Backend Development
The outcome
- 2Platforms live
- 200+Users
- 850+Drills
- 8Vulnerabilities caught pre-launch
The situation
The challenge
Coleman Ayers is a basketball coach who builds. By the time he brought Red Mage in, he had already pushed significant frontend himself and knew exactly where his limits were. He needed a backend partner who could own what he couldn't: schema architecture, Stripe's full subscription lifecycle, Mux video delivery, and Row-Level Security done right.
The existing schema had patterns that would have caused real problems in production. Author fields stored as plain text instead of UUID foreign keys. Stripe data scattered across tables. No points ledger, no clean separation of habits from habit logs, no model for tracking video processing state through Mux. Building on top of that foundation wasn't an option. The first move was getting it right.
The work
What got built
A 60+ table backend supporting two separate platforms: a Coaches Platform and the BAM Virtual Academy player experience. Stripe billing end to end, verified with real transactions. Mux video with an admin approval queue and signed URLs protecting paid content. Realtime enabled selectively on habits, messages, posts, notifications, and the leaderboard.
The Virtual Academy schema covers a full content tree from programs down to individual cards, enrollment and billing tiers, workout sessions, habit streaks with trigger-based automation, a points ledger, community posts, direct messages, and notifications. The access control logic handles a specific wrinkle cleanly: a user gets content access if they're enrolled in a specific program or an all-access tier, without policy conflicts.
Before beta launch, a full security audit turned up eight issues that would have been serious in production. Admin tools publicly accessible without login. The leaderboard bypassing RLS with admin-level permissions. Eight tables with RLS enabled and no policies written, meaning habit tracking, certifications, and points history were silently broken. Storage folders browseable by anyone with a URL. Most were one or two line fixes. The value was finding them before users did.
The outcome
Results
Two platforms live. 200+ users. 850+ drills. 8 security vulnerabilities caught before launch. Coleman got the backend he needed to keep building without it breaking underneath him.

