DEV Community: Mihai Adrian Mateescu The latest articles on DEV Community by Mihai Adrian Mateescu (@mihai82adrian). https://dev.to/mihai82adrian https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3784316%2F1cdeeb34-3979-4d8d-b90d-bddaae5f8392.png DEV Community: Mihai Adrian Mateescu https://dev.to/mihai82adrian en Founder Compass: Designing a Stateless AI Profiler with Svelte 5 and Cloudflare Workers Mihai Adrian Mateescu Wed, 25 Feb 2026 19:54:29 +0000 https://dev.to/mihai82adrian/founder-compass-designing-a-stateless-ai-profiler-with-svelte-5-and-cloudflare-workers-5g0o https://dev.to/mihai82adrian/founder-compass-designing-a-stateless-ai-profiler-with-svelte-5-and-cloudflare-workers-5g0o <p>I wanted to build an AI tool that respects user privacy by design — no accounts, no database, no stored profiles. I work at the intersection of finance and software in the DACH ecosystem, which shaped many of the architectural decisions described here. This article walks through how Founder Compass works from an engineering perspective: architecture, streaming strategy, and prompt design.</p> <h2> TL;DR </h2> <ul> <li>12-question profiler that maps founder constraints (risk tolerance, runway comfort, business model preference) to a structured AI report</li> <li>Single Cloudflare Worker, no database: rate limiting runs on the Cache API with a SHA-256-hashed IP key and a 604,800-second TTL</li> <li>SSE streaming via <code>o4-mini</code> — report starts rendering in the browser within ~2 seconds of submission</li> <li>Quiz state and generated report persist exclusively in localStorage — the only data that leaves the browser is the 12 anonymized answers, transmitted once on explicit user consent</li> </ul> <h2> The Real Reason Most Founders Struggle </h2> <p>Most founders do not fail because they lack ambition, market knowledge, or technical skills.</p> <p>They fail because they choose a business model that is structurally incompatible with who they are.</p> <p>A person who genuinely needs financial security within three months cannot bootstrap a product business that takes 18 months to reach profitability. A solo operator who works best with deep focus cannot build a business that requires constant client management and relationship selling. These are not motivational problems. They are alignment problems.</p> <p>The mismatch tends to show up late — after the savings are spent, after the first customers are acquired at the wrong margin, after the founder realizes the model they chose requires skills, time, or risk tolerance they do not actually have.</p> <p>Catching it earlier changes the outcome.</p> <h2> Why Existing Tools Miss the Point </h2> <p>Startup personality quizzes tell you what type you are. They rarely tell you whether your type is compatible with the business you are about to build.</p> <p>Generic AI tools like ChatGPT produce generic output — because they receive generic input. Without a structured intake that forces the user to articulate real constraints, the output defaults to frameworks that fit everyone and therefore help no one.</p> <p>Founders don't need more motivation. They need alignment.</p> <h2> The Architecture: Stateless by Design </h2> <p>Before writing a line of UI code, two architectural constraints were non-negotiable.</p> <p><strong>No database, no user accounts.</strong> Every quiz answer is submitted once, processed once, and discarded on the server. The generated report is never stored on any server — it is written directly into the browser's localStorage as it streams in.</p> <p><strong>Rate limiting must be GDPR-compliant.</strong> A weekly quota (1 report per 7 days) is necessary to prevent abuse. But storing IP addresses creates a GDPR obligation. The solution: hash the IP with SHA-256, use the hash as a Cache API key, let the entry expire after 7 days. No raw IP is ever written to any storage. No deletion workflow needed.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌──────────────────────────────────────────────────────────────┐ │ Browser (Svelte 5 island, client:visible) │ │ │ │ FounderCompassApp │ │ ├── phase: 'quiz' | 'consent' | 'report' ($derived) │ │ ├── answers[12] ($state) │ │ ├── lastGeneratedAt: number | null ($state) │ │ └── weeklyLocked: boolean ($derived) │ │ │ │ localStorage: quiz progress + completed report │ │ (never leaves the browser) │ └───────────────────────────┬──────────────────────────────────┘ │ POST /api/compass │ { answers: [12 × {dimension, selectedKey, label}] } │ transmitted once · processed once · discarded │ ┌───────────────────────────▼──────────────────────────────────┐ │ Cloudflare Worker: /api/compass │ │ │ │ 1. Hash client IP → SHA-256 hex (non-reversible) │ │ 2. Check Cache API for quota key (TTL: 604,800s / 7 days) │ │ 3. Build structured prompt from 12 answers │ │ 4. Stream o4-mini response via SSE (event: delta) │ │ 5. Set Cache API quota key on success │ │ │ │ No database · No user table · No stored answers │ └──────────────────────────────────────────────────────────────┘ </code></pre> </div> <h2> SSE Streaming from a Cloudflare Worker </h2> <p>The report runs to 600–900 words. Waiting for the full LLM completion before displaying anything produces a 15–25 second blank screen — unacceptable. SSE allows the Worker to begin writing the response immediately as tokens arrive.