// ashutosh vijay

MuleSoft
Developer.

At Aavas Financiers Ltd · Product builder on the side

I write DataWeave, design MuleSoft integration flows, and build desktop and serverless tools when the existing options aren't good enough.

GitHub LinkedIn Email

About

Building integrations that move money, documents, and data at Aavas Financiers Ltd — a regulated housing finance NBFC.

I'm with the IT team at Aavas Financiers Ltd — an RBI-regulated housing finance NBFC headquartered in Jaipur — where I handle the MuleSoft integration work. Day to day I look after 40+ APIs and 720+ endpoints across a four-server on-prem production environment carrying 1 lakh+ daily transactions.

The work is designing integration flows, writing DataWeave, managing Salesforce connectivity, handling VAPT remediation, and keeping production stable while shipping. Outside of work I build developer tools and open-source projects that solve problems I actually run into.

B.Tech, Swami Keshwanand Institute of Technology, Management & Gramothan — Jaipur.

Payment Processing & Loan Lifecycle

End-to-end MuleSoft flows for payment processing, account aggregator and bank statement ingestion, DSA lead-to-loan lifecycle, and e-sign workflows.

VAPT Remediation — 40+ APIs

Worked through the full remediation after an external L1 audit. Rolled out security headers, rate limiting, injection detection, input validation, and response-level encryption across the API surface.

Vendor Migration — Significant Cost Reduction

Migrated a bank-statement data vendor with no production downtime. Reworked the integration pattern on the way, which brought the per-pull cost down substantially.

OAuth Deprecation Migration

Moved a Salesforce SAPI (80+ endpoints, 1 lakh+ daily hits) from OAuth 2.0 Username-Password to Client Credentials, completed before the deprecation deadline.

40+

Production APIs

720+

Endpoints Managed

1L+

Daily Transactions

Production Servers

Stack

MuleSoft Anypoint Platform DataWeave 2.0 RAML REST API Design API-led Connectivity Salesforce Integration OAuth 2.0 / Client Credentials Tauri v2 (Rust) React TypeScript Flutter Dart Python AWS Lambda DynamoDB S3 CloudFormation / SAM Cloudflare Workers Cloudflare Pages Supabase Git GitHub Actions Postman

Recognition

Community & Industry

Mentioned by senior leadership at Aavas Financiers Ltd alongside the BFSI Impact Honour 2026 recognition the company received. Regularly contribute to the MuleSoft developer ecosystem through open-source tooling and technical writing.

01DataWeave Studio

v1.1.0 · Live ↗ GitHub ↗ Site

// 01 / 04 — Tauri + React + TypeScript

DataWeave Studio

A local desktop app for writing, testing, and debugging DataWeave 2.0 scripts. No Anypoint Studio. No Eclipse. No multi-minute startup. Full Mule message context from a UI, in one window.

Tauri v2 (Rust) React TypeScript Vite Monaco Editor DataWeave CLI Tailwind CSS AES-CBC GitHub Actions Cloudflare Pages Cloudflare Workers

DataWeave Studio main interface showing the Monaco editor, input panel, and output panel

The Problem

Testing a DataWeave script in the standard MuleSoft toolchain is genuinely painful. Anypoint Studio is 2GB, Eclipse-based, takes minutes to start, and forces you to spin up a full Mule application just to test a single transform.

The online playground has no real execution context — no vars, no config properties, no headers, crashes on large payloads. The VSCode extension requires hand-written JSON files and a specific folder structure for every new input.

None of these tools reflect what actually runs in production — where a script might depend on vars.correlationId, a decrypted secure property, or a specific content-type header to behave correctly.

The Fix

DataWeave Studio bundles the DataWeave CLI, wraps it in a Monaco-powered editor, and exposes the full Mule message context through a UI. Set attributes.method, headers, vars, config properties, and secure values — all without touching a file.

Ships as a native installer for Windows, macOS Intel, macOS ARM, and Linux. GitHub Actions builds every release. Cloudflare Workers proxy the download assets — so the in-app updater works even behind corporate firewalls that block github.com.

In use by developers in the MuleSoft community, with feedback shaping the roadmap.

Secure Properties Decryption panel in DataWeave Studio

cURL Importer — paste a cURL command to get a transform template

Key Capabilities

Security

Secure Property Decryption — Key Never Hits Disk

Paste a production secure-config.yaml containing ![Base64Encrypted...] values, provide the AES-CBC encryption key, and scripts execute with real decrypted values. The key lives only in memory for the duration of the session — never written to disk, never logged. Same algorithm as MuleSoft's secure-properties-tool.jar.

Context

Full Mule Message Context from the UI

Set attributes.method, attributes.headers, queryParams, vars, config properties, and named input streams — all from form fields. No hand-written JSON files.

Import

cURL → Transform Template

Paste any cURL command from Postman or browser devtools. Get a DataWeave transform template with headers and params pre-populated.

Migration

DW 1.0 → 2.0 in One Click

Paste a DataWeave 1.0 script. Review a diff overlay. Replace with one click. No external migration tools needed.

