Andrei Costa, Backend Engineering Lead at Product.ai
Backend Engineering Lead

Andrei Costa

Backend Engineering Lead · Product.ai

Brazilian backend engineer with a formal-methods MSc behind the production code. Owns the backend of the code-verification system that tells consumers whether a coupon actually works at merchants outside the easy-to-check storefronts — plus the core backend services the rest of the platform is built on top of.

Came up through category theory and graph grammars, not CRUD apps. Ten-plus years turning rigor into infrastructure that doesn’t break. Stewardship-first by identity — “the real win is the incidents that never occur.”

LinkedIn → dblp · published research →
Tenure
Founding era · 10-yr backend operator
Based
Rio Grande do Sul, Brazil
Owns
Code verification · core backend services
Prior
ADP Brazil Labs · Nelogica · UFRGS
10+
Years in backend systems — formal methods to production scale
6
Production languages shipped — Haskell through C
90%+
Code-verification accuracy target for hard-to-check merchants
2016
Peer-reviewed publication — Verigraph (SBMF, Springer)
About

Brazilian backend engineer with a formal-methods MSc behind the production code — the one who turned a graph-rewriting verification thesis into ten years of incident-free infrastructure.

10+ yrs
formal methods → production backend
6
production languages — Haskell included
90%+
code-verification accuracy target
2016
peer-reviewed publication
The range

01 · Owned surface

Code Verification

Backend owner of the system that verifies coupon-code restrictions for merchants you can’t simply ask through an API. Promotion pipeline, autonomous execution, accuracy gating. The “does this code work?” gap closes here.

02 · Owned surface

Core Backend Services

The merchant and promotion data services the rest of the platform builds on. Migrations, hardening, semantic correctness. The substrate everyone else ships on top of.

03 · Owned surface

Incident Response

Rollout storms, graceful-shutdown races, silent-drop config bugs. Diagnoses fast, fixes once, documents the trap for the next person.

04 · Sharpened over time

Data Pipelines & Sensing

Event capture and processing for the systems that sense how merchants and promotions behave in the wild. Backend support to the broader data platform.

05 · Sharpened over time

Migration & Modernization

Porting legacy jobs onto modern infrastructure with the semantics preserved. One migration dropped a broken count from tens of thousands of bad rows to two.

06 · Off the résumé

Formal Reasoning

The Haskell and graph-grammar background that lets him spot when a diagnostic is reasoning over a contract the code is quietly violating. Most backend engineers don’t have this floor.

Marquee stops

From formal methods to AI-commerce backend — one through-line: rigor.

2025 → Now · Product.ai
Product.ai
Backend Engineering Lead
Owns the core backend services platform — migrations, hardening, stability — and the code-verification system that tells consumers whether a coupon actually works at merchants without an easy API to check. Shipped a fix that ended a recurring rollout-error storm; ported a crashing data job off a legacy stack; led the promotion pipeline behind the verification effort. Two lanes in parallel: build the new system, keep the existing one from breaking.
Code verification + backend stability
Before Product.ai
Several years · ADP Brazil Labs
ADP Brazil Labs
Technology Architecture Lead
Architecture leadership at ADP’s Brazil R&D center — the enterprise-payroll giant’s regional engineering hub. Translated formal-methods rigor into systems that move real money for real employees, the same posture he now applies to verification accuracy at scale.
Architecture Lead · enterprise payroll
Several years · Nelogica
Nelogica
Backend Systems Engineer
Backend systems at one of Brazil’s largest trading-technology platforms. Low-latency, high-reliability finance infrastructure — the ground where “the math has to be right or money disappears” became the bar everything else gets measured against.
Trading-platform backend
~2014 → 2018 · UFRGS
UFRGS — MSc, Formal Methods
MSc Computer Science · graph grammars · verification
Master’s at Universidade Federal do Rio Grande do Sul, one of the top federal research universities in Latin America. Co-authored Verigraph: A System for Specification and Analysis of Graph Grammars (SBMF 2016, Springer). The training where “build the proof, not just the feature” became muscle memory.
Verigraph · SBMF 2016 · Springer
Undergraduate · UFPel
Universidade Federal de Pelotas
BSc Computer Science · Formal Methods specialization
Undergraduate CS with an explicit formal-methods specialization — Haskell, category theory, and term-rewriting systems. The substrate-level reasoning most production backend engineers never get exposed to.
CS + Formal Methods
The origin

UFRGS, Haskell, and a paper most production engineers never wrote.

Andrei came up through the federal Brazilian CS pipeline — undergrad at UFPel with a formal-methods specialization, then graduate school at UFRGS. The training wasn’t applied software engineering. It was category theory, term rewriting, graph grammars, and verification — the substrate beneath software, not the software itself.

At UFRGS he co-authored Verigraph, a system for specifying and analyzing graph grammars, published at SBMF 2016 and indexed on dblp and Springer. The design principles in that paper are the same instincts that show up in his production code: an implementation as direct as possible of the formal concepts, a generic implementation of the core algorithms, a reasonable running time.

