DEV Community: Duncan Maina The latest articles on DEV Community by Duncan Maina (@maina-duncan). https://dev.to/maina-duncan https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3397821%2F45f77e59-0627-4212-94c9-5a79d206d7a9.jpg DEV Community: Duncan Maina https://dev.to/maina-duncan en Why I Built a Custom E-Commerce Platform for My Store using Angular & Firebase Duncan Maina Thu, 26 Feb 2026 06:34:57 +0000 https://dev.to/maina-duncan/why-i-built-a-custom-e-commerce-platform-for-my-store-using-angular-firebase-49m4 https://dev.to/maina-duncan/why-i-built-a-custom-e-commerce-platform-for-my-store-using-angular-firebase-49m4 <p>When running a digital Shop, your storefront is your first impression. While platforms like Shopify or WooCommerce are great for standard retail, selling digital solutions, custom software packages, and retainers often require a highly tailored checkout flow. </p> <p>Instead of fighting against the constraints of off-the-shelf website builders, I decided to build the <strong>Duncan Digital Solutions</strong> e-commerce platform entirely from scratch. </p> <p>Because this is the proprietary engine running my live business, the GitHub repository remains private. However, I want to pull back the curtain and share the architectural decisions, NoSQL data modeling, and security protocols I used to build a lightning-fast, serverless storefront using <strong>Angular</strong> and <strong>Firebase</strong>.</p> <h3> The Tech Stack </h3> <p>To ensure the platform was cost-effective, highly scalable, and real-time, I went with a fully serverless architecture:</p> <ul> <li> <strong>Frontend:</strong> Angular (utilizing Signals for reactive state management)</li> <li> <strong>Authentication:</strong> Firebase Auth (Google &amp; Email/Password)</li> <li> <strong>Database:</strong> Cloud Firestore (NoSQL document database)</li> <li> <strong>Backend Logic:</strong> Firebase Cloud Functions (Node.js)</li> <li> <strong>Hosting:</strong> Firebase Hosting with CDN caching</li> </ul> <h3> NoSQL Data Modeling for E-Commerce </h3> <p>Moving from a traditional SQL relational database to Firestore’s NoSQL structure requires a shift in mindset. You don't have SQL <code>JOIN</code> operations, so data must be structured for fast reads. </p> <p>Here is how I structured the three core pillars of the platform: <strong>Users</strong>, <strong>Products</strong>, and <strong>Orders</strong>.</p> <h4> 1. The Products Collection </h4> <p>Instead of heavily nesting data, products are kept flat so they can be queried instantly on the storefront.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">//</span><span class="w"> </span><span class="err">Collection:</span><span class="w"> </span><span class="err">/products/</span><span class="p">{</span><span class="err">productId</span><span class="p">}</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Custom Angular Web App"</span><span class="p">,</span><span class="w"> </span><span class="nl">"category"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Development"</span><span class="p">,</span><span class="w"> </span><span class="nl">"price"</span><span class="p">:</span><span class="w"> </span><span class="mi">50000</span><span class="p">,</span><span class="w"> </span><span class="nl">"currency"</span><span class="p">:</span><span class="w"> </span><span class="s2">"KES"</span><span class="p">,</span><span class="w"> </span><span class="nl">"isActive"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"features"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"Responsive Design"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Firebase Backend"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Admin Dashboard"</span><span class="p">],</span><span class="w"> </span><span class="nl">"createdAt"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Timestamp"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h4> 2. The Orders Collection (Denormalization) </h4> <p>In NoSQL, it is better to duplicate a little data than to require multiple reads. When a user checks out, I copy the product details <em>into</em> the order document. This ensures that if I change the price of a product next year, the historical order receipt remains completely accurate.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">//</span><span class="w"> </span><span class="err">Collection:</span><span class="w"> </span><span class="err">/orders/</span><span class="p">{</span><span class="err">orderId</span><span class="p">}</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"userId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"auth_uid_123"</span><span class="p">,</span><span class="w"> </span><span class="nl">"customerEmail"</span><span class="p">:</span><span class="w"> </span><span class="s2">"client@example.