Selected work

Reference builds from our own engineering — production-shaped systems spanning multi-tenant SaaS, grounded LLM / RAG platforms, cross-platform mobile, and compliance-aware architecture. Client details are kept confidential; what follows is the capability each system demonstrates.

  • Healthcare — hospital medical affairs

    Clinical Education Operations Platform

    The problem

    Multi-institution clinical education ran on spreadsheets and email — manual tutor matching, untracked teaching hours, and sensitive trainee documents processed by hand. None of it was auditable, and student data crossed institutional boundaries it shouldn’t.

    What we built

    A unified platform for a hospital group’s clinical-education operations — managing students, tutors, and teaching-hour billing across multiple institutions, with AI-assisted document processing and matchmaking.

    • Three-tier LLM orchestration (Claude Haiku / Sonnet / Opus) routed per task class, with per-request and per-institution daily cost ceilings enforced in Redis.
    • Six-stage document pipeline that tokenises Singapore NRICs before any AI call, then routes by confidence — auto-commit above 0.90, human review between 0.70 and 0.90, blocked below.
    • AI-assisted matchmaking and a clinical-curriculum RAG that retrieves then LLM-re-ranks learning objectives, with every model output schema-validated.
    • Per-institution row-level security enforced in Postgres via a per-request session GUC, isolating tenants at the database layer.
    • PII-masked, append-only audit logging — every payload redacted and tenant-scoped before it is written.
    • NestJS 11
    • Next.js 15
    • PostgreSQL 16 + pgvector
    • Prisma
    • AWS Bedrock
    • BullMQ / Redis
  • Financial services — regulatory compliance (RegTech)

    Regulatory Intelligence Engine

    The problem

    Compliance teams can’t read every regulator notice, circular, and guideline in time — and generic AI invents clause numbers and obligations that no auditor will accept. Worse, when a rule quietly changes, no one can see what moved or whether the firm’s own internal policy still covers it until an inspection finds the gap.

    What we built

    A RegTech platform that crawls financial-regulator publications, extracts binding obligations, and answers compliance questions through a hallucination-guarded RAG interface — then continuously checks those obligations against the firm’s own policies and alerts on every gap.

    • Source-traced RAG: every answer cites its regulatory source chunk; ungrounded responses are rejected before they reach the user.
    • Regulatory-change alerting: a scheduled job re-checks every published obligation and raises an alert (webhook or email) the moment a new or amended rule is no longer covered — gaps tracked through to resolution.
    • Rule-version redlining: every version of a regulator document is retained, so the current source-of-truth can be shown side-by-side with any prior version as a word-level diff of exactly what changed.
    • Company-policy gap analysis: each regulatory obligation is semantically scored against the firm’s own internal policies, and any obligation with no adequate policy coverage is flagged as a tracked gap.
    • Obligation extraction with binding-weight classification across seven regulatory document types.
    • Append-only, banking-grade audit logging with OIDC / SAML-verified identity; on-premise / air-gapped deployment with local LLM serving (vLLM) supported.
    • FastAPI
    • Next.js 16
    • PostgreSQL + pgvector
    • Celery / Redis
    • AWS Bedrock / Claude
    • vLLM
  • Public sector — HR & recruitment

    Multi-Tenant Recruitment Platform (Gov-Cloud)

    The problem

    Government hiring is slow, manual, and spread across disconnected tools — while strict data-isolation and in-country residency rules rule out most off-the-shelf recruitment platforms. Recruiters drown in resume screening that AI could triage.

    What we built

    A multi-tenant applicant-tracking SaaS for government agencies on government commercial cloud, with in-region AI for resume parsing and semantic candidate search.

