Alejandro Alvarado
Your most expensive operational
gap is what happens when
nobody's watching.
SoffIA · Movistar · 3yr · Lima, PE · Open to remote
I ship autonomous agents at $0.001/booking and replaced enterprise CRMs at Movistar — production systems that capture value 24/7.
CASE STUDY 01 — SoffIA Core
Architecture of an autonomous agent
< 8s
Response time
100%
Leads captured
< 8%
No-show rate
01 — The Problem
Dental and aesthetic clinics operate on a brutal conversion window: a lead unanswered for >8 minutes has a ~80% chance of booking with a competitor.
- —After-hours leads: 100% loss rate. Messages received from 8 PM to 9 AM went cold by morning.
- —Peak-hour bottleneck: 47-minute average WhatsApp response time during busy hours.
- —No-show rate: ~25%. Each no-show cost S/200–400 in blocked chair time.
- —Manual errors: Double-bookings and missing reminders were standard.
02 — The Architecture
The ingress pipeline: inbound WhatsApp messages hit Redis for rapid-fire coalescing, acquire a debounce lock within a 3-second window, then enqueue a deferred QStash job — all before the LLM is ever invoked. Duplicate message IDs are dropped at the idempotency gate.
03 — Architectural Patterns
01
Reactive FSM (In-Flight Refresh)
Using Vercel AI SDK's prepareStep to inject tools dynamically mid-reasoning, eliminating deadlocks and hallucinated confirmations.
02
Stateless JIT Reminders (QStash)
No cron, no persistent state. A JIT Guard checks appointment validity before each T-24h/T-2h send, killing race conditions cold.
03
Progressive Tool Gating
The LLM only receives tools relevant to its current gate (Identity vs Booking), guided by strict Zod telemetry. Anti-hallucination by architecture.
04
Non-Negotiable Guardrails
Zero-token Noise Guard for IVRs. Strict regex interventions for Code Red, minors, and trolls — triggering instant human handoff.
Read: Deterministic AI →04 — Deep Dive
ARCHITECTURAL PRINCIPLE
SoffIA is DB-Fat, LLM-Light: state management and business logic live in PostgreSQL via a deterministic flow protected by mutex locks. The LLM operates purely as a semantic router — stateless, enjaulado, and cost-controlled by the Loop Shield.
PRODUCTION CONSTRAINT
The production agent handles multi-patient bookings concurrently. Atomic room locking via PostgreSQL FOR UPDATE SKIP LOCKED, payment voucher OCR validation, and Google Calendar bidirectional sync — all within a single Vercel serverless function (60s budget). Zero cold-start failures.
Loop Shield — forced tool termination
// LOOP SHIELD: From Step 4 onward, if tools appear in two consecutive
// steps, it's a cognitive loop. Tracks tool presence, not identity.
// Threshold is 4 because steps 1-3 are permitted critical transitions.
if (stepNumber >= 4) {
const prevStepHadTools = (steps[stepNumber - 1]?.toolCalls?.length ?? 0) > 0;
const prevPrevStepHadTools = (steps[stepNumber - 2]?.toolCalls?.length ?? 0) > 0;
if (prevStepHadTools && prevPrevStepHadTools) {
return { toolChoice: 'none' };
}
}Gate Refresh — mid-reasoning state injection
// If gate advanced to GATE_SCHEDULE or GATE_IDENTITY and transaction
// tools are not yet registered, inject them.
if (
(freshGate === 'GATE_SCHEDULE' || freshGate === 'GATE_IDENTITY') &&
!allowedTools['reservar_cita_sota']
) {
allowedTools['revisar_disponibilidad_sota'] = buildRevisarDisponibilidadTool(
identityContext.org_id,
identityContext.contact_id,
identityContext.min_hours_notice
);
allowedTools['reservar_cita_sota'] = buildReservarCitaTool(
identityContext.org_id,
identityContext.contact_id,
freshInterestId,
freshName,
freshDni,
dbMeta.resolvedDeposit || '0',
identityContext.bank_details_text,
identityContext.min_hours_notice,
activeOptionsArr
);
}05 — The Result
COST METRICS
Avg cost per booking: ~$0.001
LLM calls per booking: 3–5 (gate-gated, not open-ended)
Model: DeepSeek-V4 · ~2,400 tokens avg per booking
| Metric | Before | After |
|---|---|---|
| Response time | 47 min / ∞ (after hours) | < 8 seconds, 24/7 |
| After-hours leads | 0% (100% loss) | 100% captured |
| No-show rate | ~25% | < 8% |
| Booking deadlocks | Chronic (race conditions) | Zero (Reactive FSM) |
CASE STUDY 02 — METEOR
CRM that replaced InConcert at Movistar
53%
Process time ↓
$0
License cost
< 2 mo
Payback period
100%
ROI achieved
01 — The Problem
Lead management and reporting depended on a third-party system (InConcert) that cost $1,000 USD/month in licenses. Each lead process took 169 minutes, and generating reports required 30 minutes of manual work daily.
