• 🏆 1st Place Winner, Atlassian Codegeist 2025: Won the top prize with Secure Notes for Jira, an enterprise-grade Zero Trust application. Built a custom Drizzle-based ORM for Forge SQL to handle complex audit logs and strict B2B security requirements. ➡️ View winning submission on Devpost
• 🎤 Speaker, Atlassian Atlas Camp 2026: Presented "Making Forge SQL Observable". Shared deep technical insights on handling Out-of-Memory (OOM) and Timeout errors in multi-tenant enterprise environments, analyzing TiDB execution plans, and optimizing complex queries for large-scale customers.
  • 🌍 Atlassian Community Event (ACE) Recap: Invited to present a condensed version of this talk to the global Atlassian community.
  • ▶️ Watch my presentation on YouTube

• Design systems with a focus on trust boundaries and edge cases
• Explore platform internals (e.g., Atlassian Forge)
• Build developer tooling for complex distributed systems
• Research and report security issues in multi-tenant platforms

forge-sql-orm is a Drizzle-based ORM built for reliable, production-grade Atlassian Forge apps. It addresses a key gap in the Forge ecosystem where no native ORM layer exists.

Designed to handle complex Forge SQL patterns such as:

• caching
• optimistic locking
• query observability and diagnostics
• schema generation and migrations
• safe query construction for multi-tenant environments

The project is actively used in the Forge ecosystem and has become one of the most visible community solutions for teams building serious apps on Forge SQL.

📦 npm: ~400–500 installs/week (peaks up to 1000+) with real production usage ➡️ GitHub: https://github.com/forge-sql-orm/forge-sql-orm

An advanced extension for Keycloak that embeds a fully functional RADIUS server directly into the authentication flow.

• Enables RADIUS authentication using Keycloak identities (OIDC, LDAP, Kerberos)
• Supports OTP (TOTP/HOTP), WebAuthn (FIDO2), and multi-factor authentication
• Includes RadSec (RADIUS over TLS) and RADIUS proxy capabilities
• Designed for multi-tenant environments with dynamic attribute mapping
• Integrates with network systems (Mikrotik, Cisco, VPNs, hotspot authentication)

➡️ https://github.com/vzakharchenko/keycloak-radius-plugin

A practical observability pattern for analyzing SQL performance inside Atlassian Forge apps without breaking platform constraints.

The approach focuses on deterministic, Forge-safe diagnostics:

• Aggregating total DB execution time per invocation (dbExecutionTime)
• Identifying the slowest queries instead of relying on non-deterministic system tables
• Optional EXPLAIN ANALYZE re-execution for targeted queries
• Safe fallback strategies when metadata is evicted in long-running functions
• Post-mortem diagnostics for Timeout and Out-of-Memory (OOM) failures

Key idea: Instead of relying on unstable information_schema windows, the pattern captures and analyzes queries at the application layer, making observability predictable even under strict Forge limits.

This approach is implemented in forge-sql-orm and complements platform-level observability with developer-controlled diagnostics.

📘 Read the discussion: ➡️ https://community.developer.atlassian.com/t/practical-sql-observability-for-forge-apps-with-forge-sql-orm/97237

A practical security pattern for connecting Rovo with Forge SQL in apps that support natural-language analytics.

The approach treats AI-generated SQL as untrusted input and validates it through multiple independent layers before execution:

• AST pre-check to allow only a single read-only query against the intended table
• EXPLAIN plan verification to ensure the query does not touch unexpected tables
• Post-execution metadata validation to confirm returned fields originate only from the allowed table
• Dynamic context injection for values like :currentUserId, :projectKey, and :issueKey
• Dynamic row-level security (RLS) for per-user access control in multi-tenant apps

This pattern was later packaged into forge-sql-orm as a reusable “Guard” executor for secure Rovo → SQL integrations.

📘 Read the discussion: ➡️ Rovo + Forge SQL: A Secure Pattern for Natural-Language Analytics in Forge Apps

An architectural approach for integrating external services into Atlassian Forge apps without breaking the “Runs on Atlassian” model.

The pattern uses route.navigate and static web triggers to enable inbound-only communication, ensuring all execution remains inside Atlassian’s trusted environment. It was confirmed by Atlassian Staff as fully aligned with Forge’s design principles.

📘 Read the discussion: ➡️ Integrating External Services in Atlassian Forge

🧠 Implementation demo: ➡️ Forge Health Monitor

A gateway layer built on top of Keycloak for protecting and serving static or dynamic resources in multi-tenant environments.

It provides a role-based access control layer for JavaScript bundles, APIs, and files, working across Express, Lambda@Edge, and serverless deployments. Supports realm- and tenant-based routing, dynamic resource mapping, and pluggable storage backends (InMemory, DynamoDB, etc.).

📘 Project: ➡️ keycloak-api-gateway

🧩 Examples:

• Single-tenant React app
• Multi-tenant React app

📘 Published on the Atlassian Developer Blog

• Optimizing Forge SQL on a 600K+ Database with TiDB EXPLAIN A deep dive into query performance, execution plans, and how to work with large datasets in Forge SQL — based on real experiments and analysis.
• How to Prevent Data Loss in Forge SQL: Optimistic Locking in Action How to use optimistic locking in Forge SQL to prevent data loss with concurrent updates.

📰 More articles on Dev.to: ➡️ @vzakharchenko

• GitHub: @vzakharchenko
• Dev.to: vzakharchenko