VowTrust — Institutional Deal Verification Platform

VowTrust came from a clear gap. Banks confirming Proof of Funds and lawyers signing off on cross-border deals do it over email and phone. The verification exists, but the audit trail is scattered across inboxes and internal systems. When a regulator audits, or a deal goes into dispute, reconstructing what happened, when, and by whom is slow and error-prone. Platforms that exist in this space either touch funds (which adds escrow regulatory scope nobody wants) or bundle verification with advisory and messaging (which adds scope creep institutions explicitly avoid). Nothing was just a clean, neutral verification workspace.

The platform operates in two modes. Express is for SMEs and fintechs on deals between $50K and $20M. Six checks run in parallel via Inscribe (document fraud detection), Ocrolus (balance and financial parsing), ComplyAdvantage (AML/sanctions plus PEP/adverse media), Sumsub (KYC), and Kyckr (KYB). Total verification time: 15-45 seconds. Weighted scoring produces a 0-100 confidence number. Above 85 auto-approves, 60-84 issues with flags, below 60 forces escalation to Institutional mode. Hard fails (sanctions match, document fraud, KYC fail) immediately mark the deal DEAL_FAILED regardless of score.

Institutional is for Tier 1 banks and deals above $10M that require human mediators. The Admin assigns a Mediator Bank Officer and a Mediator Lawyer. Each client gets their own private room (Room A, Room B), with role-based and invite-only access. Documents upload to encrypted storage. The Bank Officer reviews PoF documents and records confirm or reject. The Lawyer reviews across both rooms. Optional per-side lawyers can sign off independently. All actions are timestamped and immutable. Any single rejection fails the entire deal. Once everything is approved, the platform generates a combined Verification Certificate.

The architecture is serverless on AWS. Next.js for the web app, Lambda for the API via Serverless Framework, PostgreSQL for the audit-grade data layer (immutability matters more than flexibility here), and Terraform for infrastructure. The deal lifecycle is a strict state machine — DEAL_CREATED → PARTIES_ASSIGNED → VERIFICATION_IN_PROGRESS → VERIFIED → CERTIFICATE_ISSUED. The state machine is enforced at the database level and the API layer. No path can be skipped. No record can be retroactively altered. The audit trail is the product.

Provider integrations are the hard part. Each of the 5 KYC/AML providers has different rate limits, error semantics, and result schemas. We wrapped each one in a normalized adapter with circuit breakers and graceful degradation. A provider outage delays the Express score by seconds, not the entire deal. Failed checks are retried with exponential backoff. All provider responses are stored verbatim alongside the normalized result so an audit can replay exactly what each provider returned.

Built solo with Claude Code over weeks. Specs-first workflow: every feature has a written spec, AI implements against the spec, human review gates on auth, money handling (even though we do not touch funds, billing is real), and security. 1,000+ TypeScript files across the monorepo. UAT suites that run end-to-end deal journeys against a real PostgreSQL instance. This is the kind of platform that would normally take a team six months to ship. It shipped in weeks.