Every system below was architected and built solo by Junior Thuram Nana — self-taught Cameroonian software engineer, system architect, AI engineer and offensive-security expert based in Buea, Cameroon. Junior is the architect of record, the developer, the maintainer, and the copyright holder on each. Operating methodology: agentic AI engineering under a human architect of record.
Client: VIGIL APEX SAS — CONAC Phase 1 Pilot.
Real-time public-finance compliance and anti-corruption intelligence platform. Forensic pipeline ingesting 26 public data sources (procurement portals, OFAC / EU sanctions, OpenCorporates, ARMP debarments, court extracts, satellite imagery, anonymous tips), running 43 deterministic fraud patterns across 8 categories, fused through a Bayesian certainty engine targeting Expected Calibration Error under 5%. Findings escalate only on a 3-of-5 hardware-key (YubiKey + Shamir) council quorum. Every state transition is anchored to a triple-witness audit chain: Postgres hash chain + Polygon mainnet (VIGILAnchor.sol) + Hyperledger Fabric. Public-domain data only.
Client: RÉCOR Consortium — BUNEC / ARMP / ANIF / DGI / BEAC.
National beneficial-ownership registry of Cameroon, satisfying FATF Recommendations 24 and 25 and underpinning grey-list remediation. Rust + TypeScript monorepo with a 9-stage adversarial verification pipeline (schema parity + Ed25519 attestation → identity gates → UN/EU/OFAC sanctions → PEP screening → adverse media → graph + ML pattern detection → Dempster-Shafer fusion → stakeholder review → public consultation). Every declaration is browser-signed (Ed25519 via Web Crypto), receipted with BLAKE3, anchored to a Hyperledger Fabric audit channel. SLSA Level 3 supply chain.
Client: République du Cameroun — National Maternal Health Coordination.
Sovereign maternal & neonatal mobilization architecture. Apache 2.0 open-source, offline-first, safety-critical. Eight architectural planes engineered against twelve binding doctrines, spanning seven connectivity tiers (T1 fibre → T7 paper-of-record) so the platform degrades gracefully from urban facilities to rural sites with no network. V-Model discipline, defence-in-depth security, end-to-end audit chain with integrity proofs, Phase-5 acceptance gates.
Client: TraceCMR Programme Office — MINFOF · MINADER (Cameroon).
Sovereign EUDR compliance platform (EU 2023/1115). Registers every relevant agricultural and forestry plot in Cameroon, observes them against the 2020 deforestation baseline, anchors a cryptographic chain of custody from farmer to port of loading, and submits EU Information System Due Diligence Statements. Ten Hyperledger Fabric chaincodes, five Ring 0 cryptographic services (FROST threshold signer, Halo2 prover, Halo2 verifier, OpenTimestamps anchor, SPIRE controller), ten-node federated topology with FROST-Ed25519 threshold quorum on consequential operations. SLSA Level 4 build provenance.
Client: Pattern — Sovereign Investigative Intelligence.
Classified-aware investigative-intelligence platform that indexes large bodies of structured and unstructured material (documents, data tables, registries, leaks) and makes them searchable, cross-referenceable and analytically tractable. Typed entity model, cryptographic provenance per artefact, bilingual French / English (defaults to fr-CM). Flask + SQLAlchemy 2 + React frontend; three Postgres logical databases (application, FollowTheMoney fragments, task queue), Elasticsearch, Redis, content-addressed Archive (filesystem / S3 / GCS), Procrastinate queue. FROST + Halo2 cryptographic roadmap. MIT licensed.
Client: ANTIC — Agence Nationale des TIC du Cameroun.
Sovereign cyber platform / agent-orchestrated build harness. Claude Code (Opus 4.7) operates as the workspace, driving a fleet of specialist subagents (platform engineer, AI engineer, cryptographer, security reviewer, others) against six volumes of architectural and institutional specification (~665 pages). Each subagent inherits ring-specific or cross-cutting engineering knowledge through skills; each rule encodes a non-negotiable engineering constraint. Objective: the day-180 milestone defined in the Engineering Build Plan — sovereign cyber platform built from foundational specifications to operational reality, with the first authorised engagement against a real Cameroonian government information system completed and reported.
Client: Meta / WhatsApp.
Identified a permission-escalation logic bypass in the WhatsApp iOS client. Non-admin users could forward screenshots within restricted group environments, circumventing broadcast controls. Disclosure triggered a global security-policy update across the platform.
Client: Samsung Mobile.
Discovered a character-misinterpretation flaw between the clipboard and system dialpad. Certain Unicode sequences cause unexpected behaviour in the dialer input parser, creating a potential injection vector. Status: Reported. Persistent.
Owner: Junior Thuram Nana (proprietary framework).
Reusable, multi-target framework for self-directed penetration testing and adversary emulation across every owned application. Drives an offensive-security agent through a structured cognitive loop (observe → orient → hypothesise → test → update → critique → pivot) rather than a static checklist. Each engagement lives as a target instance under targets/<name>/, sharing playbooks, knowledge base, scripts, and templates. Standard-aligned to OWASP WSTG / ASVS / API Top 10 / LLM Top 10, MITRE ATT&CK, PTES, NIST 800-115, and PASTA. Built-in critique routines force the agent to ask "what am I missing?" at every phase boundary and every 30 minutes of stuck thread; pivot protocols generate alternatives systematically when blocked. Playbook coverage spans web, API, auth / identity, cloud, containers, CI/CD, microservices, mobile, LLM/AI, supply chain, source-code review, and post-exploitation.
Client: Classified — NDA-protected.
Secure multi-chain custody architecture for BTC, ETH, SOL and BNB. Cold-storage logic, multi-sig authorisation flows, automated compliance triggers. Full technical dossier available via secure audit pathway only.
Site: blockearth.app.
Fully decentralised Web3 application. Supports MetaMask, WalletConnect, Coinbase Wallet and other connectors. Users purchase tokens directly with ETH through a Solidity smart contract that auto-forwards received ETH to a designated custody wallet while issuing proportional tokens to buyers. Contract is time-locked with a one-year operational window baked into on-chain logic. Non-custodial, trustless, permissionless.
Site: flaireapp.org.
Full-stack AI-powered educational platform. Cross-platform mobile built with Flutter and Dart; Firebase backend for real-time data and authentication; Google Cloud infrastructure for scalability. Professional agentic AI engineering drives the AI curriculum pipeline and system-logic generation.
Type: Cross-platform student-and-staff community app, designed and built by Junior Thuram Nana.
Cross-platform Flutter / Dart student-and-staff community app. Integrates academic tracking, internal social networking, anonymous confessions, academic queries, lost-and-found, location services, and user-controlled news / events, with usability telemetry feeding continuous improvement. iOS + Android + web from a single Flutter codebase — built to serve a student-and-staff community end to end, from academic workflow to social layer.