This document outlines the completed capabilities (V1) and provides an engineering roadmap for future enhancements (V2) based on post-delivery reviews.
The initial release (V1) successfully delivered a secure, low-overhead business management platform. Key highlights include:
- Implemented a unified codebase that registers routes conditionally depending on
APP_MODE(public vs. admin). - Removed admin login interfaces from the public DNS surface area entirely.
- Enforced zero-trust network access to the administrative API and database using a private Tailscale VPN mesh.
- Designed and documented the process of running a local, on-premise PostgreSQL instance on a standard office Linux PC.
- Resolved dynamic ISP IP changes by routing database traffic over Tailscale’s stable
100.64.x.xIP overlay network, eliminating the need for paid static IP broadband upgrades. - Established automated nightly database backups using
pg_dump+rclonepushing compressed archives to a secure Google Drive workspace with a 30-day retention policy.
- Implemented non-blocking background writes to Google Sheets using FastAPI
BackgroundTasks. - Enforced a database-first model where PostgreSQL remains the single source of truth, and Google Sheets acts as a derived, write-only snapshot.
- Structured all transaction synchronizations to be append-only to ensure reliability.
- Engineered a 30-day local PostgreSQL caching layer (
gstin_cache) for the AppyFlow GSTIN verification API, reducing API usage costs by close to 100% for repeat buyers. - Enforced format validation (Layer 1 regex checks) at the server boundary to prevent invalid API lookups.
- Implemented graceful UI/UX degradations, unlocking form fields for manual typing if the external API returns timeouts or quota exhaustion errors.
- Configured PostgreSQL
GENERATED ALWAYSstored columns to compute outstanding balances, preventing mathematical drift. - Enforced server-calculated status rules (PENDING, PARTIAL, PAID) while restricting manual overrides to
CANCELLEDactions.
Following a production review, several areas have been identified for upgrade in the next iteration (V2).
gantt
title V2 Engineering Roadmap
dateFormat YYYY-MM-DD
section Identity & Access
Cloudflare Access Integration :active, cf1, 2026-06-01, 10d
section Background Jobs
Redis + Celery Message Queue :cf2, after cf1, 14d
section Sync Reliability
Bi-directional Webhook Sync :cf3, after cf2, 10d
- Current Limitation: Enrolling client devices in Tailscale requires installing client applications, which introduces configuration friction for non-technical users.
- V2 Solution: Deploy Cloudflare Access (Zero Trust) in front of the Vercel admin panel (
admin.yourdomain.com). - Impact: Removes the client application requirement. Users authenticate against a Cloudflare identity wall (via email OTP or Google Workspace SSO) before the browser can retrieve or render the admin application bundle.
- Current Limitation: FastAPI
BackgroundTasksprocesses synchronization queues in-memory. If the server container restarts or crashes mid-sync, pending sync jobs are lost silently without execution. - V2 Solution: Integrate a Redis message broker with Celery workers.
- Impact: Adds persistent message queues and automatic retry logic (with exponential backoff) for Google Sheets writes. If Google's API drops, jobs remain queued in Redis until recovery, preventing data loss.
- Current Limitation: Google Sheets writes are append-only. If an administrator edits an existing sales entry in the database, the corresponding Google Sheets row is not updated.
- V2 Solution: Store the Google Sheet row index (
sheet_row_number) as a column inside the PostgreSQL tables during the initial insert sync. - Impact: Enables update triggers to locate the exact Google Sheet row index and execute targeted update requests, ensuring the accountant's spreadsheet remains in sync with the database even after edits.