Building POPIA-compliant, Azure-deployed systems with ASP.NET Core 8, React, and Clean Architecture — including a tool published on the GitHub Marketplace.
Junior .NET Fullstack Developer specialising in ASP.NET Core 8, React, and Clean Architecture. I build production-grade systems — a SAPS/ITAC-compliant scrapyard platform, a POPIA-audited hospital management system, and a cloud-deployed library platform on Azure App Service. I care about real-world constraints: compliance, performance, and maintainability.
Academic foundation and continued learning
Diploma in Information Technology
Nelson Mandela University
Dec 2025
AI Fluency Framework & Foundations
Anthropic
Mar 2026
Claude 101
Anthropic
Mar 2026
Zapier 101 — The Ultimate Automation Course
Udemy
Feb 2026
Angular 20 & ASP.NET Core Web API
Udemy
Oct 2025
Python Data Science: Data Prep & EDA
Udemy
Sep 2025
Data Analyst Bootcamp: Python, Excel, Power BI & SQL
Udemy
Oct 2025
Introduction to Cybersecurity
Cisco Networking Academy
Oct 2023
C# Programming Award
Nelson Mandela University
Apr 2024
Student Merit Award
Nelson Mandela University
2024 & 2025
Technologies I work with to build exceptional applications
Production-deployed systems built for real users
SAPS/ITAC-compliant scrap metal platform — 6-step digitised ticket workflow (vehicle arrival → weighing → grading → tare → payment → completion) eliminating paper-based processing. Real-time SignalR inventory across multi-site yards. 5-role RBAC with JWT. Webhook automation engine using HMAC-SHA256 signed payloads integrating with Zapier/n8n. Weighbridge via Web Serial API. Offline-first PWA. Deployed Vercel + Render with GitHub Actions CI/CD.
Live
Azure-deployed hospital management MVC app with 7-role RBAC and policy-based authorization. Solely owned the cloud pipeline: Azure App Service, Azure SQL, GitHub Actions CI/CD with OIDC workload identity federation (zero stored credentials). POPIA audit trail via EF Core SaveChangesInterceptor — before/after JSON snapshots across 25+ entities with soft-delete on every table.
Live
Clean Architecture REST API — 35+ endpoints across 7 controllers — with JWT refresh rotation, fixed-window rate limiting, and SignalR group-based notifications. Resolved a JWT refresh race condition using a subscriber queue pattern. Eliminated N+1 queries with eager-loaded GetAllAsync() + .Include(). PostgreSQL health check probes (/health/ready, /health/live) used as Azure liveness and readiness probes.
Live
Internal IT support ticket API demonstrating enterprise .NET patterns: MediatR 12 CQRS with typed pipeline (IdempotencyBehavior → LoggingBehavior → ValidationBehavior → PerformanceBehavior), Result<T> pattern, EF Core SaveChangesInterceptor audit trail, SLA tracking engine (Critical 2h / High 8h / Medium 24h / Low 48h), per-IP rate limiting, and JWT 3-role auth. Deployed to Azure App Service with GitHub Actions OIDC — zero stored credentials.
Live
PDF RAG system with hybrid BM25 + dense vector retrieval (BAAI/bge-large-en-v1.5, top-5 MTEB), Reciprocal Rank Fusion, and cross-encoder reranking. Validated on a 20-question RAGAS test set: Faithfulness +25%, Answer Relevancy +24%, Context Recall +29%, Context Precision +31% over cosine-similarity baseline.
Live
Agentic AI assistant with a custom LangGraph StateGraph — not create_react_agent — for direct control over tool binding. bind_tools(parallel_tool_calls=False) prevents the Groq/Llama failed_generation error in production. RAG injected as system message context for reliability. PostgreSQL cross-session memory, LangSmith observability. Deployed at $0/month.
Live
Free AI agent monitoring dashboard — OpenTelemetry-style waterfall traces, real-time latency/cost/pass-rate metrics, agent health grid, CSV/JSON log export. ZAR-denominated cost tracking. No API keys. SQLite auto-seeds on HuggingFace Spaces ephemeral storage. Docker-deployed on HuggingFace Spaces free tier.
Live
Freelance project for a real Richards Bay construction company with 17 verified 5-star Google Reviews. WhatsApp Business integration with pre-populated message templates matched to the client's actual communication channel. SEO-optimised, responsive React/TypeScript/Tailwind site deployed to Netlify.
Live
Instagram Stories clone demonstrating browser storage patterns: localStorage with Base64 encoding via the FileReader API, time-based 24-hour expiry, and automatic cleanup on load. The localStorage vs IndexedDB trade-off explored here directly informed the offline-first IndexedDB strategy in ScrapFlow's PWA.
Live
Production e-commerce storefront with Paystack ZAR checkout, cart, wishlist, promo codes, and admin dashboard. Zustand with persist middleware for cross-session state. TanStack Query v5 shared cache. URL-synced filters and accessibility-first: skip-to-main, ARIA labels, keyboard navigation, aria-live toast notifications.
Real differentiators built from shipping production systems
Built POPIA-compliant audit trails and SAPS/ITAC-compliant ticketing systems — understanding legal and regulatory constraints as architectural requirements.
Production deployments across Azure App Service, Render, Vercel, and Supabase — with GitHub Actions CI/CD and OIDC workload identity.
Every production project follows separation of concerns across API / Core / Infrastructure layers, applied consistently across live deployed systems.
SignalR WebSocket hubs, HMAC-signed webhook engines, and low-code integrations with Zapier, n8n, and Power Automate.
Not a methodology. Four real things I've learned from shipping systems that have to stay up, stay compliant, and stay maintainable.
On WardCare+, POPIA wasn't a checkbox — it was an EF Core SaveChangesInterceptor capturing before/after JSON snapshots on every INSERT, UPDATE, and DELETE across 25+ entities, with soft-delete on every table. Designed into the architecture from day one, not bolted on.
SignalR on ScrapFlow means all connected yard operators see live stock changes the moment a ticket completes — no polling, no manual refresh. On LibraryOS, a background service probes active loans daily and pushes due-date alerts via WebSocket groups. I reach for real-time when the latency actually matters.
LibraryOS had a JWT refresh race condition: parallel Axios requests were each triggering a refresh, invalidating each other's tokens. I fixed it with a subscriber queue — the first request owns the refresh, all others queue and resolve against the same result. Retrying the symptom would have masked it indefinitely.
WardCare+'s GitHub Actions pipeline uses OIDC workload identity federation to authenticate to Azure — no secrets stored in GitHub, no rotation risk. Every release is a single push to main. This is the kind of decision that looks like extra work upfront and saves the team from a credentials breach later.
I bring production experience, SA domain knowledge, and a bias for shipping working software. Let's talk.