</p> <p>Worker-side: forward <code>event: delta</code> messages as they come in from the OpenAI API:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">stream</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">ReadableStream</span><span class="p">({</span> <span class="k">async</span> <span class="nf">start</span><span class="p">(</span><span class="nx">controller</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">enc</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">TextEncoder</span><span class="p">();</span> <span class="k">for</span> <span class="k">await </span><span class="p">(</span><span class="kd">const</span> <span class="nx">event</span> <span class="k">of</span> <span class="nx">openaiStream</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">text</span> <span class="o">=</span> <span class="nx">event</span><span class="p">.</span><span class="nx">choices</span><span class="p">?.[</span><span class="mi">0</span><span class="p">]?.</span><span class="nx">delta</span><span class="p">?.</span><span class="nx">content</span> <span class="o">??</span> <span class="dl">''</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">text</span><span class="p">)</span> <span class="p">{</span> <span class="nx">controller</span><span class="p">.</span><span class="nf">enqueue</span><span class="p">(</span> <span class="nx">enc</span><span class="p">.</span><span class="nf">encode</span><span class="p">(</span><span class="s2">`event: delta\ndata: </span><span class="p">${</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="nx">text</span> <span class="p">})}</span><span class="s2">\n\n`</span><span class="p">)</span> <span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">controller</span><span class="p">.</span><span class="nf">enqueue</span><span class="p">(</span><span class="nx">enc</span><span class="p">.</span><span class="nf">encode</span><span class="p">(</span><span class="s2">`event: done\ndata: {}\n\n`</span><span class="p">));</span> <span class="nx">controller</span><span class="p">.</span><span class="nf">close</span><span class="p">();</span> <span class="p">},</span> <span class="p">});</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="nx">stream</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">text/event-stream</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Cache-Control</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">no-cache</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> </code></pre> </div> <p>Client-side: accumulate deltas into a Svelte reactive string, which re-renders the Markdown in real time via <code>marked</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">reader</span> <span class="o">=</span> <span class="nx">res</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nf">getReader</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">decoder</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">TextDecoder</span><span class="p">();</span> <span class="kd">let</span> <span class="nx">buffer</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="k">while </span><span class="p">(</span><span class="kc">true</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">done</span><span class="p">,</span> <span class="nx">value</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">reader</span><span class="p">.</span><span class="nf">read</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">done</span><span class="p">)</span> <span class="k">break</span><span class="p">;</span> <span class="nx">buffer</span> <span class="o">+=</span> <span class="nx">decoder</span><span class="p">.</span><span class="nf">decode</span><span class="p">(</span><span class="nx">value</span><span class="p">,</span> <span class="p">{</span> <span class="na">stream</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">segments</span> <span class="o">=</span> <span class="nx">buffer</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="se">\n\n</span><span class="dl">'</span><span class="p">);</span> <span class="nx">buffer</span> <span class="o">=</span> <span class="nx">segments</span><span class="p">.