Production engineering patterns
These are patterns I've shipped in production at BFEAI and in client engagements. Each one is the kind of thing you only learn by getting it wrong the first time.
Cross-App SSO with JWT & Refresh-Token Rotation Done Right
Cross-app SSO using a shared JWT issuer and rotating refresh tokens. Engineering pattern for short-lived access tokens, reuse detection, and one-click sign-out.
LLM Agent Tool-Call Retry: The Loop That Survives Production
Engineering pattern for LLM agent tool-call retry loops that survive transient failures, stay idempotent, and recover state after a mid-loop crash.
LLM Cost Attribution Per Customer: Postgres Pattern for Margin Math
Turn the monthly OpenAI and Anthropic bill into a per-customer dollar figure. Postgres usage table, nightly rollup, and cache-aware token math.
LLM Model Fallback Chain: Stay Up When Your Primary Model Is Down
Build an LLM model fallback chain so SaaS agents stay up when Claude or OpenAI is rate-limited, overloaded, or down — classify errors, route smart, cap spend.
LLM Prompt Eval Harness in CI: Catch Regressions Pre-Merge
Version LLM prompts in git, run an eval harness on every PR, and block merges that regress quality. The pattern that catches output drift before users do.
Multi-Tenant Postgres Search: Across vs Within Tenants
Multi-tenant Postgres search across vs within tenants — PERMISSIVE and RESTRICTIVE RLS, SECURITY DEFINER, materialized views, Meilisearch and Typesense.
Multi-Tenant Supabase + Postgres RLS: Stop Tenant Data Bleed
Postgres RLS policy pattern for true tenant isolation on Supabase. Covers FORCE ROW LEVEL SECURITY, auth.jwt(), the service_role trap, and integration tests.
Extracting the Hidden State Machine from n8n Workflows in TypeScript
Migrating n8n to TypeScript? The state machine n8n runs for you is invisible until it's gone. Pattern for extracting it cleanly into XState or hand-rolled code.
RAG Namespace Isolation: Stop Cross-Tenant Retrieval Leaks
Engineering pattern for true RAG tenant isolation. Pinecone namespaces, pgvector schema-per-tenant, why filter-based isolation leaks, and what works.
Row-Level Security Test Pattern for Postgres: Catch Leaks Pre-Prod
Write Postgres RLS tests that catch cross-tenant leaks before production. The fixture, role-switching, and pg_catalog patterns that make policies trustworthy.
SaaS Observability Without the Datadog Bill: A Seed-to-Series-A Stack
Assemble production-grade SaaS observability on Sentry, Netlify/Vercel logs, Supabase, and Postgres before committing to a $50K+ Datadog bill.
Stripe Connect Dispute Liability: Who Pays When a Buyer Charges Back
Map dispute liability across Stripe Connect Standard, Express, and Custom accounts. Webhooks, destination-charge debits, and the vendor-negative case.
Stripe Credit Pools: Dual-Pool Ledger Pattern for SaaS Billing
Run free and paid credit pools side by side on Stripe Billing. Postgres ledger schema, drain order, expiry, refunds, and idempotent reloads in production.
Stripe Dunning Recovery: A State Machine That Survives Real Failures
Stop losing revenue to failed Stripe payments. Engineering pattern for the dunning state machine: smart retries, past_due to canceled transitions, recovery.
Stripe Metered Billing: Reconcile Webhooks Without Double-Counting
Stop double-counting Stripe meter events when webhooks retry. Engineering pattern for idempotent usage submission and end-of-period reconciliation.
Stripe Proration Edge Cases on Mid-Cycle Plan Changes
Stripe subscription proration edge cases: trialing-to-active surprises, downgrades that prorate against customer intent, and proration_behavior defaults.
Stripe Tax for Multi-Jurisdiction SaaS: US States and EU VAT
Stripe Tax pattern for SaaS selling across US states and EU. Economic nexus, VAT reverse charge, exempt customers, exclusive vs inclusive pricing.
Tenant Audit Log for SOC 2 and HIPAA Without the Compliance Drag
Tenant-scoped audit log that satisfies SOC 2 CC6/CC7 and HIPAA 164.312(b) — append-only Postgres, per-tenant filtering, retention, and SIEM export.
Webhook Idempotency: The Postgres Dedup-Table Pattern
Build a Postgres processed_events dedup table that survives webhook retries from Stripe, GitHub, and Twilio. INSERT ON CONFLICT, race conditions, cleanup.
Strangler Fig Migration from Zapier to Custom Code: Cut Over Safely
The strangler fig migration off Zapier: run the Zap and your TypeScript replacement in parallel, compare outputs for 7 days, then flip the trigger.