Case Studies

Community Needed Enterprise Features on a Startup Budget

A community organization needed a full-featured platform with real-time messaging, event management, member directories, and privacy protection. Traditional development estimates ranged from $381K to $736K with 12-18 month timelines.

Content Engineer + AI Paradigm

Solo developer leveraging AI-assisted development - not "vibe coding," but a disciplined engineering process where a human architect directs AI tools to produce production-grade output. Every line reviewed. Every pattern intentional.

• End-to-end encrypted messaging with key exchange
• PWA with offline support and push notifications
• WCAG 2.1 AA accessibility compliance
• Real-time updates via Supabase subscriptions
• 233 row-level security policies for data isolation
• Event management with RSVP and calendar sync

Sensitive Data Can't Leave the Device

Veterans need help navigating complex VA disability claims - understanding regulations, rating criteria, and documentation requirements. But personal health information and service records are extremely sensitive. Sending that data to a cloud API is a non-starter.

AI That Runs Entirely in the Browser

Instead of calling OpenAI or any external API, the entire AI pipeline runs in the user's browser. LLM inference, RAG retrieval, voice processing, and OCR - all on-device. Zero network calls for personal data. Ever.

• On-device LLM inference - no API calls, no data exfiltration
• RAG pipeline over VA regulations and rating criteria
• Voice input and output for accessibility
• Document OCR for scanning VA paperwork
• Works fully offline once loaded
• Free to use - no accounts, no subscriptions

Compliance Framework Overload

Organizations subject to multiple regulatory frameworks (FedRAMP, SOC 2, HIPAA, GDPR, etc.) face massive redundancy. The same control - "encrypt data at rest" - appears in different language across every framework. Teams waste months re-documenting the same controls.

Codify Everything. Map Once. Export Anywhere.

Treat compliance like code: version-controlled, testable, and machine-readable. Map controls across all 10 frameworks to identify overlaps, generate NIST OSCAL catalogs for interoperability, and provide developer tools for inline compliance checking.

• 10 regulatory frameworks cross-mapped with shared controls identified
• NIST OSCAL export for GRC tool interoperability
• AI-assisted compliance review (offline + Claude API)
• VS Code extension with IntelliSense for control IDs
• MCP server for AI assistant integration
• Automated evidence collection and gap analysis

Proving Systems-Level Engineering Depth

Web portfolios are common. Proving you can architect large-scale C++ systems with real-time constraints, memory management, and modular plugin architecture? That requires building something substantial.

Full UE5 Game with Enterprise Patterns

Build a complete RPG with the Gameplay Ability System, modular architecture (17 separate modules), automated testing, and custom MCP integration for AI-assisted game development.

• GAS-based combat: combo, block, dodge, magic, ranged, melee
• 78+ automation tests for regression safety
• Save/load system with serialization
• Object pooling for performance optimization
• Custom gameplay debugger for runtime inspection
• 68 native gameplay tags for clean event routing

Practice What You Preach

Most portfolio sites claim expertise in security, accessibility, and compliance - but their own codebase doesn't demonstrate any of it. If you're selling best practices, your portfolio should be the proof.

Recursive Portfolio Architecture

The site itself demonstrates everything it advertises. Compliance engine? Built in. WCAG accessibility? Tested and validated. Security headers? A+ rated. CI/CD pipeline? 4-stage with SAST, DAST, and SBOM generation.

• 12 compliance frameworks with 651+ controls codified
• VPAT (Voluntary Product Accessibility Template) generation
• AI guardrails with prompt injection defense
• PIV/CAC authentication flow for federal clients
• WCAG 2.2 accessibility throughout
• 4-stage CI/CD: CI → CodeQL SAST → OWASP ZAP DAST → Release with SBOM

Veterans Need Real Connection, Not Another Directory

Veteran isolation is a crisis. Existing platforms offer directories and forums, but nothing that creates genuine, real-time connection with Battle Buddy matching, mutual aid, and community support — the kind of platform that usually requires a team of 5-10 engineers.

Full Social Network Architecture, Solo Build

Build a complete social platform with real-time messaging, push notifications, image processing, OAuth with military verification, and content moderation — all as a single developer leveraging AI-assisted engineering.

• Battle Buddy matching by branch, era, location, and interests
• Groups & communities with real-time messaging
• WebSocket-powered live updates, typing indicators, online presence
• VSO Finder for veteran service organizations
• Mutual aid system (request/offer help: transportation, housing, food, employment)
• Crisis Support with 24/7 Veterans Crisis Line integration
• OAuth + ID.me military verification
• Image uploads with automatic optimization
• Push notifications (browser) + HTML email notifications
• Admin dashboard with content moderation and audit logs

Music Platforms Take Too Much, Give Too Little

Artists lose 15-30% of revenue to platforms. Distribution is locked behind gatekeepers. DDEX compliance is a nightmare. Musicians need a platform where they own their data and keep 100% of their revenue.

Vertical SaaS — Payment to Distribution in One Platform

Build a vertically integrated music platform: Stripe Connect for split payments, Cloudflare R2 for zero-egress content delivery, DDEX for industry-standard distribution, and Playwright for end-to-end quality assurance.

• DDEX industry-standard music distribution export
• Stripe Connect split payments & subscriptions
• Cloudflare R2 storage (S3-compatible, zero egress costs)
• Artist dashboard & analytics
• Fan storefronts with custom theming
• Album/track management with metadata
• Playwright E2E testing

Tax Software You Can't Trust

Tax preparation software handles the most sensitive financial data imaginable, yet most tools send everything to a server, use single-algorithm calculations, and offer zero legal traceability. Service-disabled veteran business owners face unique tax complexities that generic software handles poorly.

Client-Side Only, Dual-Algorithm Verification

All data stays in the browser, encrypted with AES-256. Every calculation is verified by two independent algorithms that must agree before any number is accepted. Every field is mapped to specific IRS legal citations for full traceability.

• Double-Blind Calculation Validation — two independent algorithms, locks on discrepancy
• Legal Citation Layer — every field mapped to specific IRS codes (26 USC, IRS Publications)
• SHA-256 cryptographic integrity for tamper detection
• All data stays in browser (AES-256 encrypted, zero-trust architecture)
• Form 1040, Schedule C, SE tax, Section 179, Bonus Depreciation, MACRS, QBI
• Portland/Multnomah County specific tax calculations
• Auto-generated project health dashboard (tests, coverage, architecture checks)