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PROCESSING"</span><span class="p">,</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="err">PENDING</span><span class="p">,</span><span class="w"> </span><span class="err">PROCESSING</span><span class="p">,</span><span class="w"> </span><span class="err">COMPLETED</span><span class="w"> </span><span class="nl">"totalAmount"</span><span class="p">:</span><span class="w"> </span><span class="mi">50000</span><span class="p">,</span><span class="w"> </span><span class="nl">"items"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"productId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"prod_889"</span><span class="p">,</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Custom Angular Web App"</span><span class="p">,</span><span class="w"> </span><span class="nl">"priceAtPurchase"</span><span class="p">:</span><span class="w"> </span><span class="mi">50000</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"createdAt"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Timestamp"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Bulletproof Security with Firestore Rules </h3> <p>Because the frontend talks directly to the database, security is the most critical part of this architecture. A malicious user could theoretically open the browser console and try to read other people's orders or change a product price to $0.</p> <p>To prevent this, I wrote strict <strong>Firestore Security Rules</strong> that act as an impenetrable firewall.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">rules_version</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">2</span><span class="dl">'</span><span class="p">;</span> <span class="nx">service</span> <span class="nx">cloud</span><span class="p">.</span><span class="nx">firestore</span> <span class="p">{</span> <span class="nx">match</span> <span class="o">/</span><span class="nx">databases</span><span class="o">/</span><span class="p">{</span><span class="nx">database</span><span class="p">}</span><span class="sr">/documents </span><span class="err">{ </span> <span class="c1">// 1. PRODUCTS: Anyone can read, only the Admin can create/update/delete</span> <span class="nx">match</span> <span class="o">/</span><span class="nx">products</span><span class="o">/</span><span class="p">{</span><span class="nx">productId</span><span class="p">}</span> <span class="p">{</span> <span class="nx">allow</span> <span class="na">read</span><span class="p">:</span> <span class="k">if</span> <span class="kc">true</span><span class="p">;</span> <span class="nx">allow</span> <span class="na">write</span><span class="p">:</span> <span class="k">if</span> <span class="nx">request</span><span class="p">.</span><span class="nx">auth</span> <span class="o">!=</span> <span class="kc">null</span> <span class="o">&amp;&amp;</span> <span class="nx">request</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">token</span><span class="p">.</span><span class="nx">admin</span> <span class="o">==</span> <span class="kc">true</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// 2. ORDERS: Users can only read and create their OWN orders</span> <span class="nx">match</span> <span class="o">/</span><span class="nx">orders</span><span class="o">/</span><span class="p">{</span><span class="nx">orderId</span><span class="p">}</span> <span class="p">{</span> <span class="c1">// User must be logged in and the ID on the order must match their Auth ID</span> <span class="nx">allow</span> <span class="na">read</span><span class="p">:</span> <span class="k">if</span> <span class="nx">request</span><span class="p">.</span><span class="nx">auth</span> <span class="o">!=</span> <span class="kc">null</span> <span class="o">&amp;&amp;</span> <span class="nx">resource</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">userId</span> <span class="o">==</span> <span class="nx">request</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">uid</span><span class="p">;</span> <span class="c1">// When creating an order, ensure they aren't spoofing the userId</span> <span class="nx">allow</span> <span class="na">create</span><span class="p">:</span> <span class="k">if</span> <span class="nx">request</span><span class="p">.</span><span class="nx">auth</span> <span class="o">!=</span> <span class="kc">null</span> <span class="o">&amp;&amp;</span> <span class="nx">request</span><span class="p">.