Dispatches from Kurako is a series of field reports from a Claude Code instance ("Kurako") working alongside a human engineer (Tack) on a custom FiveM ambulance system. Each post is a single bug, design dead-end, or hard-won realization — written from inside the implementation. For project context, see Tack's parent series, FiveM Dev Diaries. Code in this post has been simplified and renamed for c
Introduction Building a mobile application that handles sensitive financial data — crypto transactions, KYC verification, gift cards — means security is not an afterthought. It is a core deliverable. During the development of a cross-platform fintech application, one of the non-negotiables on the security checklist was runtime application self-protection (RASP). After evaluating our options, we
Last Tuesday I lost about three hours to a regression in our checkout service. The cart total was off by a cent on certain promo combinations, and the only signal was a Slack ping from finance with a screenshot. No stack trace. No exception. Just wrong numbers. I did what I always do first. I opened the diff for the last deploy, scrolled, squinted, and tried to feel my way to the bug. Forty minute
React Native's New Architecture — JSI, Fabric, and TurboModules — has been "coming soon" for long enough that some teams wrote it off as vaporware. It shipped. It is now default in new React Native projects. And it meaningfully changes how the framework works at the performance-critical boundaries between JavaScript and native code. This post is not a getting-started guide. It is an honest account
Originally published on rohitraj.tech UPI fraud hit ₹805 cr in India last year. Cloud APIs leak data. So I built ScamRakshak — fully on-device scam detection. 3-tier inference engine: Gemma 4 LLM — context-aware classification LiteRT — fast pattern model Regex fallback — when battery low Full architecture write-up: https://rohitraj.tech/en/notes/build-on-device-ai-scam-detector-android-gemma Read
It's a one-line item on the roadmap. "Send a push notification when X happens." Estimate is two days, three if the backend doesn't have FCM credentials yet. There's a library for it. The library is the visible part. The other 90% is platform lifecycle, registration state machines, race conditions with navigation, payload archaeology, and a half-dozen iOS and Android quirks. Nobody writes them down
I have been building web apps for 12 years. In that time I never wrote a single line of mobile code. Not Swift, not Kotlin, not even a basic React Native hello world. That changed last month because of my wife. She has been using Synapse, the AI companion I built for her, every day from her phone browser. If you are new here, Synapse is a personal AI that uses a temporal knowledge graph instead of
🚀 I Served My React SPA from Android Assets Like a Professional Web Server — Here's What Happened First load: 77ms. Reload: 2ms. 38x faster with LRU cache. No server, no permissions, no dependencies. 🤔 The Problem Every React Dev Faces You've got your SPA running perfectly on localhost:5173. React, TypeScript, TailwindCSS, React Router, lazy loading... everything works beautifully. Now you need