</span><span class="nf">pop</span><span class="p">()</span> <span class="o">||</span> <span class="dl">''</span><span class="p">;</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">segment</span> <span class="k">of</span> <span class="nx">segments</span><span class="p">)</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">eventType</span> <span class="o">=</span> <span class="dl">''</span><span class="p">,</span> <span class="nx">eventData</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">line</span> <span class="k">of</span> <span class="nx">segment</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="se">\n</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">line</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">event: </span><span class="dl">'</span><span class="p">))</span> <span class="nx">eventType</span> <span class="o">=</span> <span class="nx">line</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">7</span><span class="p">).</span><span class="nf">trim</span><span class="p">();</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">line</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">data: </span><span class="dl">'</span><span class="p">))</span> <span class="nx">eventData</span> <span class="o">=</span> <span class="nx">line</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">6</span><span class="p">).</span><span class="nf">trim</span><span class="p">();</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">eventType</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">delta</span><span class="dl">'</span> <span class="o">&amp;&amp;</span> <span class="nx">eventData</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">parsed</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">eventData</span><span class="p">);</span> <span class="nx">report</span> <span class="o">=</span> <span class="p">(</span><span class="nx">report</span> <span class="o">||</span> <span class="dl">''</span><span class="p">)</span> <span class="o">+</span> <span class="nx">parsed</span><span class="p">.</span><span class="nx">text</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> GDPR-Compliant Rate Limiting via Cache API </h2> <p>Standard rate limiting writes an IP address to a storage layer. That's personal data under GDPR. The alternative: SHA-256 hash the IP, store the hash as a Cache API key with a <code>max-age</code> of 604,800 seconds. It expires automatically, no cleanup job required.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nf">hashIP</span><span class="p">(</span><span class="nx">ip</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">string</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">TextEncoder</span><span class="p">().</span><span class="nf">encode</span><span class="p">(</span><span class="s2">`compass-quota:</span><span class="p">${</span><span class="nx">ip</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">buf</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">crypto</span><span class="p">.</span><span class="nx">subtle</span><span class="p">.</span><span class="nf">digest</span><span class="p">(</span><span class="dl">'</span><span class="s1">SHA-256</span><span class="dl">'</span><span class="p">,</span> <span class="nx">data</span><span class="p">);</span> <span class="k">return</span> <span class="nb">Array</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="k">new</span> <span class="nc">Uint8Array</span><span class="p">(</span><span class="nx">buf</span><span class="p">))</span> <span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">b</span> <span class="o">=&gt;</span> <span class="nx">b</span><span class="p">.</span><span class="nf">toString</span><span class="p">(</span><span class="mi">16</span><span class="p">).</span><span class="nf">padStart</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span> <span class="dl">'</span><span class="s1">0</span><span class="dl">'</span><span class="p">))</span> <span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="dl">''</span><span class="p">);</span> <span class="p">}</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">hasWeeklyQuota</span><span class="p">(</span><span class="nx">ip</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">boolean</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">hash</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">hashIP</span><span class="p">(</span><span class="nx">ip</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cache</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">caches</span><span class="p">.</span><span class="nf">open</span><span class="p">(</span><span class="dl">'</span><span class="s1">compass-quota-v1</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cached</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">cache</span><span class="p">.</span><span class="nf">match</span><span class="p">(</span> <span class="k">new</span> <span class="nc">Request</span><span class="p">(</span><span class="s2">`https://quota.internal/__compass_quota/</span><span class="p">${</span><span class="nx">hash</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="p">);</span> <span class="k">return</span> <span class="nx">cached</span> <span class="o">!