The problem
An AI-first sales platform had found product-market fit on a prototype that shipped the OpenAI key in the client bundle, stored tenant data in a shared Postgres schema without isolation, and had no audit log. The team had 9 weeks until an enterprise pilot that required SOC 2 Type I.
What we built
A secure production foundation. Tenant isolation at the database layer, a gateway in front of every LLM call with rate limits and content policy, and an audit log pipeline wired into every privileged action.
Highlights
- Row-level security in Postgres with a tenant-aware connection layer
- Inference gateway (Go) with per-tenant budgets, redaction, and full request logging
- OIDC-based authentication with SCIM for enterprise customers
- Audit log pipeline written to an append-only store with 7-year retention
- CI/CD with required review, signed commits, and branch protection
Outcome
- SOC 2 Type I passed on first audit
- First enterprise contract closed 3 weeks ahead of deadline
- Zero tenant-isolation incidents in 6 months of operation
- Inference cost down 32% through per-tenant caching
Stack
TypeScript · Go · Postgres (RLS) · Temporal · AWS · Terraform · Sentry · OIDC