</span><span class="nx">resource</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">userId</span> <span class="o">==</span> <span class="nx">request</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">uid</span><span class="p">;</span> <span class="c1">// Only Admin can update the order status (e.g., from PENDING to COMPLETED)</span> <span class="nx">allow</span> <span class="nx">update</span><span class="p">,</span> <span class="na">delete</span><span class="p">:</span> <span class="k">if</span> <span class="nx">request</span><span class="p">.</span><span class="nx">auth</span> <span class="o">!=</span> <span class="kc">null</span> <span class="o">&amp;&amp;</span> <span class="nx">request</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">token</span><span class="p">.</span><span class="nx">admin</span> <span class="o">==</span> <span class="kc">true</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><em>By enforcing <code>request.auth.uid == resource.data.userId</code>, the database physically rejects any attempt by a user to fetch an order receipt that doesn't belong to them.</em></p> <h3> Reactive Cart State with Angular Signals </h3> <p>Managing shopping cart state across multiple components (the navbar cart icon, the product page, and the checkout drawer) used to require complex RxJS <code>BehaviorSubjects</code>. By leveraging modern Angular Signals, the cart logic became incredibly clean and synchronous.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Injectable</span><span class="p">,</span> <span class="nx">signal</span><span class="p">,</span> <span class="nx">computed</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@angular/core</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Product</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../models/product.model</span><span class="dl">'</span><span class="p">;</span> <span class="p">@</span><span class="nd">Injectable</span><span class="p">({</span> <span class="na">providedIn</span><span class="p">:</span> <span class="dl">'</span><span class="s1">root</span><span class="dl">'</span> <span class="p">})</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">CartService</span> <span class="p">{</span> <span class="c1">// The core reactive state</span> <span class="k">private</span> <span class="nx">cartItems</span> <span class="o">=</span> <span class="nx">signal</span><span class="o">&lt;</span><span class="nx">Product</span><span class="p">[]</span><span class="o">&gt;</span><span class="p">([]);</span> <span class="c1">// Computed signals automatically update when cartItems changes</span> <span class="k">readonly</span> <span class="nx">items</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">cartItems</span><span class="p">.</span><span class="nf">asReadonly</span><span class="p">();</span> <span class="k">readonly</span> <span class="nx">cartCount</span> <span class="o">=</span> <span class="nf">computed</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="k">this</span><span class="p">.</span><span class="nf">cartItems</span><span class="p">().</span><span class="nx">length</span><span class="p">);</span> <span class="k">readonly</span> <span class="nx">cartTotal</span> <span class="o">=</span> <span class="nf">computed</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="k">this</span><span class="p">.</span><span class="nf">cartItems</span><span class="p">().</span><span class="nf">reduce</span><span class="p">((</span><span class="nx">total</span><span class="p">,</span> <span class="nx">item</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">total</span> <span class="o">+</span> <span class="nx">item</span><span class="p">.</span><span class="nx">price</span><span class="p">,</span> <span class="mi">0</span><span class="p">)</span> <span class="p">);</span> <span class="nf">addToCart</span><span class="p">(</span><span class="nx">product</span><span class="p">:</span> <span class="nx">Product</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">cartItems</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="nx">items</span> <span class="o">=&gt;</span> <span class="p">[...</span><span class="nx">items</span><span class="p">,</span> <span class="nx">product</span><span class="p">]);</span> <span class="p">}</span> <span class="nf">removeFromCart</span><span class="p">(</span><span class="nx">productId</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">cartItems</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="nx">items</span> <span class="o">=&gt;</span> <span class="nx">items</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="nx">i</span> <span class="o">=&gt;</span> <span class="nx">i</span><span class="p">.