Senior/Staff Software Engineer — Backend & Plateforme

Senior Full-Stack Engineer — 360° Security, Code, UX & Product Audit (TS/Node AI app) Freelance · fixed price · read-only · remote · worldwide · French a plus Independent 360° audit of a production AI "cockpit": an agent engine (plan → execute → cross-review), a council of ~10 LLMs via CLI, an MCP tool gateway, with guardrails (kill-switch, rootless Docker sandbox, HMAC audit chain, Doppler secrets). ~56,000 lines of TypeScript/Node, built almost entirely by AI agents, never deeply reviewed by a senior human. GOAL — an honest, READ-ONLY assessment across every angle. No code is changed in this contract. This is the audit phase; a hardening phase may follow if the report is strong. SCOPE (360°) - Security: is the autonomy surface (the agent can act: Gmail, GitHub, shell) actually airtight? rootless Docker sandbox, egress isolation, secrets, audit chain. - Code/architecture: real vs over-engineered, dead feature flags, parallel sandbox cages, test coverage, fragile modules. - Real vs over-sold: what is actually wired up vs gated OFF / claimed in docs but not live. - UX & product: what works, what to REMOVE, what to ADD. Practical, not cosmetic. DELIVERABLE A severity-prioritized report: real issues (security / correctness / debt), over-sold vs real, and an actionable backlog (harden / consolidate / cut / add) with effort estimates. Blunt and direct — we want you to say "this is dangerous." MUST HAVE - Senior/Staff full-stack (TypeScript/Node), shipped to production. - Strong application security: code review, SAST, secrets, attack surface. - Solid on Docker rootless / systemd / networking / isolation. - You can AUDIT code you didn't write and name the real flaws. - Product/UX sense (you don't need to be a designer). - Comfortable with an AI-agent-generated codebase. French a plus. TERMS Fixed price, ~5-8 days, Expert level. Read-only repo access (no write, no live connectors). Remote, worldwide. Budget: [your fixed price, e.g. $1,500–3,000]. TO APPLY Link to a full-stack/backend system you shipped to production + 2-3 lines on the hardest security flaw or critical bug you found reviewing someone else's code. SCREENING QUESTIONS 1. Paste a link to a TypeScript/Node system you shipped to production (repo or demo). No link = not reviewed. 2. In 3-4 sentences: a real security flaw or critical bug you found reviewing code you did NOT write. How did you handle it? 3. Have you worked on rootless Docker / sandboxing / egress isolation in production? ═══════════════════════════════════════════════ CANDIDATE TEST — send privately to shortlist only (NOT in the public post). ~2h. ═══════════════════════════════════════════════ PART A — Code & security (90 min) · on a read-only extract we send you [link / PR]: • 3 real problems (security, correctness, or dangerous debt), ranked by severity, with file/line. • 1 thing that looks over-sold or over-engineered. • 1 concrete, actionable improvement you'd ship first. PART B — Product & UX (30 min) · on our live app [private URL]: • 2 concrete visual/UX improvements (specific and actionable, not "it's ugly"). • 1 thing to REMOVE (a feature/screen that doesn't earn its place). (Short paid test possible — ~$50–100 — to respect your time. Tell us if relevant.) ═══════════════════════════════════════════════ SCORING GRID (0-5 each) ═══════════════════════════════════════════════ [ ] Real flaws found — genuine security/correctness, not cosmetic ← must be ≥4 [ ] Over-sold detection — pragmatism, spots over-engineering [ ] Top improvement — actionable, well-prioritized [ ] Product/UX eye — concrete improvements + sensible "remove" [ ] Clarity & bluntness — says it straight, prioritizes HIRE THRESHOLD: average ≥ 4 AND "Real flaws found" ≥ 4 (non-negotiable — it's the core).