PWA/FastAPI app hardening, testing, and secure data layer

We are looking for an experienced full-stack engineer to help harden a working AI-assisted screening web app before wider field use. The app is already built and deployed. It is a plain JavaScript Progressive Web App served by a FastAPI backend. It supports offline-tolerant local storage in IndexedDB, server-side persistence in SQLite, streaming LLM responses, export endpoints, and a growing automated test suite. The immediate goal is not to rebuild the app from scratch. We need a careful engineer who can review the existing architecture, identify the highest-risk reliability and security gaps, and implement focused improvements with tests. Likely work areas include: - Production hardening of the PWA and FastAPI backend. - End-to-end and regression testing for offline, reconnect, retry, recovery, stale-cache, export, and auth flows. - Replacing the current shared bearer-token approach with per-device or per-user authentication, likely using JWT or Firebase Auth. - Scoping and/or prototyping a more robust cloud data layer using GCP tools such as Firebase and BigQuery. - Designing practical encryption and key-management improvements, including possible use of the browser WebCrypto API. - Improving logging, telemetry, and monitoring so field issues can be traced to app version, device, and user without making the system brittle. The first engagement is expected to be around 10-20 hours at $50/hour. We would like the engineer to begin with a brief architecture/security review, then implement the highest-confidence fixes as pull requests. We value maintainable code, clear tests, and conservative changes over large rewrites. You would be working in an existing codebase with: - Python / FastAPI backend. - Plain JavaScript frontend PWA. - IndexedDB browser storage. - SQLite server-side persistence. - Pytest-based backend and integration tests. - Some browser/end-to-end test coverage. - Deployment to a Linux server behind Apache. Good candidates will have experience with production web app hardening, authentication, automated testing, and cloud data systems. Experience with GCP, Firebase, BigQuery, WebCrypto, PWA offline behavior, or healthcare/research data systems is a plus. Please include in your reply: 1. A short description of a similar app-hardening, auth, testing, or data-layer project you have worked on. 2. How you would approach the first 10-20 hours. 3. Any security or data-access assumptions you would want clarified before starting. 4. Examples of tests or deployment checks you would expect to add.