Zouhair Loucif
Client
Devcorp
Role
Full-Stack Developer
Period
2020-10 → 2021-10
Location
Casablanca · Morocco
Read
2 min

Custom web work, thirty percent operational lift

A year at a Moroccan agency building bespoke web applications on Laravel, Nuxt, and MySQL — and the auth-and-compliance work that comes with shipping for clients who can't afford to leak data.

  • +30%
    client operational lift
  • Laravel · Nuxt · MySQL
    stack
  • ISO 27001 baselines
    compliance

Devcorp was a Casablanca agency that built custom software for businesses needing something more than off-the-shelf — usually a workflow or backoffice tool a generic SaaS couldn’t handle. I joined as a full-stack developer in October 2020 and stayed a year, shipping the kind of practical software that earns its keep on the second or third quarter, not the first.

Custom web applications that earned the cost back

The bread-and-butter was bespoke web applications: Laravel and PHP on the API tier, Nuxt and Vue on the frontend, MySQL underneath. Nothing exotic. The discipline was reading the actual workflow each client ran — usually informally, in spreadsheets and email threads — and translating it into something the team could use without supervision.

We measured success the only way that matters at this scale: did the client’s operations get measurably faster? Across the engagements I shipped, the answer was yes — operational efficiency lifted around thirty percent on average, by the metrics our clients ran themselves. The wins came from the unglamorous places. Forms that used to take two pages to fill became one. Approval flows that lived in email got a status board. Data that used to live in three places lived in one.

Auth and compliance that didn’t get in the way

The other half of the job was security. Most clients hadn’t thought about it before; one breach away from a small SME paying a fine, you build defensively from the start. We standardised on role-based access control, JWT for the API, encrypted data flows on every wire, and the working bits of ISO 27001 — not the certification, the discipline.

The ergonomic challenge was making auth invisible. RBAC done badly slows users down. We used permission groups that mapped to actual job titles (“warehouse manager”, “controller”, “front desk”), so adding a new hire was a checkbox, not a config session. By the time I left we had a pattern we reused across new client engagements that was shipping in days instead of weeks.

What it was

Not the deepest engineering work I’ve done — but the most directly useful. Every line of code I wrote at Devcorp had a known operator behind it, in a known room, doing a known job, who was either faster afterward or wasn’t. That’s a clarifying constraint.

Stack
  • Laravel
  • PHP
  • Nuxt.js
  • Vue.js
  • MySQL
  • OAuth 2.0
  • JWT