Query Modes

SOQL + SQL Editors

Dedicated Salesforce Query and DB Query modes with :param binding. Renders the exact final query before execution.

Autocomplete

Context-Aware Suggestions

Suggests actual field names from your payload, vars, attributes, and config properties — not generic DataWeave keywords.

Workspace

Save / Load as .dwstudio

Full editor state — scripts, inputs, context, MIME types — persisted in a single .dwstudio file. Open it, pick up where you left off.

Distribution

Bundled CLI + Auto-Updater

DataWeave CLI bundled (~150MB). In-app updater checks update.json on startup and installs in one click. All traffic routed through Cloudflare — GitHub never touched directly.

Release Pipeline

01 / GitHub Actions

Cross-Platform Signed Builds

Every v* tag triggers a build matrix: Windows, macOS Intel, macOS ARM, Linux. Produces native installers automatically.

02 / Cloudflare Pages

Download Site + Update Feed

Hosts the download landing page and the update.json endpoint that the in-app updater polls on startup.

03 / Pages Functions

Corporate Firewall Bypass

Proxies GitHub release assets through Cloudflare. Downloads work behind enterprise firewalls that block *.github.com.

↗ GitHub ↗ Download Site

02Quick Sync

Live ↗ GitHub ↗ Open App

// 02 / 04 — Web App · React · Supabase · Web Crypto API

Quick Sync

Real-time, ephemeral text and file transfer between any two devices with a browser. No accounts. No persistence beyond the session. End-to-end encrypted when you need it — the server cannot read your content.

React 18 TypeScript Supabase Realtime Supabase Storage Web Crypto API AES-256-GCM Zustand Framer Motion Tailwind + shadcn/ui Cloudflare Pages

End-to-end encrypted room creation screen

How the encryption works

Secure Mode — Key Never Touches the Server

Client A → crypto.getRandomValues(128-bit key)

URL hash → /room/ABCDEF#a1b2c3...key

↑ hash fragment: browser-private, never sent

Text → AES-256-GCM encrypt → Supabase DB

Files → encrypt raw binary → Supabase Storage

Client B → reads key from URL hash

→ decrypts locally — never touches server

Supabase breach → useless ciphertext

How the sync works

Differential Sync, Not Full Replace

Only the diff — insert or delete operation — is broadcast on each keystroke via Supabase broadcast channels. The database syncs every 2 seconds as a fallback for late joiners.

Room Destruct

One button deletes the room row, all content, and every file in storage. A postgres_changes DELETE event fires across all connected clients instantly — ROOM VAPORIZED on every screen.

Zero Infrastructure Cost

Runs entirely on free tiers. Supabase for realtime + storage. Cloudflare Pages for hosting. Auto-deploys from GitHub main.

↗ GitHub ↗ Live App

03PincodeDB API

Open Source · Archived ↗ GitHub

// 03 / 04 — Serverless AWS Backend · Python · SAM · DynamoDB

PincodeDB API

A serverless, multi-tenant backend that turns any CSV of postal codes into a private, queryable REST API. Upload the CSV, get a live API back — no server provisioning, no database setup, no shared tenancy at the query level.

Python 3.13 AWS Lambda (ARM64) API Gateway DynamoDB S3 CloudFormation / SAM SSM Parameter Store SQS DLQ CloudWatch SNS X-Ray EventBridge RapidAPI pytest + moto GitHub Actions

PincodeDB full AWS serverless architecture diagram showing Lambda functions, DynamoDB, S3, and API Gateway

Upload & Ingestion Flow

Subscribe on RapidAPI

Get an API key. No registration call needed — user provisioning happens on the first real request.

POST /postal-code/upload

API returns a presigned S3 POST URL and a datasetId. The CSV never passes through API Gateway.

Client uploads directly to S3

File goes straight from client to S3, bypassing API Gateway's 10MB limit. Size limits enforced by the presigned policy, tied to the user's tier.

S3 event triggers ingestion

S3 fires an ObjectCreated event. The processor Lambda parses the CSV, validates schema, and batch-writes to DynamoDB.

Poll status → query

GET /dataset/{id}/status → SUCCEEDED. Then query and get your own data back instantly.

By the Numbers

Lambda functions

DynamoDB tables

GSIs

155K

Public fallback records

~40

Tests (moto, no real AWS)

SAM template for everything

Built, deployed live on AWS, listed on the RapidAPI marketplace, and taken down when the free tier expired. The entire production source — infrastructure-as-code, all Lambda handlers, test suite — is open on GitHub.

The interesting parts aren't the domain. The interesting parts are the multi-tenancy design, the JIT provisioning pattern, and building end-to-end operational visibility on a fully serverless stack.

Architecture Decisions

Auth / Provisioning

JIT User Provisioning — No Signup Flow

The Lambda authorizer does everything on every request: validates the RapidAPI proxy secret, looks up the user, creates them if they don't exist, and syncs their tier if they've upgraded or downgraded. No onboarding webhook, no separate registration endpoint, no periodic sync job.

