Selected builds, systems, and tradeoffs. Raintree product pages live at raintree.technology.
Selected projects
17 projects
Agent Safety & Evals(4)
Apps(4)
Context & Developer Tools(3)
Data & Intelligence Systems(1)
Product SaaS(2)
Systems & Low-Level(1)
Music & Creative Systems(2)
FlightSweeper
Travel SaaS / personal case study
Sweeps, booking, and encrypted PII
What I built
Live Duffel flight-search and booking workflow with month sweeps, Pro gates, and ticketing safeguards.
live fares
Duffel
ticketing
2-phase
PII encrypt
AES-256-GCM
prod guard
RLS x14
Stack
pnpm monorepo
Next.js 16
React 19
Hono API
Expo iOS path
Duffel
Stripe
Drizzle + Neon
Upstash Redis
Runtime
Route Sweep calls live Duffel offers across month windows behind per-user sweep caps, global provider budgets, retry/backoff, and a serialized 900ms provider queue.
Booking re-fetches the offer, creates a Duffel payment intent, verifies payment, issues the order, persists PNR, and refunds the payment intent if ticketing fails.
Stripe handles Pro subscriptions only; Duffel Payments handles airline ticket payment through hosted payment UI so raw card data never touches the app server.
Chat-to-book uses AI Gateway tools for live search, selection, passenger collection, payment handoff, and explicit confirmation instead of fabricated fares.
Data model
Duffel offer requests, bookable offers, payment intents, orders, cancellations, fare snapshots, cost telemetry, and cached sweep results drive booking state.
Users, sessions, saved routes, Stripe subscription state, referral events, chat transcripts, and AES-256-GCM encrypted passenger records live in Postgres.
Airport, airline, destination, route, passenger, offer, sweep, mobile-session, and saved-route inputs are validated through shared schemas before provider calls.
Techniques
Canonical Duffel wrapper centralizes SDK access, timeout/circuit-breaker behavior, offer TTL caching, re-pricing, order creation, refunds, and cost telemetry.
Fare freshness carries `quotedAt` and `expiresAt`; stale offers return 410 before payment and booking confirmation runs against freshly validated offers.
Postgres RLS plus explicit `userId` filters scope sweeps, orders, saved routes, offers, trips, and ownership failures as 404s.
DOT 24-hour cancellation is authenticated, owner-scoped, unit-tested, idempotent, and reverses referral credit on cancellation/refund.
Verification
AUDIT.md verifies Route Sweep, cheapest-month, booking, chat-to-book, and price-watch use live Duffel paths, while calling out partial discovery surfaces honestly.
Production contract guard checks DB grants, 14 RLS policies, env vars, check constraints, and runtime DB role before accepting production state.
Security tests cover schema contracts, HTTP behavior, Duffel webhook verification, cookie consent, chat logs, proxy, mobile auth, and production contracts.
4% service fee is capped at $9-$29 and drops to $0 for Pro; ticket payments stay with Duffel while Stripe only manages subscriptions.
Passenger PII is encrypted at rest, cache keys avoid email where possible, and route errors log IDs rather than raw traveler data.