From there: backend systems at Nelogica, technology architecture at ADP Brazil Labs, then Product.ai from the founding era forward. Each chapter raised the bar for what counts as right. The formal-methods background didn’t fade — it became the lens.

I’ll solve incidents when they happen, but the real win is the incidents that never occur. Removing old code is more satisfying than adding new. Andrei, on how he works
Operating code

Six principles that show up across his shipping and his specs.

01 Identity

Prevention over heroics.

Solving the incident is the visible work. Designing so the incident never happens is the work he picks. Stewardship-primary by default.

“I’ll solve incidents when they happen, but the real win is the incidents that never occur.”

02 Method

Minimalism — remove before you add.

Removing unused or old code beats shipping new. The smallest patch that restores the contract is the right patch. Ten lines, not a thousand.

“Removing unused or old code is more satisfying than adding new.”

03 Orientation

Autonomy grounded in metrics, not vibes.

Trusted to own a domain — but only when ownership is anchored to measurable signals: error rates, freshness counts, classifications. Numbers, not opinions.

“Autonomy matters to me, but the kind grounded in metrics, not vibes.”

04 Communication

If it matters, put it in text.

Calls lose context. Short plans over chat, full written specs for longer-range direction. Comes with a recommendation, not just a question.

“I avoid calls for knowledge transfer — too much context gets lost when it’s not written down. If it matters, put it in text.”

05 Scope

Minimum scope, end-state preserved.

The fix doesn’t trigger a fleet-wide audit; the patch doesn’t refactor the whole legacy file. Solve the named problem; leave the rest of the surface untouched.

“The fix is enough for now.”

06 AI posture

Direct AI with real judgment.

Neither AI-free nor AI-dependent. Knows when the AI is right, knows when it’s wrong, and has the depth to tell the difference. Aiming to be the debugger AI can’t replace.

“Be the person who debugs core infrastructure with AI plus critical human thinking — directing AI with real judgment.”

The lane

Owns vs. anti-goals — the lane is explicit on purpose.

A lane only works if both sides of it are named. Andrei carries the backend that has to stay up, and refuses the work that would pull him off it. The discipline keeps the platform stable.

Code verification

owns

The system that tells consumers whether a code actually works.

Backend owner of the verification system for hard-to-check merchants — promotion pipeline, autonomous execution, accuracy gating. If he left, this would stall.

Core backend services

owns

The merchant + promotion data layer everything builds on.

Migrations, stability, hardening, semantic correctness. The substrate the rest of the platform depends on — and the surface nobody else is staffed to backstop.

Incident response

owns

Rollout storms, shutdown races, silent-drop config bugs.

Diagnose fast, fix once, document the trap. An on-call rotation that never pages is the win — not the one that pages bravely.

End-user frontend ownership

anti-goal

Out of scope — by design, not by gap.

Fixes adjacent to backend work are fine; ownership is not. Greenfield platform builds and fleet-wide audits on every incident are also off the lane. Minimum surface, end-state preserved.

Published research

What sits on the open web from the formal-methods era.

SBMF · Springer 2016

Verigraph: A System for Specification and Analysis of Graph Grammars

Co-authored at the Brazilian Symposium on Formal Methods. A tool built on formal correctness, generic core algorithms, and reasonable runtime — the same instincts visible in his production reasoning today.
dblp · Author record Indexed

Andrei Costa — computer science bibliography

The public research trail — peer-reviewed work indexed alongside the formal-methods literature. Rare to find behind a commercial backend engineer.
What sets him apart

Six combinations rare individually. Unusual to find in one engineer.

Formal-methods MSc behind production backend

Most senior backend engineers came up through CRUD apps. Andrei came up through category theory and term rewriting — the substrate beneath the substrate.

A peer-reviewed paper in the trail

Verigraph (SBMF 2016, Springer) is indexed on dblp and Springer. A published-research trail is rare in commercial backend engineers.

Ships Haskell alongside Python, JS, Java, PHP, C

Six production languages, including one most engineers never touch. The Haskell isn’t ornamental — it’s the lens for how he reads contracts and invariants.

Stewardship-primary by identity, not by exception

Most senior engineers chase greenfield. Andrei deliberately carries the systems that have to stay up, because “the real win is the incidents that never occur.”

Two lanes in parallel without dropping either

Building a new verification system AND keeping the existing backend from breaking. Most engineers run one well or two badly.

Diagnostic honesty over diagnostics that look clean

When a fix made a broken count look fixed but a re-run disagreed, he chased the contradiction instead of taking the win. Most engineers would have stopped at the first number.

Every claim on this page is independently sourced — career history and the published paper are publicly verifiable. See the record →
The through-line

Notice the broken contract, write the smallest patch that restores it, document the trap so nobody hits it twice. The ten-line fix with a three-day investigation behind it. The peer-reviewed paper behind the production code.

Product.ai builds with engineers like Andrei — rigor underneath, restraint on top. See open roles →

Connect on LinkedIn See the team