Case Study · Enterprise CRM/ERP

Jobscope — six surgical fixes that turned a fragile legacy ERP into a stable platform.

Cookie-bloat fixed. Integration auth split (ROPC). AI-assisted VB.NET → .NET 8 migration. Single-script WiX installer. DB-change tracking. JWT migration. Each shipped independently.

Industry: Enterprise CRM / ERP Stack: VB.NET → .NET 8, React (Vite + Axios + Redux), MS SQL Server, WiX, IIS Duration: 11 months Role: Solution Architect

The situation

A long-running enterprise CRM/ERP shipped to clients as a Windows installer. Each release required a multi-step manual install plus an on-site DBA to run schema migrations. Integration partners accessed APIs by reusing a logged-in user's browser cookie — a practice the team had never been comfortable with. Power users were starting to hit request-size errors because their session cookies, carrying every permission, had bloated past what the framework could handle.

The diagnosis

Six independent failure classes, each compounding the others:

Integration partners accessed APIs by reusing a user's session cookie
Cookies carried every permission for every user — bloat broke requests under heavy permission load
The React UI was slow because it consumed coarse-grained .NET payloads and re-rendered everything on every change
Every install required an on-site config-file copy from old to new system
DB schema changes weren't documented; every release required a DBA who knew them
The legacy VB.NET → .NET 4 → .NET 8 migration had no clear methodology and was stalling

The decision

Decision Treat each as a discrete fix. Don't bundle. Each ships independently — the team wins six separate releases instead of one giant scary one.

The delivery — six fixes, each ships standalone

1. Auth split for integration partners (ROPC)

Designed and implemented ROPC (Resource Owner Password Credentials) flow for service-to-service integration
Split the system into two auth paths: web-app sessions (existing cookie) and API-direct (ROPC tokens)
Integration partners no longer need browser cookies to call APIs — cleaner security boundary, better audit logs per partner

2. AI-driven legacy → modern code migration

Built a VS Code plugin that auto-documents legacy VB.NET / .NET 4 functionality on demand
Built an AI agent (internal name: "Code Gini") that consumes the documentation and emits the equivalent .NET 8 backend + React screens
Module-by-module migration with both systems running side-by-side until parity is verified
Reduces a multi-quarter migration to a steady weekly rhythm

3. React app performance fix

Replaced ad-hoc fetch calls with Axios + Redux for streamlined API integration
Migrated build to Vite — faster dev cycles and easier debugging
Coarse-grained API responses replaced with focused endpoints; rendering bottleneck eliminated

4. Single-script installer + auto-config restore

Replaced manual multi-step install with a single Python+WiX script that creates a fresh installer on every run
Installer stops the running server, uninstalls the old version, installs the new at the user's chosen path, restores the previous config file, and on first start opens a password-protected admin config UI for one-time confirmation
Eliminated the back-and-forth of copying config files between client systems — client satisfaction noticeably increased

5. Database-change tracking & release notes automation

Built an AI + Python tool that compares the previous DB schema to the new release and auto-documents the differences
Output flows into the release document automatically — DBA dependency removed
One-time activity: AI-generated table-to-table mapping across VB.NET → .NET 4 → .NET 8 (foundation for the migration)

6. JWT migration to fix cookie-bloat

Diagnosed app failures caused by oversized session cookies (every permission was being sent on every request)
Migrated from cookie-based session to JWT + server-side RBAC
Cookie size dropped to a single token; app accessibility restored even for users with deep permission sets

The outcome

Numbers Integration onboarding: weeks → days.
Cookie-bloat outages: monthly → zero.
Install time: hours → 1 click.
Release notes for DB changes: written by humans → auto-generated.
Migration confidence: high enough to do a module-per-week cadence.

What I'd do differently

The "Code Gini" agent was useful but produced too much output to review in one sitting. A smaller-batch handoff (one screen + one API per day) would have given the team better review loops and less reviewer fatigue. The lesson generalises: AI-generated migration code is a productivity multiplier on the producer side, but a productivity divider on the reviewer side — keep the batch sizes small.

Stuck with a legacy stack you can't easily replace?

Talk about a Modernization Sprint All engagement tiers