HIPAA-aware clinical notes with AI transcription, voice-to-edit
flows, and dynamic SOAP templates, built as an intern at Soaper.
AES-GCM-256end-to-end encryption
5Stripe webhook events
115+pytest cases
Secured audio data end-to-end with AES-GCM-256 via the WebCrypto
API. Keys are non-extractable and bound to Firebase UID, so even a
storage breach exposes nothing.
Wired Stripe subscriptions to 5 webhook events with usage-based
note quotas and a referral system, giving the product a real
billing layer from day one.
Covered 115+ pytest cases across endpoints, Stripe integration,
auth flows, and edge cases using Firebase and Stripe mock
fixtures.
Shipped full-stack features across a React/TypeScript and
FastAPI stack; optimized API layer to reduce p95 response times
from 140ms to under 20ms and cut frontend latency by 25%.
Led end-to-end Surescripts e-prescribing certification across
20+ NCPDP SCRIPT test scenarios; identified and resolved
critical bugs in prescription routing, renewal response
handling, and async message processing to achieve full
certification for a live EMR.
Designed and implemented a multi-parameter radiology search
feature using indexed PostgreSQL queries over 120K+ rows,
accelerating data entry workflows by 40%.
Built and maintained backend services — EC2 deployments via
systemd, Celery task queues for async prescription workflows —
shipping 15+ production features alongside physicians and
clinical staff.
Infrastructure QA Engineer Intern at NYC Department of Education
May 2025 – Aug 2025
Deployed and validated server and network infrastructure across
10+ NYC public schools; developed standardized walkthrough
checklists that reduced post-deployment support tickets by 25%.
Built Python automation scripts for server rollouts and on-site
diagnostics across 5 boroughs, cutting per-school setup
verification from 90min to 25min.
Projects
What I've built.
Live
Scorva
Started as a way to combine two things I care about, sports and
building, and ended up being the most complex thing I've shipped.
31REST + SSE endpoints
4M+total rows
~75%faster cache responses
1800+tests via Jest + Vitest
17AI tools
Designed a normalized PostgreSQL schema across 13 related tables
serving 4M+ rows; built a REST API layer handling
multi-sport queries with under 30ms average response times.
Built an agentic AI chat assistant using GPT-4.1-mini with a
multi-turn tool-calling loop across 17 tools; uses pgvector
semantic search (RAG) over text-embedding-3-small embeddings of
game summaries for natural-language game retrieval, live stats,
player comparisons, and web search; streams responses via SSE
with automatic page-context injection and rolling conversation
summarization.
Architected a two-tier live sync system: a 15-second polling
cycle for scoreboards and a 2-minute cycle for full box scores,
pushed to the browser via PostgreSQL LISTEN/NOTIFY over SSE with
automatic REST fallback on connection failure.
Designed tiered Redis caching (30s–30d TTLs) across 17 endpoints,
reducing average response time by ~75% (up to 95%); implemented
auth with Google OAuth popup flow, JWT middleware, Supabase
signup webhook, and two-step cascading account deletion.
A recovery-first fitness tracker that monitors muscle fatigue in
real time and uses AI to recommend what to train next.
~64%faster cached responses
96-hourrolling fatigue window
237Vitest + Playwright tests
Built a real-time recovery engine computing per-muscle fatigue
from a 96-hour rolling window — volume-adjusted decay curves,
cumulative fatigue stacking, and HSL-interpolated SVG body maps.
Cached in Redis (5-min TTL), cutting ~80% of redundant DB reads.
Designed a cache-aside architecture across 6 Redis namespaces
with 3 TTL tiers (5 min → 1 hr → 24 hr), reducing API response
times ~64% on cached paths. Graceful degradation — 100%
availability when Redis is unavailable.
Streamed AI suggestions via NDJSON with chunk-boundary-safe
parsing, integrated Groq Whisper for voice logging, and enforced
Redis-backed cooldowns and rate limiting (10 req/hr), cutting
redundant AI calls ~90%.
Dual-path auth — sub-ms JWT extraction for reads, full server
validation for mutations — reducing read-path overhead ~95%
while keeping writes secure.
Everything you need to stay connected to your faith, fast, free,
and in one place.
12API endpoints
6external integrations
380+tests passing
Architected and shipped a full-stack Islamic companion iOS app
(React Native/Expo 54, Express/TypeScript) as a solo developer —
34K+ lines of TypeScript across 170+ files, published to the App
Store with automated OTA deployments via GitHub Actions and EAS
CLI
Engineered a multi-tier API caching proxy layer handling 3
external API integrations (Aladhan, Google Maps, OpenAI) with
TTL-based in-memory caching (5min–24hr), in-flight request
deduplication, coordinate bucketing, stale-on-error fallback,
and retry with exponential backoff — reducing upstream API calls
by an estimated 80%+
Shipped 7 user-facing screens with 60fps Reanimated animations,
FlashList virtualization, 123+ accessibility annotations across
25 files, dark/light/system theming with flash-free hydration,
and a marketing landing page at sirat.dev with automated GitHub
Pages deployment