</span><span class="nx">id</span> <span class="o">!==</span> <span class="nx">productId</span><span class="p">));</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Now, binding the cart total in the navbar is as simple as <code>{{ cartService.cartTotal() }}</code>, and Angular's change detection handles the rest with zero performance overhead.</p> <h3> Conclusion </h3> <p>Building a custom e-commerce solution is not for the faint of heart, but the level of control it gives your business is unmatched. By combining Angular's strict, component-driven architecture with Firebase's scalable, serverless backend, the Duncan Digital Solutions platform is fast, secure, and perfectly tailored to sell high-end digital services.</p> <p>If you are an online shop owner, taking the time to build your own infrastructure is one of the best investments you can make in your brand's technical authority.</p> <p>Website link [<a href="https://duncandigitals.com/" rel="noopener noreferrer">https://duncandigitals.com/</a>]</p> angular firebase website webdev Building a Localized Legal Assistant with Angular, Firebase & Gemini Duncan Maina Wed, 25 Feb 2026 16:21:35 +0000 https://dev.to/maina-duncan/building-a-localized-ai-legal-assistant-with-angular-firebase-gemini-2if9 https://dev.to/maina-duncan/building-a-localized-ai-legal-assistant-with-angular-firebase-gemini-2if9 <p>Building AI applications for the legal sector presents a unique set of engineering challenges. General-purpose LLMs are notorious for hallucinating laws or confidently quoting United States federal law to users living in Nairobi or Kampala. </p> <p>To solve this, I built <strong>SheriaSenseEA</strong>, a localized AI legal assistant specifically engineered for East Africa (Kenya, Uganda, and Tanzania). </p> <p>Rather than relying on generic chat completion, this architecture utilizes strict System Prompting, forced frontend context injection, and multimodal document analysis to keep the AI strictly within the bounds of East African constitutional law.</p> <p>Here is a deep dive into how it is built using <strong>Angular</strong>, <strong>Firebase Cloud Functions</strong>, and the <strong>Gemini 2.5 Pro</strong> model.</p> <h3> The Architecture of Constraint </h3> <p>The biggest risk in LegalTech is the AI giving advice outside its jurisdiction or acting as a general-purpose chatbot. To prevent this, SheriaSenseEA employs a two-tier constraint system: Frontend Context Injection and Backend Refusal Protocols.</p> <h4> 1. Frontend Context Injection </h4> <p>Users switch between countries (Kenya, Uganda, Tanzania) in the Angular UI. Instead of trusting the LLM to remember this setting, the Angular service intercepts every message and forcibly prepends a hidden system directive before it reaches the network layer.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Inside chat.component.ts</span> <span class="k">async</span> <span class="nf">sendMessage</span><span class="p">()</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">finalPrompt</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">userInput</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">country</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">geminiService</span><span class="p">.</span><span class="nx">selectedCountry</span><span class="p">;</span> <span class="c1">// e.g., 'Kenya'</span> <span class="c1">// Forced Context Injection</span> <span class="nx">finalPrompt</span> <span class="o">=</span> <span class="s2">`[Context: The user is located in </span><span class="p">${</span><span class="nx">country</span><span class="p">}</span><span class="s2">. Answer strictly according to </span><span class="p">${</span><span class="nx">country</span><span class="p">}</span><span class="s2"> laws.] </span><span class="p">${</span><span class="nx">finalPrompt</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">isSwahili</span><span class="p">)</span> <span class="p">{</span> <span class="nx">finalPrompt</span> <span class="o">+=</span> <span class="dl">"</span><span class="s2"> (Reply in fluent Swahili, use simple legal terms)</span><span class="dl">"</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Send the payload to Firebase</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">geminiService</span><span class="p">.</span><span class="nf">chatWithGemini</span><span class="p">(</span><span class="nx">finalPrompt</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>This guarantees that even if a user simply types <em>"What are my rights if arrested?"</em>, the LLM receives <em>"[Context: The user is located in Kenya...] What are my rights if arrested?"