← Projects

Alahubs

Lifestyle platform with habit tracking, biometric health and AI meal planning. Beta with 2500+ users, Socket.IO in production and two payment processors.

2023LiveFounder & Full-Stack ArchitectSaaSHealthSocialMarketplace
  • NestJS
  • Next.js
  • PostgreSQL
  • Redis
  • OpenAI
  • Socket.IO
  • Stripe
  • Mercado Pago
  • AWS S3
  • Docker
  • Kubernetes
2500+ users
150k+ events/day
<200ms real-time
40+ models

Impact

  • Eight interconnected domains: habits, biometric health metrics, AI-powered meal planning, encrypted storage and social feed. All modeled across 40+ PostgreSQL tables with separate subscription tiers.
  • Real-time inference via Socket.IO with Redis adapter across multiple instances. Five dedicated workers handle notifications, meal generation, queue processing and job recovery. Sub-200ms latency in production.
  • Stripe and Mercado Pago unified into a single payment model with idempotency keys to prevent double-charging. Conversion tracking via Meta Ads with browser fingerprinting and UTM parameters captured at signup.
  • AES-256 field-level encryption for biometric data. Service Worker with file system access and offline support. Feature adoption and monetization analytics across six visualization libraries.

KPIs

Database Models
40+
Real-time
Socket.IO + Redis
AI Integration
OpenAI Assistant
Payment Processors
Stripe + Mercado Pago
Worker Processes
5 dedicated
Data Viz Libraries
6 (D3, Recharts+)
PWA Coverage
Offline-first

Traction & Growth

Active Users
8
Paying Customers
0
Monthly Price
Not yet launched
MRR
Pre-launch
Acquisition Channel
Closed beta
Beta with invited users. No marketing or revenue yet. Focus on validating core features before public release.

Architecture

alahubs-architecture

Key Decisions

  • Checkout as a separate service: More complex to deploy, but payment failures and scaling stay isolated from user operations. Stripe and Mercado Pago can evolve independently.
  • OpenAI Assistant API for meal generation: Slightly higher latency than raw completions, but thread-based context enables multi-turn conversations and function calling for nutritional calculations without manual prompt engineering.
  • Redis pub/sub for real-time instead of event sourcing: Simpler to operate, but requires careful idempotency. 30s polling for meal generation avoids thundering herd during usage spikes.
  • node-cron workers embedded in the NestJS server: No separate worker fleet, no extra operational overhead. The tradeoff is coupling: all workers go up and down with the server.

Hard Problems

  • Coordinating Socket.IO across multiple instances: events from one instance need to reach clients on others. @socket.io/redis-adapter solves it via pub/sub, but requires standardized broadcasting and careful connection pooling. Result: sub-200ms latency even on distributed deployments.
  • The OpenAI Assistant API doesn't support typed function returns directly. We defined structured schemas in function definitions, parsed tool_call JSON responses with validation and built a multi-step pipeline with status tracking in MealGenerationQueue.
  • Stripe charges in USD with a subscription model; Mercado Pago processes BRL with an orders API. An abstraction layer in the checkout service maps both to an internal model with a provider enum. Idempotency keys prevent double-charging on retries.
  • The biometric decryption key lives only in runtime memory, never in the database. bcrypt for master key hashing, AES-256 for field encryption. Database-level constraints prevent plaintext from being written.
  • Meta fbp/fbc tokens expire and UTM parameters get lost in redirects. FingerprintJS persists the fingerprint to localStorage and Redux; the Leads model captures fbp, fbc, GCLID and utm_source at signup to reconstruct the full attribution chain.

Ops & Runbook

  • Prisma migrations with shadow database. Indexes on [userId, habitId, date] for habit records and [senderId, receiverId] for friendships. Daily automated snapshots to S3 via CloudWatch.
  • Redis with replication to backup instance. On primary failure, 30s graceful degradation with buffered messages. Manual failover: redis-cli SLAVEOF.
  • Workers with Docker health checks. On failure, Kubernetes restarts the container. Jobs stuck in status=processing detected every 5min and requeued.
  • Nightly cron compares Stripe invoice ledger with local SubscriptionPayments. Discrepancies trigger Slack alert. MRR calculated from active subscriptions.
  • OpenAI usage tracked in FeaturesUseRecords. Alert at 80% of monthly quota. If quota exceeded, meal generation queues with a user notification.

Security & Privacy

  • Biometric data encrypted with AES-256 at the field level. bcrypt for master key, separate IV. Plaintext is never written to the database.
  • Short-lived JWTs (15min) with refresh tokens rotated on each use. Guards via @Auth() decorator with role evaluation via reflectors.
  • Password reset tokens: TTL 1 hour, single-use, rate-limited to 5 requests per hour per IP via ThrottlerModule.
  • Card numbers never stored. CustomerCard holds only token and last 4 digits. PCI compliance via Stripe and Mercado Pago.
  • Socket.IO connections validated via JWT middleware. Signed CloudFront URLs for S3 access.

What I'd Improve Next

  • Replace node-cron with Bull or RabbitMQ for proper queue visibility, retries and failure tracking.
  • A GraphQL layer would allow batching requests like meal generation and habit completion into a single call.
  • Event sourcing would enable temporal queries and a complete audit trail of user actions.
  • ML-driven habit recommendations based on behavioral clustering and OpenAI embedding similarity.