Skip to content

Final Milestone Individual Contribution: Mehmet Kaan Ünsel

kaanunsel edited this page May 16, 2026 · 2 revisions

Final Milestone Individual Contribution: Mehmet Kaan Ünsel

Student ID: 2022400123
Subgroup: Backend & DevOps
GitHub: @kaanunsel

1. Responsibilities

I led the backend and infrastructure side of Social Event Mapper. My responsibilities were backend architecture, API design, database and migration structure, deployment, Docker/NGINX setup, CI/CD, live Swagger/OpenAPI delivery, release hardening, monitoring, and the implementation of the most critical backend business flows. I handled the infrastructure and DevOps work on my own, including containerization, deployment workflows, release APK pipeline support, production-domain routing, API documentation serving, and final security/release hardening.

2. Main Contributions

  • Designed and maintained the Go backend architecture around clear domain, application, adapter, and server boundaries. The final backend architecture and business-flow documentation were completed in PR #636.
  • Implemented the protected/private event ticketing system, including ticket lifecycle states, short-lived QR token streaming, host-side scan validation, and mobile-only QR API safeguards in PR #513.
  • Implemented event update reconfirmation for critical event changes, including participant state transitions, notification triggers, versioned event diffs, and ticket reactivation after reconfirmation in PR #583, PR #584, and PR #603.
  • Implemented private event invitation flows, invitation acceptance/decline, user search support, and related notification/ticket integration in PR #534.
  • Implemented admin role authorization, read APIs, privileged admin mutations, event-report moderation, user/event/participation/ticket controls, and category/report governance in PR #528, PR #529, and PR #606.
  • Implemented supporting backend flows for event reports, join-request image attachments, discussion/review comments, notifications, push-device management, and QR stream reliability in PR #551, PR #555, PR #556, PR #557, PR #517, PR #523, and PR #535.
  • Led final DevOps and release readiness work: deployed Swagger UI for final API review in PR #571, protected mobile/web API keys and Android release signing in PR #621, and hardened security, standards compliance, monitoring, body limits, CORS/CSP, and accessibility evidence in PR #633.

3. Significant Issues

Code-Related

  1. Issue #446: Implemented the backend ticketing and QR check-in flow in PR #513, including ticket lifecycle management, short-lived mobile QR tokens, host scans, and ticket-state transitions.
  2. Issue #441: Implemented participant reconfirmation after critical event updates in PR #583, then completed versioned diff support for Issue #444 in PR #584.
  3. Issue #481: Implemented global backend admin moderation and governance APIs in PR #606, building on admin role authorization and read/action APIs from PR #528 and PR #529.

Non-Code-Related

  1. Issue #570: Exposed live Swagger/OpenAPI documentation for the final release in PR #571, making all final backend contracts reviewable at /api/docs/.
  2. Issue #269: Completed final delivery hardening and standards evidence in PR #633, including OWASP-oriented backend protections, CSP/security headers, and compliance documentation.
  3. PR #636: Authored backend architecture, database, OpenAPI, and business-flow documentation for final review, aligning route registration with the published OpenAPI specs.

4. Pull Requests

Authored / Led

  • PR #513: Backend ticketing and QR flow.
  • PR #517: Push notification architecture.
  • PR #523: In-app notifications.
  • PR #528: Admin role authorization and read-only backoffice APIs.
  • PR #529: Admin notifications and manual participation actions.
  • PR #534: Private invitation creation and accept/decline flow.
  • PR #535: Notification events for join/private invite flows.
  • PR #551: Event discussion and review comments.
  • PR #555: Image attachment support for join requests.
  • PR #556: Event reporting backend structure.
  • PR #557: Stale QR stream cleanup after disconnect.
  • PR #571: Live Swagger/OpenAPI documentation on the deployed server.
  • PR #583: Reconfirmation state transitions.
  • PR #584: Versioned event diff system.
  • PR #603: Pending-ticket reactivation fix after reconfirmation.
  • PR #606: Admin moderation APIs and governance actions.
  • PR #621: API key protection and Android release signing workflow.
  • PR #633: Final milestone security, standards, monitoring, and release hardening.
  • PR #636: Backend architecture and business-flow documentation.

Conflict Resolution

I resolved backend and deployment integration conflicts as the backend API surface grew across ticketing, invitations, notifications, admin, and reconfirmation. The major conflict pattern was keeping OpenAPI specs, route registration, database migrations, mobile/web expectations, and Docker deployment behavior consistent as independent frontend and mobile branches were merged.

5. AI Transparency & Documentation

  1. Tool usage and workflow:

    • For core backend features, I designed the system architecture and business logic myself, then used GPT-5.5 (xHigh) to generate a structured implementation plan based on that design.
    • The actual code implementation was then produced iteratively using GPT-5.5 (medium), guided strictly by the previously defined plan to ensure architectural consistency.
    • After the core feature design, backend integration tests were generated using Cursor Composer 2 model, then reviewed and adjusted where necessary.
    • For DevOps and infrastructure topics where I lacked prior experience, I used ChatGPT in a Q&A style to learn concepts step by step and apply them during implementation.
  2. Repository-level AI support:

    • To improve AI-assisted development and repository comprehension, I created agents.md files in multiple subdirectories of the project.
    • These files provide contextual guidance so that AI agents can better understand the structure, responsibilities, and conventions of each part of the codebase.
  3. Prompting approach:

    • Prompts were primarily task-oriented and derived from implementation needs (e.g., feature requirements, system design decisions, or DevOps setup questions).
    • No centralized prompt log was maintained; instead, AI usage was embedded directly into the development workflow as described above.

6. Individual Testing Efforts

  1. Backend ticket integration tests: Verified ticket issuance, QR eligibility, scan acceptance/rejection, ticket state transitions, and stale QR stream behavior.
  2. Event integration tests: Verified event update behavior, reconfirmation-triggering edits, event lifecycle transitions, host management flows, and viewer-specific event context.
  3. Invitation integration tests: Verified private invitation creation, received invitation listing, accept/decline behavior, cooldowns, and participation creation.
  4. Admin integration tests: Verified admin authorization, moderation lists, privileged mutations, report status updates, participation actions, and event/user governance.
  5. Notification integration tests: Verified in-app notification creation, unread/read/delete behavior, and event-driven notification flows.
  6. Backend service and handler tests: Added and maintained unit coverage for ticket, event, invitation, admin, notification, image-upload, JWT ticket tokens, and HTTP handler behavior.
  7. Backend shipcheck: Used the backend release gate for module verification, formatting, static checks, vulnerability scanning, build validation, unit tests, and integration tests.

7. Additional Information

The infrastructure and DevOps responsibilities were centralized under me for the final release. I set up and maintained the Docker Compose deployment model, NGINX routing, deployed Swagger/OpenAPI documentation, release-triggered deployment behavior, Android APK release workflow support, observability hooks, and final milestone hardening. I also coordinated backend API stability with frontend and mobile consumers so the final web, mobile, and API deliverables used the same deployed backend contracts.

👥 Team Members

Labs

Meetings

Milestones

Requirements & Analysis

Scenarios

Use Case Diagrams

Class Diagrams

Sequence Diagrams

Planning

Testing

MVP Demo Plan

Clone this wiki locally