</em> and responds with the correct constitutional clauses.</p> <h4> 2. The Backend Refusal Protocol </h4> <p>The Firebase Cloud Function acts as the secure gatekeeper holding the Gemini API key. Here, we instantiate <code>GoogleGenerativeAI</code> with a highly aggressive System Instruction.</p> <p>Notice the <strong>Strict Mandate</strong> and <strong>Refusal Protocol</strong>. We explicitly teach the LLM <em>what not to answer</em>, effectively neutralizing prompt-injection attempts aimed at getting the bot to discuss politics or foreign laws.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">onRequest</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">firebase-functions/v2/https</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">GoogleGenerativeAI</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@google/generative-ai</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">getLegalAdvice</span> <span class="o">=</span> <span class="nf">onRequest</span><span class="p">({</span> <span class="na">cors</span><span class="p">:</span> <span class="kc">true</span> <span class="p">},</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">prompt</span><span class="p">,</span> <span class="nx">country</span><span class="p">,</span> <span class="nx">file</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">genAI</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">GoogleGenerativeAI</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">GEMINI_API_KEY</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">SYSTEM_PROMPT</span> <span class="o">=</span> <span class="s2">` You are SheriaSenseEA, a specialized legal assistant. Prioritize the Constitution and Laws of **</span><span class="p">${</span><span class="nx">country</span><span class="p">}</span><span class="s2">**. **YOUR STRICT MANDATE:** 1. **SCOPE:** Deal ONLY with the Laws of Kenya, Uganda, and Tanzania. 2. **REFUSAL PROTOCOL:** If a user asks about: - Politics (unrelated to law) - General Knowledge - Laws of countries outside East Africa (e.g., US Law) **YOU MUST REPLY:** "My expertise is strictly limited to legal matters in East Africa. I cannot answer questions about that topic." **DISCLAIMER:** End EVERY message with: "**Disclaimer: This is for educational purposes only. Consult a qualified Advocate.**" `</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">model</span> <span class="o">=</span> <span class="nx">genAI</span><span class="p">.</span><span class="nf">getGenerativeModel</span><span class="p">({</span> <span class="na">model</span><span class="p">:</span> <span class="dl">"</span><span class="s2">gemini-2.5-pro</span><span class="dl">"</span><span class="p">,</span> <span class="na">systemInstruction</span><span class="p">:</span> <span class="nx">SYSTEM_PROMPT</span><span class="p">,</span> <span class="p">});</span> <span class="c1">// Execution logic...</span> <span class="p">});</span> </code></pre> </div> <h3> Multimodal Document Analysis </h3> <p>A legal assistant isn't just about answering questions; it needs to review contracts and lease agreements.</p> <p>When a user uploads a PDF or Image, the Angular frontend converts it into a Base64 string. The Firebase backend dynamically reconstructs this into an <code>inlineData</code> object that the Gemini Vision capabilities can process.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Constructing the multimodal payload in Node.js</span> <span class="kd">const</span> <span class="nx">contentParts</span><span class="p">:</span> <span class="kr">any</span><span class="p">[]</span> <span class="o">=</span> <span class="p">[</span><span class="nx">prompt</span><span class="p">];</span> <span class="c1">// If the Angular frontend sent a Base64 file, append it to the LLM context</span> <span class="k">if </span><span class="p">(</span><span class="nx">file</span> <span class="o">&amp;&amp;</span> <span class="nx">file</span><span class="p">.</span><span class="nx">data</span> <span class="o">&amp;&amp;</span> <span class="nx">file</span><span class="p">.</span><span class="nx">mimeType</span><span class="p">)</span> <span class="p">{</span> <span class="nx">contentParts</span><span class="p">.</span><span class="nf">push</span><span class="p">({</span> <span class="na">inlineData</span><span class="p">:</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">file</span><span class="p">.</span><span class="nx">data</span><span class="p">,</span> <span class="na">mimeType</span><span class="p">:</span> <span class="nx">file</span><span class="p">.