Skip to content
Asmar.
§ CS-01 — Ghasi AI Intake OS

Ghasi AI Intake OS

In development · pre-launch

  • · AI-first by design
  • · Offline-first by design

Domain-agnostic, multi-tenant, AI-first intake operating system for government and regulated industries. One engine, two surfaces, many domain packs.

Period
2025 — present
Domain
GovTech / Regulated B2B + B2C
Stack
  • API Gateway · IAM
  • Per-surface BFFs
  • Relational + Vector
  • Event Bus
  • AI Gateway · Multi-LLM
  • DDD · Outbox
The brief

Public-sector intake — visas, permits, claims, registrations — runs on spreadsheets, paper, and bespoke portals. Each agency rebuilds the same plumbing: forms, eligibility rules, document handling, identity, audit.

Intake OS replaces that plumbing with a single multi-tenant engine and domain packs that can be swapped per agency.

The platform is AI-first and offline-first by design, not by integration. AI-assisted extraction, eligibility assessment, and document analysis run through a single AI Gateway with provenance metadata attached to every output. Field and provincial offices work offline with a local outbox that reconciles when connectivity is restored — a hard requirement for government programs operating in regions with unreliable infrastructure.

Architecture at a glance

The layers, ports, and integration patterns are real — drawn from the live architecture baseline. Service names, identity providers, and external vendors are anonymized or labelled by role so the diagram reads as the posture, not as a deployment manifest. Hover any layer label on the left for context; right-edge annotations call out the load-bearing decisions.

Decisions & tradeoffs

  1. 01

    TypeScript-first stack across services and clients.

    CostCeiling on CPU-bound workloads.

    WinOne language, one type system, one toolchain.

  2. 02

    Clean Architecture / DDD with the domain layer in pure TS.

    CostMore files, more interfaces.

    WinEvery adapter (DB, queue, LLM) is replaceable without touching domain.

  3. 03

    Multi-tenancy enforced at three layers — domain, row-level security at the relational layer, tenant header on every event envelope.

    CostTenant context plumbing in every request.

    WinNo cross-tenant data leak is structurally possible.

  4. 04

    LLM provider abstracted behind a single AI Gateway port.

    CostA small adapter to maintain per provider.

    WinThe business decision of "which model" doesn't ripple into application code.

  5. 05

    Outbox pattern for every state-changing event.

    CostExtra table per BC, relay process.

    WinExactly-once-effective delivery without distributed transactions.

Outcome & scope
  • First bounded context (IAM) wired with full DDD layout, OTel spans, OpenAPI, signed container, CI gates green.
  • Spec-first: every BC has an implementation blueprint that CI verifies against the live OpenAPI (drift detection on every PR).
  • Sprint-1 wave: full IAM aggregates, ethical-wall checker, outbox relay.
  • Approaching pre-launch deployment for first pilot agency.
My role

Founder, lead architect, and primary contributor. I authored the spec, the architecture baseline, the BC map, the implementation blueprint template, and the IAM service end-to-end.

What I'd do differently

The provider port abstractions in V1 are slightly leaky — the LLM port exposes streaming primitives that should live a layer up in the application service. Refactor planned for Sprint 2.

← All case studies

Designing something similar?

Start a conversation →

Explore other work

CS-02

Ghasi eHealth

Enterprise eHealth platform — clinical, diagnostics, pharmacy, imaging, RCM, patient engagement. FHIR R4-first, multi-tenant, event-backed. Designed for national-scale rollout.

Healthcare / Public Sector

CS-03

Ghasi edTech

Multi-tenant, multilingual (LTR + RTL), AI-first, offline-first learning platform: marketplace + LMS + authoring suite + compliance engine. 18 bounded contexts. SCORM/xAPI. WebGPU local inference.

EdTech / Compliance

CS-04

Ghasi Melmastoon

Multi-tenant property management system for hospitality. 21 services planned, sharing a common pattern with the rest of the Ghasi suite — same DDD posture, same outbox discipline, different domain.

Hospitality / PMS

CS-05

Ghasi SMS Gateway

Lightweight SMS messaging gateway. Bounded-context companion to the Ghasi suite — one job, done well, integrable from anywhere in the platform.

Communications Infrastructure

CS-07

Microservices → BFF Decomposition

Decomposing a 15-service distributed estate plus three databases on on-prem infrastructure into a Backend-for-Frontend architecture — one BFF per experience, talking to a shared data platform and shared services behind a single identity provider.

FinTech / Wealth Management

CS-08

User Manuals & Training Portal

A secured, searchable, filterable user manual and training portal — leveraging GCP Cloud Storage for content, Articulate Rise 360 for training modules, SharePoint lists for metadata, a .NET API in front, and a React frontend over a protected sub-domain.

FinTech / Wealth Management