Back to Case Studies
LIVE IN PRODUCTION · FULL-STACK

FavourBee: shipping a production trust platform, solo

Mutual aid breaks two ways: money excludes the people who need help most, and public review systems are gameable and punitive. FavourBee's bet is a third path — earned, hard-to-fake trust instead of currency or ratings.

This is an engineering case study: a free mutual-aid network, built and deployed end-to-end by one developer — auth, data model, a Sybil-resistant trust graph, an emulator-tested authorization layer, and full Canadian privacy-compliance tooling. Live at favourbee.ca .

Solo

built end-to-end

16

Cloud Functions

218-line

emulator-tested rules

EN / FR

bilingual PWA

Architecture

CLIENT (PWA)React · TypeScript · Viteoffline · web push · EN/FRtrust graph (advisory gate)callableCLOUD FUNCTIONS (16)auth · invites · email · pushexport · erase · platform statsMontreal region · rate-limitedFIRESTOREmulti-tenantreal-timedata residencySECURITY RULES — the real authorization model (218 lines, emulator-tested)multi-tenant · anti-coup governance · integrity fields server-locked · write-once confirmationsAUTHpasswordless link · TOTP MFA

A thin client over callable Cloud Functions, with the integrity-critical logic enforced in tested security rules — not trusted to the browser.

Four hard problems, four decisions

What the build actually required — and how each was solved.

1Sybil-resistance without currency

Admission is a web-of-trust: a member is reachable only through earned vouches from already-trusted members, anchored on Hive coordinators. A bounded, hop-limited multi-source traversal computes the trusted set and fails closed at a node budget.

Unit-tested against a 10,000-fake-account flood: leakage stays bounded by the number of attacker vouch edges, not the number of accounts created. Same Sybil-resistance principle as Cairn — implemented clean-room in TypeScript.

2The authorization model is the product

All the integrity-critical logic lives in a 218-line Firestore security-rules model, not in client code: multi-tenant (one identity, many Hives), owner-only coordinator promotion (anti-coup), standing and verified flags that can never be self-written, and confirmations that are write-once by the real receiver.

Covered by a Firebase emulator test suite — the rules are tested, not assumed. This is where most "shipped" Firebase apps cut corners.

3Privacy & safety by design

Geo is opt-in and coarsened (~110 m, distance-only display). Safety concerns route privately to coordinators — there is no public review wall to game or weaponize. High-stakes favours gate on a Vulnerable-Sector-Check attestation.

Full PIPEDA / Quebec Law 25 tooling: subject-access data export, right-to-erasure that anonymizes others’ surviving records, a consent trail, CASL one-click signed unsubscribe, and data residency in Montreal.

4Production hardening, end to end

Passwordless email-link sign-in plus TOTP MFA. A self-healing PWA service worker recovers from stale caches. A custom bilingual prerenderer emits 26 crawlable static pages with per-page SEO and hreflang.

Pragmatic platform calls with documented rationale — callable functions over Firestore triggers (Eventarc isn’t supported in the Montreal region), and a dedicated email sender over the spam-prone default.

Honest status

FavourBee is live in production but pre-adoption. The honest risk isn't the software — it's whether a host community and real people use it. The platform is built; traction is the open question.

Enforced

Admission boundary, standing integrity, and authorization — server-side in tested rules.

Advisory

The serve-rate fairness throttle currently runs client-side as an advisory gate.

Simulated

Fairness metrics come from an economic simulation, not production measurement — labeled as such.

Stating exactly what is enforced vs. advisory vs. simulated is deliberate — the same results-not-claims discipline that runs through all of this work.

What it demonstrates

Full-stack, shipped

A real product taken from data model to deployment by one person — not a prototype.

Security-first

Authorization, multi-tenancy, and anti-abuse treated as the core, and tested — not bolted on.

Compliance & i18n

PIPEDA / Law 25 / CASL tooling and a bilingual surface, built in from the start.

React + TypeScript + ViteFirebase Cloud Functions (16)Cloud FirestorePasswordless + TOTP MFAReal-time subscriptionsWeb Push (FCM)PWA / offlineBilingual SSG (EN/FR)PIPEDA / Law 25 / CASL

Why this one matters to me

I built FavourBee out of my own lived experience of needing help and a community to lean on. It's proof to myself that verifiable trust can serve real people, not just institutions — and the reason the rest of this work exists.

See it, or talk shop

The product is live; the engineering above is the point. Open to senior engineering roles, research collaborations, and partnerships.