Vol. I — The Engineering Dossier Edition MMXXVI Ten works · Two disciplines

Systems & Software, set in type.

A field record of ten projects by Anish Guntreddi — five full-stack applications built for correctness under load, and five systems programs written close to the metal in C and C++. Every claim below is backed by a test. Every metric is measured, not imagined.

Projects indexed

700

Automated tests

5/ apps

Full-stack systems

5/ C·C++

Systems programs

Track 01 — Full-stack

Applications for production

5 systems · 414 tests
FastAPI · Postgres · Redis · React/TS

Full-stack · WorkflowOps

WorkflowOps

Build, run, and monitor business workflows.

A SaaS to create, run, and monitor business workflows — onboarding, approvals, and the like. Ordered steps with conditions invoke mock integrations through one swappable adapter; a background worker walks each run through a state machine with retries; the dashboard reflects the engine's authoritative state, live.

Architecture. Run/step state machine (pending → running → succeeded/failed) with bounded retries; Redis-backed workers; one Adapter protocol with swappable mocks; server-side RBAC (admin/editor/viewer), JWT role re-read from the DB each request.

WorkflowOps dashboard showing live workflow runs and step states

FastAPIPostgresRedisReact / TS

Tests

RBAC proofs

Inj. surface

eval-free condition evaluator paired with parameterized SQL yields a zero-injection surface; the RBAC matrix is proven by 22 dedicated tests.

Live demo ↗ Watch it run ▶ Source ↗

Full-stack · QueueForge

QueueForge

Reliability is the product.

Submit background jobs; workers process them asynchronously while a dashboard tracks status live. Retries with backoff, a dead-letter queue, scheduling, priority, and worker heartbeats — the unglamorous machinery that makes a queue trustworthy.

Architecture. Job state machine with a DLQ at max attempts; a worker pool with heartbeats and a visibility timeout, so a dead worker's in-flight job is requeued; an atomic Lua ZPOPMIN → ZADD claim — no check-then-act race.

QueueForge dashboard with worker status, queue depth, and dead-letter queue

FastAPIRedisReact / TSLua

Tests

DLQ

At max attempts

SSRF

Guarded

dead-worker requeue is tested end-to-end; the webhook SSRF guard is live-probed — IPv6 loopback, DNS-rebind, and metadata IP all blocked.

Live demo ↗ Watch it run ▶ Source ↗

Full-stack · DevGate

DevGate

Generate, gate, and observe API access.

Register APIs, generate and revoke keys, enforce per-key rate limits, and view usage analytics — counts, error rate, p50/p95. A gateway authenticates the key and a Python SDK wraps the whole thing for callers.

Architecture. Keys shown once; only a SHA-256 hash plus a masked prefix is persisted; constant-time verification via hmac.compare_digest; per-key rate limiting through one atomic Redis Lua script; ownership 404s that leak no existence.

DevGate API-key management dashboard with usage analytics and rate limits

FastAPIPostgresRedisPython SDK

Tests

SHA-256

Hash at rest

p50·p95

Per key

verified live — a generated key authenticates at the gateway (200); missing, garbage, or query-string keys all return 401.

Live demo ↗ Watch it run ▶ Source ↗

Full-stack · CollabBoard

CollabBoard

Boards, tasks, presence — live.

A team workspace with boards, tasks, threaded comments, and a shared document that all update in real time over WebSockets, with live presence so you can see who's there and what they're touching.

Architecture. The WS connection is authenticated and authorized per board before accept(), with per-message re-auth; removing a member force-closes their sockets; REST authz via one require_board_access (404, not 403); optimistic version checks (409) on concurrent edits.

CollabBoard real-time workspace with boards, tasks, and live presence

FastAPIWebSocketsPostgresReact / TS

Tests

WS authz proofs

409

On conflict

the hard part — authorizing a WebSocket connection before the handshake completes — done right, and proven by 7 dedicated tests.

Live demo ↗ Watch it run ▶ Source ↗

Full-stack · Ledgerly

Ledgerly

Import, categorize, report — safely.

Upload CSV transactions, categorize them with priority-ordered rules, track invoices, and view monthly reports with safe exports. Money is held as integer cents; every read and write is scoped to the owner's organization.

Architecture. A bounded streaming CSV parse with a smart column auto-mapper; priority categorization rules; CSV formula-injection neutralized on export; org_id always derived from the JWT, never from client input.

Ledgerly bookkeeping dashboard with categorized transactions and monthly reports

FastAPIPostgresReact / TSint cents

113

Tests

'=cmd

Neutralized

404

Cross-org

verified live — an exported "=cmd|calc" becomes "'=cmd|calc"; any cross-org access attempt returns 404.

Live demo ↗ Watch it run ▶ Source ↗

Track 02 — Systems

Programs close to the metal

5 programs · 286 tests
C11 · C++17 · ASan + UBSan clean

06 Flagship C++17 · 45 tests

Limit order book & matching engine

Systems · MicroMatch

MicroMatch

An exchange matching engine, from scratch.