==</span> <span class="kc">undefined</span><span class="p">;</span> <span class="p">}</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">setWeeklyQuota</span><span class="p">(</span><span class="nx">ip</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">hash</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">hashIP</span><span class="p">(</span><span class="nx">ip</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cache</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">caches</span><span class="p">.</span><span class="nf">open</span><span class="p">(</span><span class="dl">'</span><span class="s1">compass-quota-v1</span><span class="dl">'</span><span class="p">);</span> <span class="k">await</span> <span class="nx">cache</span><span class="p">.</span><span class="nf">put</span><span class="p">(</span> <span class="k">new</span> <span class="nc">Request</span><span class="p">(</span><span class="s2">`https://quota.internal/__compass_quota/</span><span class="p">${</span><span class="nx">hash</span><span class="p">}</span><span class="s2">`</span><span class="p">),</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="dl">'</span><span class="s1">1</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Cache-Control</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">max-age=604800</span><span class="dl">'</span> <span class="p">}</span> <span class="p">})</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The frontend adds a second independent guard: <code>lastGeneratedAt</code> in localStorage. <code>isWeeklyCooldownActive()</code> checks whether 7 days have elapsed client-side — instant feedback without a round-trip.</p> <h2> Svelte 5 Runes: One Integer Drives the Entire Flow </h2> <p>The entire state machine has three phases, derived from a single counter:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">let</span> <span class="nx">phase</span> <span class="o">=</span> <span class="nx">$derived</span><span class="o">&lt;</span><span class="dl">'</span><span class="s1">quiz</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">consent</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">report</span><span class="dl">'</span><span class="o">&gt;</span><span class="p">(</span> <span class="nx">currentStep</span> <span class="o">&lt;</span> <span class="nx">TOTAL</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">quiz</span><span class="dl">'</span> <span class="p">:</span> <span class="nx">currentStep</span> <span class="o">===</span> <span class="nx">TOTAL</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">consent</span><span class="dl">'</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">report</span><span class="dl">'</span> <span class="p">);</span> </code></pre> </div> <p><code>currentStep</code> increments on each "Next" click. No router, no nested conditionals, no separate page per question. With <code>$bindable</code>, <code>QuizStep</code> reads and writes parent state directly — no event dispatch boilerplate:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Parent passes individual slots down:</span> <span class="nx">bind</span><span class="p">:</span><span class="nx">selectedKey</span><span class="o">=</span><span class="p">{</span><span class="nx">answers</span><span class="p">[</span><span class="nx">currentStep</span><span class="p">].</span><span class="nx">selectedKey</span><span class="p">}</span> <span class="nl">bind</span><span class="p">:</span><span class="nx">customText</span><span class="o">=</span><span class="p">{</span><span class="nx">answers</span><span class="p">[</span><span class="nx">currentStep</span><span class="p">].</span><span class="nx">customText</span><span class="p">}</span> </code></pre> </div> <h2> Prompt Design: Structure Forces Specificity </h2> <p>The quality of the generated report depends entirely on the system prompt. The prompt mandates exactly five sections with German headers, using directive language to prevent the model from hedging:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Du bist ein knallharter Digital Finance Architect und Startup-Mentor. Du gibst keine generischen Ratschläge. Antworte IMMER mit exakt diesen 5 Abschnitten: ## 1. Der Gründer-Archetyp ## 2. Das ideale Geschäftsmodell Wenn du dir unsicher bist: ERFINDE ein konkretes Geschäftsmodell. Kein "Es hängt davon ab." ## 3. Die finanziellen Unit Economics ## 4. Das größte Risiko (Blind Spot) ## 5. Nächster konkreter Schritt [Eine Handlung in den nächsten 7 Tagen] </code></pre> </div> <p>Key decisions:</p> <ul> <li> <strong>Mandatory section headers</strong> prevent the model from collapsing or reordering sections</li> <li> <strong>"ERFINDE ein konkretes Geschäftsmodell"</strong> overrides the model's default hedging behavior</li> <li> <strong>Section 5 mandates one concrete action within 7 days</strong> — not a strategy, not a framework</li> </ul> <p>The model used is <code>o4-mini</code> with <code>max_output_tokens: 2500</code>. Note: this model does not accept the <code>temperature</code> parameter.