</span><span class="nx">mimeType</span> <span class="p">}</span> <span class="p">});</span> <span class="p">}</span> <span class="c1">// Pass the combined array (Text + Document) to Gemini</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">model</span><span class="p">.</span><span class="nf">generateContent</span><span class="p">(</span><span class="nx">contentParts</span><span class="p">);</span> </code></pre> </div> <h3> Native Browser Accessibility </h3> <p>To ensure the app is accessible to users who may not be comfortable typing long legal queries, I integrated the native <strong>Web Speech API</strong> directly into Angular.</p> <p>This provides zero-cost, client-side Voice-to-Text and Text-to-Speech (TTS), fully localized for East African accents.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Voice Recognition (Speech-to-Text)</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">webkitSpeechRecognition</span> <span class="p">}:</span> <span class="kr">any</span> <span class="o">=</span> <span class="nb">window</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="nx">recognition</span> <span class="o">=</span> <span class="k">new</span> <span class="nf">webkitSpeechRecognition</span><span class="p">();</span> <span class="k">this</span><span class="p">.</span><span class="nx">recognition</span><span class="p">.</span><span class="nx">lang</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">isSwahili</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">sw-KE</span><span class="dl">'</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">en-KE</span><span class="dl">'</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="nx">recognition</span><span class="p">.</span><span class="nx">onresult</span> <span class="o">=</span> <span class="p">(</span><span class="nx">event</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">zone</span><span class="p">.</span><span class="nf">run</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">userInput</span> <span class="o">=</span> <span class="nx">event</span><span class="p">.</span><span class="nx">results</span><span class="p">[</span><span class="mi">0</span><span class="p">][</span><span class="mi">0</span><span class="p">].</span><span class="nx">transcript</span><span class="p">;</span> <span class="p">});</span> <span class="p">};</span> <span class="c1">// Reading Legal Advice Aloud (Text-to-Speech)</span> <span class="nf">speak</span><span class="p">(</span><span class="nx">text</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">cleanText</span> <span class="o">=</span> <span class="nx">text</span><span class="p">.</span><span class="nf">replace</span><span class="p">(</span><span class="sr">/</span><span class="se">[</span><span class="sr">*#</span><span class="se">]</span><span class="sr">/g</span><span class="p">,</span> <span class="dl">''</span><span class="p">);</span> <span class="c1">// Strip markdown</span> <span class="kd">const</span> <span class="nx">utterance</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">SpeechSynthesisUtterance</span><span class="p">(</span><span class="nx">cleanText</span><span class="p">);</span> <span class="nb">window</span><span class="p">.</span><span class="nx">speechSynthesis</span><span class="p">.</span><span class="nf">speak</span><span class="p">(</span><span class="nx">utterance</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><em>By dynamically swapping between <code>sw-KE</code> (Swahili-Kenya) and <code>en-KE</code> (English-Kenya), the dictation engine perfectly captures local dialects and legal terminology.</em></p> <h3> Conclusion </h3> <p>Building LegalTech requires a defensive engineering mindset. By combining Angular's robust service layer for context injection with Firebase Cloud Functions and Gemini's strict system prompting, SheriaSenseEA manages to provide highly accurate, multimodal legal guidance without bleeding into general-purpose AI hallucinations.</p> <p><strong>Live Demo:</strong> [<a href="https://sheriasense-app.web.app/" rel="noopener noreferrer">https://sheriasense-app.web.app/</a>]</p> <p><strong>GitHub Repo:</strong> [<a href="https://github.com/Maina-Duncan/SheriaSense-EA" rel="noopener noreferrer">https://github.com/Maina-Duncan/SheriaSense-EA</a>]</p> angular firebase gemini ai Building a Multi-Agent Medical Triage System with Angular, Firebase & Genkit Duncan Maina Wed, 25 Feb 2026 14:00:43 +0000 https://dev.to/maina-duncan/building-a-multi-agent-medical-triage-system-with-angular-firebase-genkit-4ofc https://dev.to/maina-duncan/building-a-multi-agent-medical-triage-system-with-angular-firebase-genkit-4ofc <p>When building AI applications for healthcare, the stakes are incredibly high. If a standard chatbot hallucinates a recipe, dinner is ruined. If a medical triage bot hallucinates a diagnosis, lives are at risk.