Project evidence

Projects that demonstrate what I inspect in an audit: code, data, servers, and operations

These are my own public projects rather than client systems subject to NDAs, so the complete lifecycle can be reviewed. You can visit the sites, consult official registry entries, and assess the engineering decisions end to end. They show the same focus I bring to audits: identifying root causes and producing measurable results.

Java/backend is my core expertise; PHP demonstrates work with legacy code. Each project presents the problem, approach, and measurable result.

Projects

Four projects represent four business challenges: an end-to-end Java product, a continuously operated service on constrained resources, a product with documented legal status, and the migration of a large legacy codebase. Each presents the problem, approach, and measurable result.

  • PHP
  • Russian software registry
  • Rospatent
  • documentation

Problem. The engine needed more than a download page: it required clear product information and documented legal status so businesses and individual users could evaluate it.

  • What I did. Prepared the product for release with a public overview, release archive, installation and operations documentation, and structured search data. It was entered in the Russian software registry and registered as a computer program with Rospatent.
  • Result. The product has verified legal status through a Russian software registry entry and a Rospatent certificate, clear support channels, and a deployment process independent of a single local environment.

Business value: I can prepare a product so businesses can deploy it with clear technical and legal documentation.

Evidence and registries

The product documentation and legal status are available in public sources and can be verified independently.

Lomt LMS

Java · end-to-end lifecycle
  • Java 21
  • Spring Boot
  • PostgreSQL
  • Docker
  • CI/CD

Problem. The learning platform needed a controlled process for assignments, access, reviews, and deadlines, plus predictable releases without downtime or undocumented manual deployment.

  • What I did. Designed the domain model and built the complete stack: PostgreSQL with versioned Flyway migrations, the application and database in Docker containers, and a CI/CD pipeline with automated tests, OpenSSF Scorecard security checks, and automated production deployment.
  • Result. A service running in Docker containers with reproducible releases and change control, automated pass/fail tests for learning scenarios, and a registered Lomt LMS trademark.

Business value: This brings together every layer I inspect in other systems — architecture, data, migrations, tests, deployment, and operations — in one project from inception to production.

Legal and product documentation

The trademark covers the Lomt LMS educational product and confirms the project’s distinct product identity.

themm.ru / Ikh Novosti

Spring Boot · operations
  • Spring Boot
  • PostgreSQL
  • Flyway
  • media registry

Problem. The news stream must be collected from many sources, stored reliably, and published without downtime, while sharing the same constrained resources as other services.

  • What I did. Built a Spring Boot service with PostgreSQL and Flyway migrations, a dedicated memory-limited systemd runtime behind HAProxy and Apache, and a reader-facing site with direct links to original sources.
  • Result. A continuously operated online publication listed in the Roskomnadzor media registry runs on one VPS alongside other services, with controlled collection, storage, and publication.

Business value: This demonstrates operational discipline: running a service continuously without dedicated infrastructure for every project.

Media registration

The public Roskomnadzor record confirms the status of the online publication and links the project to an official regulatory entry.

Shriftik.ru

Java · React · PostgreSQL
  • Java 25
  • Spring Boot 4.1
  • React 19
  • Next.js
  • 7,685 fonts

Problem. A large free-font collection had to be migrated from legacy PHP to a modern architecture without losing the archive, search, previews, downloads, or search visibility.

  • What I did. Split the project into a Java backend with a version 1 public API, Spring Boot, PostgreSQL, Flyway, and an OpenAPI contract, plus a public frontend built with Next.js App Router, React, and TypeScript; preserved the font collection, categories, search, preview tool, and SEO layer.
  • Result. Shriftik.ru now runs as a modern application: 7,685 fonts are available through a React interface and separate API, the legacy archive has been migrated into a managed data model, and releases are verified in both code and infrastructure.

Business value: I demonstrate how to migrate a live legacy service to a maintainable Java + React stack without product downtime or loss of accumulated content.

What these projects demonstrate

These projects provide verifiable engineering evidence across the same layers I examine when auditing other systems.

Backend, data, and releases

  • Java 21 and Spring Boot are core areas of expertise.
  • PostgreSQL with versioned Flyway migrations.
  • Application and database in Docker for a reproducible environment.
  • CI/CD with automated tests, security checks, and automated deployment.

Operations on a single VPS

  • Nine websites and services on one machine.
  • Twelve domains with automated TLS (Let’s Encrypt).
  • HAProxy → Apache → Java, with memory limits enforced by systemd.
  • Logs and operational checks under constrained resources.

Existing codebases and product readiness

  • Improving the stability of legacy PHP without a full rewrite.
  • For clients, I use proven standard solutions; custom engines are used for research and development.
  • Verifiable status: Russian software registry, Rospatent, and Roskomnadzor records.

Would you like the same level of analysis for your system?

These are my own projects because they can be inspected end to end. In an audit, I examine your production system in the same way — code, data, infrastructure, and operational risks — then set priorities and provide a risk map and team action plan.

Discuss an audit