</p> <h2> The Consent Step </h2> <p>Before any data leaves the browser, the user sees a full consent screen: answer summary, rate limit notice, GDPR disclosure, and an explicit opt-in checkbox.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm4mexzivmohq7ivu1vsb.webp" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm4mexzivmohq7ivu1vsb.webp" alt="Founder Compass consent step — answer summary, usage notice with weekly rate limit, GDPR privacy disclosure, and submit button" width="800" height="722"></a></p> <p>The submit button is disabled until the checkbox is checked. The weekly cooldown is shown inline if the user has already generated a report in the past 7 days.</p> <h2> Key Takeaways </h2> <ul> <li> <strong>Stateless architecture simplifies both compliance and deployment</strong> — no schema to migrate, no user table to secure, no GDPR deletion workflow</li> <li> <strong>SSE streaming dramatically improves perceived performance</strong> for AI tools — the report starts rendering within ~2 seconds instead of waiting 20+ seconds for full completion</li> <li> <strong>Structured prompts matter more than model choice</strong> — mandatory section headers and directive language produce specific, non-hedged output regardless of which model you use</li> <li> <strong>Privacy-first design can be a competitive advantage, not a constraint</strong> — SHA-256 hashed IP + Cache API TTL achieves rate limiting with zero personal data stored</li> </ul> <h2> References </h2> <ul> <li><a href="https://developers.cloudflare.com/workers/runtime-apis/cache/" rel="noopener noreferrer">Cloudflare Workers Cache API</a></li> <li><a href="https://platform.openai.com/docs/models/o4-mini" rel="noopener noreferrer">OpenAI o4-mini model documentation</a></li> <li><a href="https://svelte.dev/docs/svelte/$bindable" rel="noopener noreferrer">Svelte 5 Runes — $bindable</a></li> <li><a href="https://html.spec.whatwg.org/multipage/server-sent-events.html" rel="noopener noreferrer">Server-Sent Events specification (WHATWG)</a></li> <li><a href="https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679" rel="noopener noreferrer">DSGVO Article 4 — definition of personal data</a></li> </ul> <p>If you’re building something similar or experimenting with stateless architectures, I’d love to hear how you approached it.<br> Source code is part of my open portfolio repository.</p> svelte cloudflare ai privacy I'm Finance Ops, not a developer. I built a KoSIT-valid XRechnung generator in the browser anyway Mihai Adrian Mateescu Sat, 21 Feb 2026 22:56:14 +0000 https://dev.to/mihai82adrian/im-finance-ops-not-a-developer-i-built-a-kosit-valid-xrechnung-generator-in-the-browser-anyway-4bn2 https://dev.to/mihai82adrian/im-finance-ops-not-a-developer-i-built-a-kosit-valid-xrechnung-generator-in-the-browser-anyway-4bn2 <p>My day job is Finance Ops and accounting. I'm not a software engineer by training.</p> <p>But in DACH, the gap between "what accountants need" and "what developers build" is real — and expensive. So I closed it myself.<br> <strong>Live demo (local-first, zero tracking):</strong> <a href="https://me-mateescu.de/tools/xrechnung/" rel="noopener noreferrer">https://me-mateescu.de/tools/xrechnung/</a></p> <h2> The problem I kept hitting </h2> <p>Germany's <strong>E-Rechnungspflicht</strong> is no longer theoretical. B2G (Business-to-Government) invoicing has required a valid XRechnung for years, and B2B is rolling out in phases (reception from 2025, issuance for &gt;€800k revenue from 2027, and broadly from 2028).</p> <p>A PDF — even a perfect one — is not enough.</p> <p>Every tool I found was one of three things:</p> <ul> <li> <strong>Enterprise ERP</strong> (SAP, DATEV): full XRechnung support, hundreds of euros/month, built for teams, not freelancers</li> <li> <strong>SaaS invoicing</strong> (Lexoffice, sevDesk): subscription-based, your invoice data lives on their servers, lock-in by design</li> <li> <strong>CLI tools</strong>: open-source Java/Python libraries that assume you know what <code>java -jar</code> means</li> </ul> <p>The missing middle: a freelancer who needs to invoice the municipality of Hamburg once a quarter. A one-person consultancy that just won its first public-sector contract. A Kleinunternehmer who needs §19 UStG compliance without paying for DATEV.</p> <p>That's who I built this for. Also me.</p> <h2> What I shipped </h2> <p>A browser-native XRechnung 3.0 generator. No server. No account. No data leaves your machine.