Every client build leaves behind small, sharp tools that don’t belong to any one project — a sort-code validator, an AIS mock, a tamper-evident audit log. We clean them up and open-source them under MIT. Ten so far, all TypeScript, all on GitHub.
Modulus checks, Luhn validation and CPA-005 file formats aren’t where anyone’s competitive edge lives — but everyone rebuilds them, usually badly, usually under deadline. Publishing ours means our clients start a notch ahead, and the wider community stops reinventing the same regulated plumbing. It’s also the most honest portfolio we have: read the code.
A local, dependency-free mock of Plaid's account-information (AIS) API — accounts, balances, auth, identity, transactions, institutions and income, with seedable data for tests.
Validate UK sort code + account number combinations using the official Pay.UK / VocaLink modulus-checking rules. TypeScript, zero-dependency, all 34 official test cases passing.
Luhn check, card-network detection (Visa, Mastercard, Amex, Discover, Diners, JCB, Maestro, UnionPay) and CVV / expiry validation. TypeScript, zero-dependency, PCI-friendly.
Canadian EFT toolkit: validate and convert account identifiers (transit / institution / account), parse cheque MICR, validate Interac aliases, and build / parse AFT files (Payments Canada CPA-005).
An open, machine-readable dataset of payment-rail capabilities — limits, cut-offs, settlement and identifiers across UK, EU, US and Canada — with typed accessors and a source for every fact.
A tiny decision-table and scorecard evaluator with explainable, auditable output. Fixed operators, custom predicates and a safe expression language. TypeScript, zero-dependency.
Compliance-as-code: check a declarative manifest against FCA Consumer Duty / CONC, CFPB and FCAC rule packs in CI. Each rule maps a control to a check. (Not legal advice.)
Tamper-evident, append-only audit logging for Node — a SHA-256 hash chain (optional HMAC), RBAC-aware events, built-in PII redaction and pluggable sinks. Built to survive an audit.
Mask PANs, sort codes, account numbers, IBANs, emails, phones, DOBs, NI numbers and SSNs out of strings and log objects. Configurable strategy, with pino & winston adapters.
Privacy-first device-signal collector: enumerate and normalise device / browser signals into a canonical schema and send them to an endpoint that mints a NUID. Consent-aware by design.
We’d love to hear about it — and if you need the team that wrote them to build the rest, that’s what we do.