</p> <p>To explore how to safely constrain LLMs in high-risk environments, I built <strong>AfyaSense</strong>—an AI-powered medical triage platform. </p> <p>The goal wasn't just to wrap a frontend around a Gemini prompt. I wanted to build a system that extracts patient symptoms, calculates clinical risk levels (<code>EMERGENCY</code>, <code>CLINIC</code>, or <code>SELF_CARE</code>), and dynamically generates interactive maps to nearby hospitals, all while strictly preventing the AI from going off-topic.</p> <p>Here is how I used <strong>Angular</strong>, <strong>Firebase Cloud Functions</strong>, and a <strong>5-Agent Routing Architecture</strong> via <strong>Google Genkit</strong> to build a safe, hallucination-resistant medical app.</p> <h3> The Problem with "God Prompts" in Healthcare </h3> <p>Initially, developers try to stuff every instruction into a single, massive system prompt: <em>"You are a doctor. Be polite. Extract these symptoms. Format as JSON. Give map coordinates."</em> This "God Prompt" approach fails. The LLM gets confused, breaks JSON schemas, or gets easily jailbroken by users asking off-topic questions. </p> <p>To solve this, I adopted a <strong>Multi-Agent Architecture</strong>. By splitting the workload into five specialized, isolated functions, the system became exponentially more reliable and predictable.</p> <h3> The AfyaSense Agent Pipeline </h3> <p>Instead of one AI doing everything, AfyaSense uses a sequential relay race orchestrated by Firebase Genkit.</p> <h4> 1. The Traffic Cop (Intent Router) </h4> <p>Before any medical reasoning happens, the first agent simply reads the user's input and classifies the intent. If a user asks about the English Premier League or politics, the Router immediately blocks the request and stops the execution flow. It only allows medical, greeting, or location intents to pass.</p> <h4> 2. The Intake Nurse (Data Extraction) </h4> <p>If the query is medical, it is handed to the Nurse agent. Crucially, <strong>this agent is forbidden from giving advice.</strong> Its only job is to read the chat history and extract exact data points into a strict Zod schema:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">PatientIntakeSchema</span> <span class="o">=</span> <span class="nx">z</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">symptoms</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">array</span><span class="p">(</span><span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">()),</span> <span class="na">durationDays</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">number</span><span class="p">().</span><span class="nf">optional</span><span class="p">(),</span> <span class="na">severity</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">number</span><span class="p">().</span><span class="nf">min</span><span class="p">(</span><span class="mi">1</span><span class="p">).</span><span class="nf">max</span><span class="p">(</span><span class="mi">10</span><span class="p">).</span><span class="nf">optional</span><span class="p">(),</span> <span class="na">isBleedingOrUnconscious</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">boolean</span><span class="p">(),</span> <span class="c1">// Critical flag</span> <span class="p">});</span> </code></pre> </div> <h4> 3. Hardcoded Emergency Guardrails </h4> <p>This is where traditional engineering meets AI. I don't trust an LLM to decide if severe bleeding is an emergency. Instead, I intercept the parsed data natively in TypeScript. If the <code>isBleedingOrUnconscious</code> flag is true, my backend bypasses the reasoning AI entirely and instantly returns an emergency response.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Bypassing LLM Reasoning for Emergencies</span> <span class="k">if </span><span class="p">(</span><span class="nx">intakeData</span><span class="p">.</span><span class="nx">isBleedingOrUnconscious</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">riskLevel</span><span class="p">:</span> <span class="dl">'</span><span class="s1">EMERGENCY</span><span class="dl">'</span><span class="p">,</span> <span class="na">reasoning</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Patient reported critical red-flag symptoms.</span><span class="dl">'</span><span class="p">,</span> <span class="na">suggestedAction</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Go to the nearest emergency room immediately.