// system architecture · 01

WhatsApp Greeter System

Enterprise Client · asia-southeast1 · Cloud Run + Firestore

TRIGGER
💬
SleekFlow Flow
Contact sends message
to any WABA number
POST /handleIncomingMessage
{ waba_number, contact_number }
CLOUD RUN
Greeter Function
greeter service
Node.js 22
Read / Write
greeted_{waba}: date
FIRESTORE
🗄️
contacts collection
Named DB · isolated
per contact × WABA
{ greeted: true/false }
SleekFlow continues flow
🔀
Flow Decision
true → send greeting
false → skip
Monthly Cleanup Path
SCHEDULER
🕛
Cloud Scheduler
0 0 1 * *
1st of month, midnight SGT
POST /cleanupOldContacts
triggers monthly
CLOUD RUN
🧹
Cleanup Function
greeter-cleanup
Node.js 22
Delete docs where all
fields older than 30 days
FIRESTORE
🗄️
contacts collection
Stale contacts purged
PDPA compliance
// key design decisions
Date-based state (no reset job) Store greeted_{waba}: "YYYY-MM-DD" per contact. No daily reset needed — date comparison handles deduplication automatically.
Independent WABA tracking Each contact × WABA pair is tracked separately. Messaging WABA A doesn't affect WABA B greeting state.
Firestore named database Isolated from other projects in the same GCP account. Schema-free — adding new WABAs requires zero migration.
Monthly PDPA cleanup Contacts inactive for 30+ days are purged. Keeps storage lean and compliant with data minimisation principles.
// infrastructure blueprint · 02

AWS Cloud Resume Architecture

DevSecOps pipeline · S3 + CloudFront + Lambda + DynamoDB · ap-southeast-2

Continuous Integration
🧑‍💻
Dev
Local machine
VS Code + Snyk IDE
git push
VCS
🐙
GitHub
Remote repo
Triggers Actions
on: push to main
CI
⚙️
GitHub Actions
① Snyk SCA + SAST
② Selenium smoke tests
③ S3 sync on all pass
Deploy to S3 on all checks pass
☁ AWS Cloud · ap-southeast-2
📊
CloudWatch
Lambda metrics
Dashboards + alerts
💸
AWS Budgets
Cost governance
Proactive alerts
Static delivery path
ORIGIN
🪣
Amazon S3
Block all public access
Bucket policy (OAC only)
🌐
Amazon CloudFront
Origin access control
Global edge caching
🔗
Amazon Route 53
Custom DNS
jabircode.com
Serverless compute path
COMPUTE
AWS Lambda
Function URL (CORS)
Python 3.x · Boto3
Visitor counter handler
read / write
DATASTORE
🗃️
Amazon DynamoDB
Visitor count table
On-demand · atomic incr.
Route53 + CloudFront → browser
Lambda Fn URL → JS fetch
👤
User
jabircode.com
HTTPS
// key design decisions
S3 blocks all public access Content served exclusively via CloudFront with OAC. Eliminates direct bucket exposure — no public S3 URL is possible.
Lambda Function URL (no API Gateway) Reduces cost and latency for a single-function visitor counter. No API Gateway overhead needed at this scale.
DevSecOps pipeline as the gate Every commit triggers Snyk SCA/SAST and Selenium smoke tests. Deployment only proceeds on full pass.
Cost governance built-in AWS Budgets sends proactive alerts before thresholds are breached — keeping this workload predictably lean.
// case study architecture · 03

GenAI Lead Qualification + Human Handoff

Education · GenAI Agent · Rubric-based scoring · Human in the loop

Human agent connects with qualified hot lead — completing the feedback loop back to the user
🧑 User
initiates chat
GenAI Lead Qualification Agent
🤖
Live Chat Agent
Rubric-based scoring:
lead score · confidence
score · rules engine
Qualified ✓
Pre-handoff
① Ask for user details
② Summarise conversation
③ Capture consent
handoff payload
Integration Layer
🔌
Webhook Ingestion
endpoint
🔒
Validation
① Whitelisted IPs
② Idempotency check
(session ID + phone)
📝
Actions
① Create/update record
② Summarised int. note
③ Notify human agent
notify
🧑‍💼 Human Agent
Not Qualified
🤝
Self-serve Concierge
Non-qualified visitors stay
in self-serve flow
Low confidence score
👥
Human Review Queue
① Queue for sales ops
② Give user nearest
   probability reference
Review feeds back to rubric
// key design decisions
Rubric-based scoring (not black-box AI) Lead score + confidence signal + rules engine. Qualification decisions are auditable and reduce LLM misclassification risk.
Confidence-gated human review Low-confidence cases queue for sales ops review. Review outcomes feed back into rubric refinement, improving accuracy over time.
Consent-first handoff Agent captures consent and packages a summarised conversation + intent before escalating — improving consultant efficiency and user trust.
Idempotent integration Webhook validated via IP allowlist and idempotency check on session ID + phone number. Retry-safe by design.
// case study architecture · 04

Event-Driven POS Integration

F&B · Serverless · Event-driven · Real-time order lifecycle notifications

👨‍🍳 Kitchen Staff
Trigger Order Ready
↓ into POS
🧑 User
Place Order
Client System
POS
🖥️
Kiosk / POS
Order entry + routing
Sends webhook events
📟
KDS
Kitchen Display System
Order visible to staff
degraded path
📱
SMS Fallback
When digital delivery fails
webhook events
Status 400
Integration Layer
🔌
Webhook Ingestion
endpoint
🔒
Validation
① HMAC signature
② Idempotency (primary key)
③ Order type: received/ready
async · order ready event
🔔
Order Ready
notification sent async
to customer
🔄
Data Transform
Normalise to schema
Map to platform model
👤
Create / Update
Customer record (UUID)
+ Order record
📬
Order Received
notification sent
to customer
// key design decisions
Retry-safe webhook ingestion 4xx for invalid payloads (no retry). 5xx for transient failures (retry with backoff). Idempotency key on primary order ID prevents double-processing.
Explicit order event semantics Order type (received/ready) classified at validation. One pipeline handles both — simplifying extension to future order states.
Async notifications as side effects Notifications don't block the ingestion response to POS. Messaging failures can't cascade into order processing failures.
SMS fallback for degraded scenarios KDS → SMS path ensures customer communication continues during provider outages. Clear operational fallback path.