)

I developed ~70% of the new system, enforcing strict engineering standards:

  • Contract-First API: Implemented Swagger/OpenAPI documentation. This turned the backend into a clear contract, allowing frontend developers to work autonomously.
    API Swagger
  • Type-Safe Frontend: Built on Quasar & TypeScript, providing a robust UI component library that drastically reduced bug rates compared to the legacy JS code.

2. Security Middleware (The "Safety Valve")

To solve the inventory risk, I didn't just wait for the vendor. I engineered a Node.js API Governor.

  • Traffic Control: This middleware intercepts all requests to the inventory system.
  • Simulated Read-Only: It blocks POST/DELETE commands from developers, allowing them to query live data safely without risking accidental data corruption.

3. DevEx & Remote Access

To unblock the remote team, I built a Serverless SMS Gateway.

  • Slack Integration: 2FA codes and test messages are intercepted via Plivo and routed directly to a secure Slack channel.
  • Impact: This eliminated "phone passing" and allowed developers to debug SMS flows instantly, speeding up the login/auth development cycle.

🚀 Business Outcomes

The transition transformed the company's operational capacity:

  • Zero Incidents: The API Governor prevented potential data loss during the active development phase.
  • Operational Velocity: The new "Task System" and automated reports reduced time-to-resolution for client support issues.
  • Seamless Migration: We executed a phased rollout where the new Vue 3 system coexisted with legacy data, ensuring no business interruption.

CRM task system

Vue 3 / TypeScript
Quasar Framework
Symfony / API Platform
Node.js Middleware
Security Engineering