Storage

Presigned S3 Upload — API Gateway Never Sees the File

The upload endpoint returns a presigned S3 POST URL. The client uploads directly to S3 — API Gateway's 10MB limit never applies. S3 fires an event, the processor Lambda wakes up. The API itself never touches the raw CSV data.

Multi-Tenancy

Single-Table Design — Cross-Tenant Leakage Impossible at Query Level

All tenants share one DynamoDB table, partitioned by internalUserId. Three GSIs cover three access patterns. Isolation enforced structurally at the query — not by application-level filtering.

Operations

Kill Switch via SSM

One SSM parameter: /pincode-api/enabled. Set it to false and the authorizer denies every request globally, instantly — no deployment, no code change.

Enterprise Tier

Dynamic CSV Schema

Growth/Enterprise tiers accept any CSV. Extra columns stored as a customData map in DynamoDB and returned as-is. A logistics company uploads pincode,sla,risk,is_serviceable — no schema pre-registration.

Observability

Custom CloudWatch Metrics + X-Ray Traces

Every Lambda emits LatencyMs, RequestsOk, RowsIngested via aws-embedded-metrics. X-Ray distributed tracing. SQS DLQ depth alarm wired to SNS.

Under the Hood

src/auth/app.py — JIT User Provisioning

def handler(event, context):
    # Every request: validate → lookup → provision/sync
    _validate_proxy_secret(event['authorizationToken'])

    marketplace_id = _extract_marketplace_id(event)
    current_tier   = _get_tier_from_headers(event)

    user = users_table.get_item(
        Key={'marketplaceId': marketplace_id}
    ).get('Item')

    if not user:
        # First request — create user on the spot
        user = _provision_user(marketplace_id, current_tier)
    elif user['tier'] != current_tier:
        # Subscription changed — sync immediately
        user = _sync_tier(user, new_tier=current_tier)

    return _build_allow_policy(
        principal=user['internalUserId'],
        context={
            'userId': user['internalUserId'],
            'tier':   user['tier'],
        }
    )

shared/utils.py — Kill Switch + Tenant Isolation

def is_api_enabled(ssm) -> bool:
    """
    One SSM parameter. Instant global shutoff.
    No deployment. No code change.
    """
    param = ssm.get_parameter(
        Name='/pincode-api/enabled'
    )
    return param['Parameter']['Value'] == 'true'


def query_pincodes(table, user_id: str,
                   pincode: str) -> list:
    """
    Single-table multi-tenancy.
    All tenants share one table — partition key
    is internalUserId. Cross-tenant leakage is
    impossible at the DynamoDB query level.
    """
    return table.query(
        KeyConditionExpression=(
            Key('internalUserId').eq(user_id) &
            Key('pincode_officename').begins_with(
                pincode
            )
        )
    )['Items']

Tier Model

Tier	Max File	Max Rows	Max Datasets	Dynamic Schema
FREE	50 KB	250	1	No
BUSINESS	10 MB	1,000,000	50	No
GROWTH	20 MB	5,000,000	200	Yes
ENTERPRISE	50 MB	25,000,000	1,000	Yes

↗ GitHub

04ContextForge

Live ↗ GitHub

// 04 / 04 — Windows Desktop App · Flutter · Dart

ContextForge

A Windows desktop app for preparing codebases to paste into an LLM's context window. Drop a folder, configure what to exclude, hit one button — get a clean structured dump with a file tree, ready for Claude, GPT, or anything else.

Flutter (Windows x64) Dart fluent_ui flutter_acrylic Windows Mica / Acrylic Dart Isolates AES-256 provider desktop_drop

ContextForge main screen with a folder opened, showing the file tree and exclusion panel

Key Capabilities

Performance

Non-Blocking Scans via Dart Isolates

File scanning runs in a separate Dart isolate using compute(). The UI never freezes, even on large codebases. Disk writes use a streaming chunk-by-chunk approach — massive outputs don't blow up RAM.

Exclusion System

GitIgnore-Aware · Per-Project Config That Travels with the Repo

Parses .gitignore and respects it during scans. Exclusion settings stored in a .exclusion_settings.json file at the project root — not locked to the machine or app install.

Output

Plain Text · XML (CDATA) · Markdown Code Blocks

Three output formats depending on what your LLM context window handles best. Token estimation with a color-coded budget indicator — green → orange → red as you approach the limit.

Presets

Project Type Profiles — Standard · MuleSoft · Python · React

One click applies the right exclusion profile for the project type. node_modules, build, .git, binaries, and type-specific artifacts excluded by default.

Windows 11 Fluent Design — Mica / Acrylic Glass

Built with fluent_ui and flutter_acrylic. Native Windows Mica and Acrylic glass effects. Dark, light, and pitch-black themes with multiple accent color flavors.

Architecture

Clean Separation: AppState · SettingsService · FileService

AppState (ChangeNotifier) manages UI state. SettingsService handles persistence. FileService does all heavy I/O in isolates. Pages are thin UI shells.