← Zákazky

Review & harden my AI app before launch (Next.js, Supabase, TypeScript)

Rozpočet: - HOURLY / PART_TIME ⭐ 0.00 (0) Canada

react-js, typescript, next.js, node.js, postgresql, api-integration, web-application, application-security, penetration-testing, code-review, cicd

A bit of context first: I've built a working AI platform almost entirely with AI-assisted coding tools (Claude Code and the like). I'm a market research and strategist by trade, not an engineer. That said, this app and the current output has come together better than I expected. It's close to ready and I'm about to put it in front of real users internally and externally, which is exactly why I want an expert to go through it before I do. This is a really review-and-hardening role, not a rebuild-from-scratch one. I own the product and I'm not planning to hand that off. I've been tasked to look for someone to check my work, tighten the loose ends, and tell me where the risks are (including the ones I don't know to ask about). The stack, so you know what you're walking into: a TypeScript app built on Next.js, a Postgres database through Supabase (hosted in a Canadian region) that already separates each client's data, sign-in through Clerk, and AI agents running on Anthropic's models. It's now deployed on a DigitalOcean server and running as a small, private pilot where a handful of our own team members are testing it, and it's not open to the public. Microsoft Azure is the likely longer-term home. What matters most to me, roughly in order: - Making sure each client's data can be securely stored, is private and truly walled off from every other client's. This is my #1 worry. - Finding any issues in the code foundation or scaffolding. - Locking down the parts of the app that will face the outside world once it's live. - Setting up the automatic safety checks a real dev team relies on, so bad code can't slip through. - Testing the AI against being tricked through the data we feed it, and against changing behavior when the underlying model updates. Nice to have as we get closer to paying clients: a proper third-party security test, a privacy and data-location review (we handle Canadian consumer data), a tested backup-and-restore, and enough documentation that another developer could pick it up only if needed. How I'd like to work: this starts as a temporary, part-time/hourly role -- we have a couple of weeks where things need to be reviewed and hardened, plus some deeper review passes at key moments. You point things out and set up the right guardrails; I try to handle the day-to-day building. If it goes well, there may be room for more of these type of projects as others in our organization are building their own products and platforms too. So while it's one platform/app now, this could open into similar work. One note: the platform is built on proprietary client research, so I'll share code, architecture, and data under an NDA. The app is built so that sensitive research isn't baked into the code. So an initial review is very doable without me handing over anything confidential. If this sounds like your kind of project, I'd love to hear how you'd approach it! Thanks :)
Otvoriť na Upwork