cto @ sedes
architected and led development of a full-stack property management saas platform for the italian hospitality industry. oversaw all architecture decisions, feature design, and code review across a team, delivering ~1,500 commits across dashboard and api repositories over 7 months (september 2025 - present, full-time)
features
[12]architected and led development of a multi-service backend deployed as 6-8 independent aws lambda functions behind api gateway, each owning a bounded domain with shared supabase infrastructure and a centralized authorization layer supporting both cognito oauth and custom otp flows
designed a multi-tenant saas architecture where a super admin can switch between client organizations, with all api queries, store hydration, and ui state scoped to the selected client. persistent across page reloads with hydration guards to prevent data leaking between tenants
built a 5-step compliance workflow that ingests uploaded property documents, uses an openai model to extract designated usage types, then generates a complete list of required regulatory documents per italian law (duvri, messa a terra, etc.) with editable verification cards, a compliance calendar tracking expiry deadlines, and async lambda self-invocation for heavy ai processing
built a conversational ai agent using the openai agents sdk that tenants interact with via whatsapp. it performs semantic search over a knowledge base of ingested property documents using text-embedding-3-small embeddings stored in supabase pgvector, resolves ambiguous space references, creates maintenance tickets with photo attachments, and hands off to human support when needed, all with multi-language awareness
built a csv/excel batch import system for tenant records that uses ai to map arbitrary spreadsheet columns to domain fields, with a drag-and-drop upload, editable preview table, entity resolution for properties/spaces, validation summary with per-cell error highlighting, and navigation guards to prevent data loss
implemented a real-time messaging system embedded within maintenance task views. supports text and image attachments via supabase storage, read receipts with per-user tracking, unread message badges across the dashboard, and collapsible chat sections that share context with the task property and space hierarchy
integrated the whatsapp cloud api for bidirectional messaging. supports multi-waba (whatsapp business account) routing, otp-based operator authentication via whatsapp templates, persona-aware message dispatch based on relationship type (tenant vs. operator), inline photo rendering, webhook signature validation, and async webhook processing via lambda self-invocation to avoid meta timeout backoff
built an interactive, hierarchical property/space visualization using reactflow. supports drag-to-move operations, expand/collapse controls, right-click context menus with crud actions, tag/floor indicators on nodes, and a synchronized table+tree dual view with search, all backed by a recursive parent-child data model
engineered a recurring task system using the rrule specification. operators define frequency, interval, and max occurrences, and the system generates calendar events with status-based color coding in a daypilot calendar view, plus the ability to edit/delete individual occurrences or entire series, and convert one-off tasks to recurring
built a document management system with s3-backed storage, presigned url uploads, automatic text extraction via a dedicated document-processing lambda, and a rag pipeline that chunks documents, generates text-embedding-3-small embeddings, and stores them in supabase pgvector for semantic search. includes folder navigation by property/tag/category and a chunk viewer showing how documents were segmented for retrieval
implemented defense-in-depth across the api. webhook signature validation (hmac) for meta callbacks, otp brute-force protection with atomic increment and code invalidation, s3 path traversal prevention, tenant isolation enforcement via role-based guards, rate limiting on all public endpoints, and fail-closed validation patterns
built a standalone portal for maintenance operators authenticated via whatsapp-delivered otp codes with signed jwt tokens in template links. features a filtered task list, task detail pages with photo uploads and comments, and italian localization. fully decoupled from the main admin dashboard with its own auth guard and session management