Projects in Production
AI-Powered SaaS Infrastructure for product management and commercial margin optimization. Enforces per-tenant PostgreSQL Row Level Security with zero shared-schema exposure — validated under concurrent write loads with no cross-tenant data leakage. Automated schema hardening: table-level security policies, service-role-only write paths, and revoked public schema access eliminate all privilege escalation vectors at the database layer. Pre-algorithmic FinOps engine filters 82.4% of token context before any Anthropic API invocation — quantified, repeatable cost reduction per analysis cycle. INSERT-only immutable audit log aligned with Swiss DSG/nDSG provides tamper-proof traceability for every pricing decision. Chaos Engineering Lab (3 failure modes) validates 100% fault tolerance at Vercel edge nodes.
Next.js 16TypeScriptSupabase RLSAnthropic APIVercel EdgeRLS multi-tenant82.4% API cost cutDSG audit trail
Production platform for a Basel-based facility services company — live at dnamar.ch since April 2026. Full SMTP infrastructure migration from Resend to self-hosted Nodemailer (NOVATREND, port 465 SSL/TLS) — eliminating all third-party transactional email dependencies and ensuring Swiss DSG-compliant data residency for contact submissions. JSON-LD LocalBusiness structured data with explicit addressLocality Basel and areaServed: [CH, LI] drives targeted organic indexing for facility services searches across NW Switzerland. Trilingual SSG (DE/EN/ES), 100/100 Lighthouse across all four metrics, verified and indexed in Google Search Console.
Next.js 16Nodemailer SMTPJSON-LD SEO100/100 LighthouseIndependent SMTPLocal SEO Basel
Multi-tenant SaaS platform allowing businesses to deploy Claude-powered WhatsApp agents without code. Full 9-phase implementation: SSR auth, tenant isolation, agent lifecycle, RAG knowledge base, WhatsApp webhooks, lead capture, AI↔human handoff, analytics, and billing readiness. RAG pipeline: document chunking, OpenAI embeddings (text-embedding-3-small, 1536-dim), pgvector semantic search. AI↔human handoff system with async state control and RBAC (owner/admin/agent_manager/human_agent). 100% RLS coverage across all tables with workspace-scoped policies — zero secrets exposed client-side. Validated with 52 automated smoke tests (0% failure rate), 4 health checks, and a full E2E runbook. Factory/Strategy pattern for hot-swap embedding provider with zero code changes.
Next.js 16Claude APIpgvector RAG52 tests · 0 failRAG pipelineMulti-tenant RLS
Enterprise helpdesk platform with MCP-powered CI/CD hardening. Deployed Zero-Trust CORS: dynamic middleware replacing wildcard (*) policies, validating Origin against ALLOWED_ORIGINS env var. Defensive Bash CI/CD scripts eliminate silent-failure pipelines by isolating http_code, headers, and payloads. Supabase multi-schema isolation (.schema('helpdesk') vs public) prevents cross-schema data leakage. Vitest integration with high-fidelity Supabase/Resend mocks — 8/8 tests green, --passWithNoTests permanently removed. Zod structural validation (z.infer<>) eliminates any-typed MCP tool inputs. MCP Server on Vercel SSE exposes 7 autonomous AI tools with strict LLM/DB separation. Multi-tenant RBAC, automated SLA breach detection, trilingual (DE/EN/ES), Swiss DSG/nDSG compliant.
Next.js 15MCP ServerClaude AI7 MCP toolsZero-Trust CI/CDDSG compliant
Fully autonomous audit pipeline. GitHub Actions fires hourly → Vercel Edge Function queries Supabase → AI analysis via MCP → Resend delivers branded executive HTML reports. Claude reads live business context through 7 MCP tools without direct DB access. Full audit cycle in under 11 seconds with zero human intervention. Service-role secured. Swiss DSG aligned.
Vercel EdgeGitHub ActionsMCP Protocol<11s audit cycleZero interventionSwiss DSG aligned
AI-powered job matching platform. Candidates upload their CV and Claude AI extracts their full profile automatically, then matches them against live job offers using 4-dimensional scoring: Hard Skills, Experience, Culture Fit, and Logistics. Recruiters only see candidates above 90% match — alerts via WhatsApp and email.
Next.js 16Claude AISupabaseAI CV parsing4D match scoringWhatsApp alerts
Freelancer invoice automation SaaS. Upload a receipt photo or PDF and Claude Vision AI extracts all fields — client, amount, date, VAT — and generates a professional invoice ready to send. No manual data entry. Multi-currency (EUR/CHF), PWA installable, fiscal validation for Spain and Switzerland.
Next.js 16Claude Vision AISupabaseAI OCR extractionAuto invoice generationEUR · CHF
End-to-end logistics SaaS for international courier operations. Three-tier RBAC (Admin / Staff / Client) with automatic role assignment on registration. Full package lifecycle (Arrived → Ready → Picked Up) with Canvas API digital delivery proof — in-browser signature capture and photo upload. Multi-channel notifications on every status change via Twilio WhatsApp Business API and Resend branded email. Analytics dashboard: revenue by period, package volume, top clients. AI-audited security: JWT + bcrypt + Helmet, Zod validation on all API inputs, zero exposed credentials in git history. Public zero-login tracking at /track/[number] — SEO-friendly, fully translated. Native 6-language i18n (DE/EN/ES/FR/IT/PT) with zero page reload on switch. PWA installable.
Next.js 14Node.js/ExpressTwilio · Resend3-tier RBAC6-language PWAAI-audited security
Privacy-aware public goods funding interface inspired by community governance platforms. Connect an injected wallet, switch to Sepolia, read live balance and block data, then sign a non-financial support intention with transparent consent messaging.
Next.js 16wagmiviemTypeScriptWallet connectSepolia readsEVM message signing
Music lesson marketplace product lab: browse teacher profiles, reserve a session through Stripe Test Checkout, protect bookings with Supabase Auth and RLS, onboard teacher payouts through Stripe Connect, and process payment webhooks idempotently.
Next.js 16Supabase RLSStripePlaywrightTest checkoutSeller payoutsIdempotent webhook