Work / Bharat-First / SevaSetu
Capstone · Bharat-First · Local Servicesसेवा सेतु A bridge of trust for India's service workers.
290 million unorganised workers on the e-Shram register. The customer side still runs on a shopkeeper's phone number and word of mouth. SevaSetu is the open trust layer the closed super-apps will not build: verified providers, UPI in one tap, ONDC catalogue from day one.
Act I · The Market
A nation that runs on service work,
without a shared trust layer.
-
Issue · 01
Discovery is a phone number on a shop wall.
290 million unorganised workers on e-Shram. The customer still asks the kirana, the watchman, the WhatsApp group. There is no neutral surface where a verified plumber meets a customer in the next gali.
-
Issue · 02
Closed super-apps lock both sides into one graph.
Urban Company, Housejoy and JustDial each solve one slice. The provider's rating, the customer's history, the booking record · all trapped inside a single private database.
-
Issue · 03
Trust costs more than the service itself.
Aadhaar, PAN, GSTIN exist. UPI exists. Yet most local-services apps fake the verification or skip it. The customer eats the fraud risk; the provider eats the cancellation.
-
Issue · 04
Settlement is a screenshot, not a receipt.
The cash gets paid, the photo gets sent, the booking has no audit trail. When a dispute arrives, both sides have a story and neither has a record.
Act II · The Promise
Real algorithms. Real protocols. Honest about what is simulated.
Every UI surface that performs a simulation says so. The KYC checksums, the UPI deeplink, the Beckn 1.1 envelope, the GSTIN Mod-36 algorithm · all real. Going live on ONDC is a single-file replacement of the cryptographic signer.
Stamp · 01
Aadhaar · Verhoeff
The real UIDAI Verhoeff checksum, including the no-leading-0/1 rule. Only last-4 plus salted SHA-256 ever stored.
Real algorithmStamp · 02
PAN · Format + Entity
Format regex plus 4th-character entity-type detection: P, C, H, F, A, T, B, L, J, G. Validates before the wire path.
Real algorithmStamp · 03
GSTIN · Mod-36
The exact Mod-36 checksum the GSTN uses. A malformed identifier never reaches the network.
Real algorithmStamp · 04
UPI · BHIM deeplink
Real `upi://pay?...` deeplink. Works on every UPI app on every device. Settlement webhook is the only simulated leg.
Real deeplinkStamp · 05
Beckn 1.1 · ONDC RET11
Real context envelope, RET11 codes, catalog shape, signature header structure. Only the Ed25519 signer is simulated.
Real protocolStamp · 06
Better-Auth · scrypt
scrypt N=16384, r=16, p=1, dkLen=64. HttpOnly + SameSite + `__Secure-` cookies. No mock auth anywhere.
Real authAct III · The Product
One Next.js binary. Open ONDC pipe on the other side.
Server Components by default. The map is the only heavy client component. PGlite WASM gives real Postgres semantics with no managed-DB bill. Every cold start re-seeds 60 providers across 12 cities so the demo always looks alive.
-
01
The customer browses.
Server-rendered shopfront. Bilingual EN/HI from a server-resolved cookie. Bounding-box filter on the live map runs an in-process Haversine, swappable for PostGIS at nationwide scale with one schema change.
(app)/browse · loading.tsx · streamed -
02
The provider verifies.
Aadhaar Verhoeff, PAN entity check, GSTIN Mod-36 all run client-side first. Network simulation only ever sees a well-formed identifier. Every transition writes to
audit_logwith actor, IP and metadata.POST /api/kyc/{aadhaar|pan|gst} -
03
The booking locks.
UPI deeplink generated against the provider's VPA. Booking transitions to pending, then confirmed on the simulated NPCI collect-and-settle webhook. Every state change is auditable.
POST /api/upi/collect → /api/upi/settle -
04
The catalog opens to ONDC.
The same providers, same services, same prices, exposed through the Beckn 1.1 BPP.
search,select,init,confirm,status,on_*· the full RET11 contract surface. Drop in a registered Ed25519 keypair to go live.POST /api/ondc/search · on_search callback
Act IV · Proof
It already runs. One image. Scale-to-zero.
Live · Cloud Run · asia-east1
sevasetu.dmj.one
Single Cloud Run instance pinned for PGlite session consistency. Free-tier deployment. 250 MB image. Non-root `nextjs:nodejs`. TLS to a custom Cloudflare CNAME.
15-table schema · 27 API routes
drizzle/ · /api/*
Users, sessions, providers, services, bookings, reviews, favorites, audit_log. Foreign keys, indexes, pgEnum, doublePrecision lat/lng. Zod validators at every boundary.
WIF deploy · zero JSON keys
.github/workflows/deploy.yml
Workload Identity Federation between GitHub and GCP. No service-account key in the repo. Cloud Build → Cloud Run → curl smoke against /, /pitch, /browse, /api/health.
DPDP-aware data path
last4 + salted SHA-256
Aadhaar never stored in plain text. PII never in URLs, logs, or error responses. "Download my data" and "Delete account" cascade through the schema in one transaction.
WCAG 2.2 baseline · keyboard-first
Radix UI · Tailwind v4
Focus rings on every control. Booking flow fully reachable by keyboard. AA contrast in light and dark themes. ~30 KB of CSS shipped.
Pitch deck · self-hosted
/pitch
25 slides, arrow-key navigation, no JavaScript framework. The deck and the product ship in the same container.
The Stack
One full-stack engineer. Production posture from line one.
- Next.js 15 (App Router)
- React 19
- TypeScript strict
- Tailwind CSS v4
- Radix UI · 22 primitives
- Drizzle ORM
- PGlite (Postgres WASM)
- Better-Auth 1.1
- Zod (every boundary)
- Leaflet · OpenStreetMap
- Beckn 1.1 / ONDC RET11
- Cloud Run · WIF
- Workload Identity Federation
- Docker (3-stage, non-root)
Need a partner who can ship · or a mentor who can guide a team to ship the same way?
Both lead to the same email. Whether it is a single Bharat-First product or a capstone you want graded by what is in production, the conversation starts the same way.