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpi7jt9r7wihfiqke28tr.webp" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpi7jt9r7wihfiqke28tr.webp" alt="XRechnung generator — form on the left, live invoice preview on the right" width="800" height="336"></a></p> <p><strong>Validates against KoSIT Validator v1.6.2 (Config v3.0.2) + EN 16931.</strong><br> Exports: <strong>UBL 2.1</strong> and <strong>UN/CEFACT CII</strong> syntax.<br> Generates a DIN 5008-style PDF alongside the XML.<br> Supports Kleinunternehmer (§19 UStG), Standard VAT, and Reverse Charge (§13b UStG).</p> <p>🔗 Live: <a href="https://me-mateescu.de/tools/xrechnung/" rel="noopener noreferrer">https://me-mateescu.de/tools/xrechnung/</a><br><br> 📦 Source: <a href="https://github.com/Mihai-82Adrian/portfolio-astro" rel="noopener noreferrer">https://github.com/Mihai-82Adrian/portfolio-astro</a> (MIT)</p> <h2> Why local-first — and how I proved it </h2> <p>Invoice data is high-signal: client names, project descriptions, amounts, IBANs.<br> Most SaaS tools solve the trust problem by asking you to trust them. This tool solves it by not touching your data at all.</p> <p>Everything — XML generation, PDF rendering, pre-validation — runs in the browser.<br> Your seller defaults persist in localStorage. Nothing else.</p> <p>The proof isn't marketing copy. It's the DevTools Network tab:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp7p3ancsyo4rlhqot3tf.webp" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp7p3ancsyo4rlhqot3tf.webp" alt="Chrome DevTools Network panel showing zero Fetch/XHR requests during the entire invoice generation flow — only a local PDF blob download is visible" width="800" height="603"></a></p> <p>Zero outbound requests. Not "we encrypt everything" — just: nothing leaves.</p> <h2> How I actually built this (the honest version) </h2> <p>My role here is closer to <strong>architect and orchestrator</strong> than "I code all day."</p> <p>I work from the compliance constraints down: read the EN 16931 spec, map the domain model in TypeScript types, define the validation rules, then specify the implementation.</p> <p>Build note (full transparency): parts of the implementation were AI-assisted (Claude Code/Codex), under my architecture, with manual review and validation loops.</p> <p>This workflow forced me to understand the standard deeply — because you cannot prompt your way past a KoSIT schema validation error you don't understand. When the validator rejects your XML with <code>BT-31 cardinality violation</code>, you need to know what BT-31 is.</p> <p>The hardest part wasn't the code. It was building a typed domain model that produces both UBL 2.1 and UN/CEFACT CII output from the same <code>Invoice</code> object — without branching logic everywhere:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpzymwn84paxgs5tge3bf.webp" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpzymwn84paxgs5tge3bf.webp" alt="VS Code split view: UBL 2.1 XML on the left, UN/CEFACT CII XML on the right — both generated from identical invoice data" width="800" height="428"></a></p> <p>Same invoice. Two syntax outputs. The domain model is syntax-agnostic.</p> <h2> The deployment: zero backend, Cloudflare edge </h2> <p>Every push to <code>master</code> triggers a GitHub Actions build and deploys straight to <strong>Cloudflare Pages</strong>. No servers, no containers, no databases.</p> <p>The static assets are cached at Cloudflare's edge — so latency is basically: "the file is already there."</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F91f7bmes0efedgm96to8.webp" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F91f7bmes0efedgm96to8.webp" alt="Cloudflare Pages dashboard showing automatic deployments enabled for the portfolio-astro project, with me-mateescu.de live on the Production environment" width="800" height="345"></a></p> <h2> What I'd do differently </h2> <p><strong>One thing:</strong> read the full EN 16931 + CIUS context before touching any code.</p> <p>I assumed XRechnung was "just XML with some German quirks." It's not. It's layered: EN 16931 Core + CIUS + KoSIT profile requirements. The URN identifiers alone took me two days to get right — and they’re a common cause of validation failures even when invoice data is correct.</p> <p>Typed constants (TypeScript <code>const</code> values) eliminated an entire class of errors. Worth knowing upfront.</p> <h2> Questions for the community </h2> <p>If you've worked with XRechnung, EN 16931, or Peppol:</p> <ol> <li><strong>What validation errors do you see most often in production?</strong></li> <li><strong>UBL or CII — what do your clients' ERPs actually consume?</strong></li> <li><strong>What's the one missing feature before this is useful to you?</strong></li> </ol> <p>Full technical breakdown (architecture, code, domain model):<br> 👉 <a href="https://me-mateescu.de/blog/xrechnung-generator-local-first-en16931/" rel="noopener noreferrer">https://me-mateescu.de/blog/xrechnung-generator-local-first-en16931/</a></p> showdev typescript svelte webdev