    • Hard tenant isolation: a per-tenant database connection plus per-tenant KMS key aliases, with separate keys for general data, interview notes, and exports.
    • Enterprise SSO implemented end-to-end — SAML 2.0, OIDC (PKCE), SingPass NDI, and SCIM 2.0 directory sync — with SMS OTP and step-up MFA on sensitive actions.
    • In-region AI on Bedrock — resume parsing, semantic candidate search, and interview-note summarisation — each gated by a DLP scanner (NRIC / FIN / passport / contact patterns) before any model call.
    • Dual-control bulk export: a second approver and a step-up token are required, releasing a 15-minute presigned, tenant-key-encrypted download.
    • Fully Terraform-provisioned (17 modules) across multi-AZ, with a WORM audit bucket (S3 Object Lock, COMPLIANCE mode) and UUIDv7 time-ordered audit rows.
    • FastAPI
    • Next.js 15
    • PostgreSQL 16 + pgvector
    • Terraform
    • AWS GCC 2.0
    • AWS Bedrock
  • Consumer — communications & fintech

    Cross-Platform Communications & Payments App

    The problem

    People juggle separate apps to chat, call, and pay — and the constant context-switching is friction, especially when a payment means leaving the conversation to open a banking app and copy details across.

    What we built

    A cross-platform mobile app unifying real-time messaging, peer-to-peer video calling, and QR-code payments in a single Capacitor-wrapped codebase.

    • WebRTC peer-to-peer audio / video with real-time MediaPipe segmentation — live background blur and virtual backgrounds composited on a canvas stream.
    • One Next.js codebase shipped two ways: an installable, service-worker-cached PWA and an Android build with a native Java plugin that detects and launches other apps.
    • SGQR / PayNow QR scanning that parses the EMVCo payload and launches the right native bank app via an Android intent.
    • Supabase Realtime messaging with optimistic send and an offline outbox — failed sends queue in local storage and flush on reconnect.
    • Emergency SOS that captures and reverse-geocodes the user’s location and pushes it to contacts.
    • Next.js 16
    • React 19
    • Capacitor 8
    • Supabase
    • WebRTC (simple-peer)
  • Education — school administration

    School Operations & Timetabling SaaS

    The problem

    Building a school timetable by hand takes weeks and still produces clashes, and covering a sudden teacher absence means hours of frantic phone calls — with no guarantee the cover load is shared fairly.

    What we built

    A multi-tenant SaaS for school timetabling, relief-teacher planning, and mobile attendance, powered by a constraint-solving scheduling engine.

    • An OR-Tools CP-SAT solver generating clash-free timetables — enforcing teacher, room, and class non-overlap plus full curriculum coverage, while respecting teacher qualifications.
    • Automated relief-teacher allocation: approving a leave writes a transactional outbox event a worker drains within seconds to a solver that optimises for teaching continuity and fair workload balance.
    • Privacy-preserving mobile attendance (React Native / Expo): the on-campus check is computed on-device by haversine distance and only a boolean is sent — raw coordinates are never persisted.
    • Database-per-tenant isolation with per-tenant KMS keys; the scheduling engine connects read-only under a least-privilege, RLS-scoped role.
    • Transactional outbox (at-least-once, SELECT … FOR UPDATE SKIP LOCKED) and an append-only audit trail that HMACs the actor identity under a per-tenant key.
    • NestJS
    • Next.js
    • Expo / React Native
    • FastAPI + OR-Tools
    • PostgreSQL (db-per-tenant)
  • Web3 — decentralised finance (reference build)

    On-Chain DeFi Protocol (Lending Vault + AMM)

    The problem

    On-chain financial logic is unforgiving — a single math or accounting bug is irreversible and can drain a pool. Most DeFi code reaches audit with thin tests, where the expensive findings surface late.

    What we built

    A Solidity DeFi protocol pairing a token vault with a constant-product automated market maker — deposit / withdraw, liquidity provision, and on-chain swaps — fronted by a typed React dApp. A reference implementation, not an audited or mainnet-deployed protocol.

    • Constant-product (xy=k) AMM with a 0.3% fee, LP-token mint / burn, and slippage-protected swaps (a minimum-output check on every trade).
    • SafeERC20 for every token transfer and OpenZeppelin math (sqrt / min) for liquidity-share accounting, with an indexed event on every state change.
    • Tested under two frameworks — Foundry (forge) and Hardhat — covering deposit, withdraw, and the full add-liquidity / swap / remove-liquidity path.
    • A typed React dApp (wagmi + viem + ethers) over the contracts, with a Next.js server-side relayer route for dev-mode account funding.
    • Solidity ^0.8.24
    • Foundry
    • Hardhat
    • OpenZeppelin
    • Next.js 16
    • wagmi / viem / ethers