Senior Full-Stack Engineer: Multi-Tenant SaaS Portal (Next.js + Supabase + Stripe)

Overview We’re building the back-office portal for an AI receptionist SaaS platform. The portal manages a network of independent sales representatives: onboarding, client attribution, and commission tracking. We have a complete Product Requirements Document and a phased delivery plan; this contract covers the Phase 1 MVP build. This is a real application-engineering role, not a no-code or automation gig. You’ll be building and owning a secure, multi-tenant web application with role-based access, financial records, and webhook-driven integrations. If your portfolio is mostly landing pages or Zapier/Make workflows, this isn’t the right fit. What you’ll build (MVP scope) • Rep application form with document upload and an admin approval workflow • Rep dashboard: earnings, active clients, payout history, account status • Admin dashboard: revenue overview, client health, sales-team status, commission liability • A commission engine that creates and tracks commission records through their lifecycle states • Client attribution via unique referral codes / tracked links • Role-based access with strict row-level security (reps see only their own data) • Email notifications for key lifecycle events (application approved, new client signed, payout sent, etc.) • Webhook integrations: Stripe (subscription/payment events) and our CRM’s REST API (client sub-account provisioning) The full data model and detailed acceptance criteria live in the PRD, shared after a NDA. Required skills • Strong full-stack experience with Next.js / React and a Node/serverless backend • Deep PostgreSQL experience, including correct Row-Level Security enforced at the database level (not app-layer filtering) • Supabase (Auth, Storage, Postgres, Edge Functions), shipped to production, not just experimented with • Webhook-driven integrations, especially Stripe: signature verification, idempotency, handling duplicate and out-of-order events • Sound handling of money / ledger data: integer-cent storage, append-only commission records, reconciliation thinking • Clear written communication and documentation (we work async) Bonus skills • GoHighLevel / LeadConnector API experience • Stripe Payouts / Connect, multi-tenant SaaS architecture • DocuSign, PayPal Payouts, or Wise APIs (relevant to a later phase) • Prior work on financial, commission, or payout systems How we work • Async-first: email/messaging is primary; video is reserved for kickoff and acceptance reviews • Scope is locked before estimates; a brief written status update is expected each week • This contract is the MVP only. Strong delivery leads directly into a larger follow-on engagement: automated payouts, DocuSign onboarding, training tracking, in-portal CRM, and leaderboards How to apply, please read carefully. Applications that ignore these steps will not be reviewed: 1. Start your application with the word “KAWANA” so we know you read this section. 2. In one or two sentences, describe a comparable portal or SaaS app you’ve shipped, with a live link or repo. 3. Answer this directly and specifically: At the database level, how do you guarantee that one user can never read another user’s rows, even if they call the API directly? 4. Briefly: how would you handle a Stripe webhook that fires the same event twice?