An in-process matching engine with strict price-time priority: limit and market orders, cancels, modifies, partial fills across price levels, trade reports, BBO, market depth, and deterministic event replay.

Architecture. A two-sided book (std::map per side, FIFO price levels) with O(1) cancel/modify via a hash map; aggressive orders sweep best-first at the maker price; byte-stable, deterministic replay of the entire event stream.

micromatch — bench --release

11.3M ops/s

Throughput

88.5ns

Mean / op

42ns

p50 latency

45/45

Tests pass

~11.3M ops/sec at a p50 of 42 ns; price-time priority verified adversarially; ASan + UBSan clean across the suite.

price-time priority deterministic replay ASan · UBSan clean

Systems · ThreadServe

ThreadServe

An HTTP server with no framework.

A from-scratch HTTP/1.1 server over raw TCP — an accept loop dispatches to a worker thread pool via a bounded queue, parses untrusted input safely, serves static files with traversal defense, and shuts down gracefully.

Architecture. A bounded blocking queue (mutex + condvar) feeding N workers; a hardened parser (every read bounded; rejects smuggling, NUL, bare-LF); realpath plus a symlink-escape check on static serving; async-signal-safe self-pipe shutdown.

threadserve — adversarial probe66 tests

C++17raw TCPthread poolmutex + condvar

Tests

~38k

Req / sec

clean

ASan·UBSan

adversarial probes — encoded traversal, request smuggling, a symlink to /etc/passwd — are all rejected; ASan + UBSan clean; ~38k req/sec.

Systems · MiniCache

MiniCache

A cache server with a RESP protocol.

A Redis-inspired in-memory key-value store over a RESP-like TCP protocol: SET/GET/DEL/EXPIRE/TTL/INCR/LPUSH/LRANGE, plus lazy and active TTL expiry, LRU eviction, append-only persistence with replay, and snapshots.

Architecture. Tagged-union values (string | list) in a hash map; a parallel expiry map; an intrusive LRU; a bounded RESP parser (length checked before allocation); AOF replay plus snapshot load on boot.

minicache — throughput69 tests

C++17RESPAOF + snapshotLRU

Tests

1.84M

GET / sec

300+

Asserts

69 tests and 300+ assertions across 6 suites; INCR is INT64-overflow-safe; AOF crash-consistency is tested; ASan clean.

Systems · MiniShell

MiniShell

A shell — pipes, jobs, signals.

A Unix shell in C: fork/execvp command execution, built-ins (cd, pwd, exit, export, env, echo), N-stage pipes, redirection (>, >>, <), background jobs with SIGCHLD reaping, signal handling, and $VAR expansion.

Architecture. A quote-aware tokenizer feeds a pipeline parse and pipe/dup2 wiring; a SIGCHLD reaper drains a lock-free ring; SIGCHLD is blocked across fork + foreground-wait to avoid status theft; SIGINT goes to the foreground child, never the shell.

minishell — stress & signals86 tests

C11fork / execvpSIGCHLDPTY-tested

Tests

FDs / 300 runs

Zombies

300 pipelines held the fd count steady at 5; 50 rapid background jobs reaped with no zombies; SIGINT survival proven via a real PTY.

Systems · MallocLab

MallocLab

malloc / free, reimplemented.

A custom dynamic memory allocator — malloc, free, realloc, and calloc over a simulated heap (an mmap'd memlib): boundary-tag blocks, segregated free lists, splitting, immediate coalescing, 16-byte alignment, and a heap consistency checker.

Architecture. memlib mmaps a region so the allocator never touches system malloc; boundary tags enable O(1) coalescing; find_fit by size class; mm_checkheap asserts alignment, header == footer, no adjacent free blocks, and cross-checks the heap-walk against the list-walk.

malloclab — utilization20 tests

C11mmap memlibboundary tagssegregated lists

Tests

78–95%

Utilization

50k

Stress ops

a shadow model detects corruption after every op; a 50k-op random stress run; 78–95% utilization; ASan + UBSan clean.

The Colophon

Built for correctness
across the application
and the machine.

More about me ↗ GitHub ↗ Back to the index ↗

AuthorAnish Guntreddi

DisciplineSystems + Full-stack

Projects10 indexed

Automated tests700 total

Full-stack5 · 414 tests

Systems5 · 286 tests

LanguagesC11 · C++17 · TS · Py

Memory hygieneASan + UBSan clean

Systems & Software, set in type.

Applications for production

WorkflowOps

QueueForge

DevGate

CollabBoard

Ledgerly

Programs close to the metal

MicroMatch

ThreadServe

MiniCache

MiniShell

MallocLab

Built for correctness across the application and the machine.

Built for correctness
across the application
and the machine.