Workforce Management System for Security & Cleaning Services
NestJS, TypeScript, TypeORM, PostgreSQL, AWS S3
BKS is a comprehensive workforce management backend built for security and cleaning service companies. The system handles employee scheduling, GPS-based attendance tracking, and task management across multiple client locations — essentially keeping the entire operation organized and accountable.
The platform is designed to handle the complexity of managing hundreds of employees assigned to different clients, each with their own contracts, schedules, and requirements. It provides real-time visibility into workforce operations while ensuring compliance and accountability.
Built with NestJS using a modular architecture that separates tenant management, employee operations, attendance tracking, and task management. Uses TypeORM with PostgreSQL for robust database operations with support for complex queries and transactions.
Implemented tenant isolation at the database level with row-level security policies. Each request is scoped to a specific tenant, preventing data leakage while allowing super-admins to access cross-tenant analytics.
Uses PostGIS extensions for efficient geospatial queries. Implements geofencing logic to validate check-ins within allowed radius of client locations. Handles timezone conversions and overnight shifts that cross midnight boundaries.
Integrated with AWS S3 for storing task evidence photos, employee documents, and contract files. Uses presigned URLs for secure, temporary access to files with automatic expiration.
Built a flexible scheduling engine that handles recurring shifts, shift swaps, and automatic notifications for upcoming assignments. Validates schedule conflicts and ensures contract compliance.
Security guards often work overnight shifts that span two calendar dates. Traditional attendance tracking systems struggled to properly account for these shifts, leading to payroll errors.
Implemented a shift-based attendance model that tracks shifts as continuous periods regardless of date boundaries. Clock-outs after midnight are correctly associated with the previous day's shift. Added business logic to split hours across dates for payroll calculation while maintaining the shift as a single logical unit.
Ensuring complete data isolation between competing service companies while allowing parent companies to view subsidiary data without complex permission checks in application code.
Used PostgreSQL row-level security (RLS) policies to enforce tenant isolation at the database level. Combined with TypeORM interceptors that automatically inject tenant context into queries. This approach provides defense-in-depth security and simplifies application code.
Preventing employees from clocking in remotely or manipulating GPS coordinates while accounting for legitimate GPS inaccuracies.
Implemented multi-factor verification: GPS coordinates, device info logging, and photo requirements. Used generous but reasonable geofence radius (100-200m) to account for GPS drift. Added anomaly detection for suspicious patterns like identical coordinates across multiple employees or frequent location jumps.