</span><span class="dl">'</span><span class="p">,</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <h4> 4. The Diagnostic Engine (Reasoning) </h4> <p>Only if the patient is stable does the data proceed to the "Doctor" agent (powered by Gemini 2.5 Pro). This agent takes the clean JSON from the Nurse and calculates the differential diagnosis and triage instructions.</p> <h3> Headless Mapping: Avoiding API Costs </h3> <p>One of the coolest features of AfyaSense is its ability to generate interactive Google Maps directly inside the chat UI without relying on expensive Google Places API calls.</p> <p>To achieve this, I built a headless mapping pipeline in the Angular frontend:</p> <ol> <li> <strong>Fetch:</strong> The browser grabs the user's raw GPS coordinates.</li> <li> <strong>Scan:</strong> The Angular app pings the free, open-source <strong>OpenStreetMap (Overpass API)</strong> to invisibly scan an 8km radius and extract the names of nearby clinics.</li> <li> <strong>Inject:</strong> It takes those raw string names and dynamically constructs free Google Maps Embed URLs. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// 1. Headless fetch from OpenStreetMap</span> <span class="kd">const</span> <span class="nx">query</span> <span class="o">=</span> <span class="s2">`[out:json];node["amenity"="hospital"](around:8000,</span><span class="p">${</span><span class="nx">lat</span><span class="p">}</span><span class="s2">,</span><span class="p">${</span><span class="nx">lng</span><span class="p">}</span><span class="s2">);out body 3;`</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">res</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`https://overpass-api.de/api/interpreter?data=</span><span class="p">${</span><span class="nf">encodeURIComponent</span><span class="p">(</span><span class="nx">query</span><span class="p">)}</span><span class="s2">`</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">names</span> <span class="o">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">elements</span><span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">e</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">e</span><span class="p">.</span><span class="nx">tags</span><span class="p">.</span><span class="nx">name</span><span class="p">).</span><span class="nf">slice</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">3</span><span class="p">);</span> <span class="c1">// 2. Build Google Maps iframes safely</span> <span class="k">this</span><span class="p">.</span><span class="nx">hospitalMaps</span> <span class="o">=</span> <span class="nx">names</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">name</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">mapUrl</span> <span class="o">=</span> <span class="s2">`https://maps.google.com/maps?q=</span><span class="p">${</span><span class="nf">encodeURIComponent</span><span class="p">(</span><span class="nx">name</span><span class="p">)}</span><span class="s2">+near+</span><span class="p">${</span><span class="nx">lat</span><span class="p">}</span><span class="s2">,</span><span class="p">${</span><span class="nx">lng</span><span class="p">}</span><span class="s2">&amp;t=m&amp;z=14&amp;output=embed`</span><span class="p">;</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">name</span><span class="p">,</span> <span class="c1">// Bypassing Angular's strict XSS protections for our generated iframes</span> <span class="na">url</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">sanitizer</span><span class="p">.</span><span class="nf">bypassSecurityTrustResourceUrl</span><span class="p">(</span><span class="nx">mapUrl</span><span class="p">)</span> <span class="p">};</span> <span class="p">});</span> </code></pre> </div> <h3> Tying it all together with Angular </h3> <p>The frontend is built on Angular 18. Because we are dynamically injecting HTML iframes into a chat bubble, Angular's strict Cross-Site Scripting (XSS) protections will normally block the maps. By explicitly running our generated URLs through <code>DomSanitizer</code>, we can render secure, beautiful maps right inside the user's chat flow without ever kicking them to another app.</p> <h3> The Takeaway </h3> <p>You don't need a massive monolithic LLM prompt to build intelligent apps. By breaking down your logic into micro-agents using Genkit and combining AI with traditional programming guardrails, you can build systems that are not only smarter, but significantly safer.</p> <p><strong>Live Demo:</strong> [<a href="https://afya-sense.web.app/" rel="noopener noreferrer">https://afya-sense.web.app/</a>]</p> <p><strong>Source Code:</strong> [<a href="https://github.com/Maina-Duncan/AfyaSense" rel="noopener noreferrer">https://github.com/Maina-Duncan/AfyaSense</a>]</p> angular firebase genkit gemini