Every custom report required a developer to write ad-hoc SQL queries — a bottleneck that delayed operational decisions by days. Agents had no self-service access to their own data.
02 — Approach
01
Full-Stack Rewrite
Replaced the monolithic InConcert UI with a Vue.js + Tailwind frontend and C# .NET backend, cutting process time by 53%.
02
SQL Server Migration
All lead data migrated into a normalized SQL Server schema, eliminating the $1K/mo licensing cost entirely.
03
Real-Time Reporting
Built on-demand reports (Excel, PDF, CSV) with configurable validation rules. Eliminated 30 min/day of manual reporting and the developer bottleneck for custom requests.
03 — Impact
53%
Process time reduction
169 min
Before
79 min
After
15 → 13
Steps
2 process steps eliminated
3 → 1
Tools
Consolidated into single CRM
$1K → $0
Licensing
License cost eliminated
Stack: Vue.js · Tailwind CSS · C# .NET · SQL Server
04 — Deep Dive
JWT Authentication — stateless session management
Built a stateless auth flow with JWT and refresh tokens between the Vue.js SPA and the C# .NET API. Access tokens carried the user session in a signed claim, issued with short expiry and rotated transparently via refresh tokens stored in HttpOnly cookies. The token lifecycle was enforced middleware-side on every protected route, eliminating server-side session storage entirely.
public class JwtRefreshMiddleware
{
private readonly RequestDelegate _next;
public JwtRefreshMiddleware(RequestDelegate next) => _next = next;
public async Task InvokeAsync(HttpContext context)
{
var accessToken = context.Request.Headers["Authorization"]
.FirstOrDefault()?.Replace("Bearer ", "");
if (accessToken is null)
{
await _next(context);
return;
}
try
{
var principal = ValidateToken(accessToken);
context.User = principal;
}
catch (SecurityTokenExpiredException)
{
var refreshToken = context.Request.Cookies["refresh_token"];
if (refreshToken is null)
{
context.Response.StatusCode = 401;
return;
}
var newAccessToken = await RotateRefreshToken(refreshToken);
context.Response.Cookies.Append("refresh_token",
newAccessToken.RefreshToken,
new CookieOptions
{
HttpOnly = true,
Secure = true,
SameSite = SameSiteMode.Strict
});
context.Request.Headers["Authorization"] =
$"Bearer {newAccessToken.AccessToken}";
context.User = ValidateToken(newAccessToken.AccessToken);
}
await _next(context);
}
}SQL Server Stored Procedures — parameterized report generation
All report queries lived in stored procedures with strict parameterized inputs, preventing injection and ensuring consistent execution plans. The frontend called a single .NET endpoint that executed the procedure, serialized the result into Excel/PDF/CSV on demand, and streamed it back — replacing 30 minutes of daily manual work per agent with a 5-second download.
CREATE PROCEDURE usp_GenerateLeadReport
@StartDate DATE,
@EndDate DATE
AS
BEGIN
SELECT
ClientName,
Status,
DATEDIFF(MINUTE, CreatedAt, ClosedAt)
AS ProcessingTime
FROM Leads
WHERE CreatedAt BETWEEN @StartDate AND @EndDate
ORDER BY CreatedAt DESC
ENDBackground
Jan 2026 → Present
Core OS — AI Engineer
SoffIA Agent · Freelance contractor · Clínica dental real · 5 mo — Direct owner, full autonomy. Transitioned from enterprise frontend to AI infrastructure by building SoffIA end-to-end: first LLM system, designed and deployed without prior AI team.
- —Architected fully autonomous conversational agent with LLMs in transactional pipeline — 24/7 booking via WhatsApp. Response time: 47 min → < 8s. No-show rate: 25% → < 8%.
- —Reactive FSM with in-flight tool injection, stateless JIT reminders via QStash, OCR validation, Google Calendar sync — all within a single Vercel serverless function. Zero cold-start failures.
- —Built real-time CRM dashboard: Revenue Board, lead pipeline visualization, push notifications. Lighthouse 99/100.
- —Stack: Next.js (Base-8 Layout), TypeScript (Discriminated Unions), DeepSeek-V4, PostgreSQL, Supabase, Docker.
Dec 2024 → Dec 2025
VML (WPP) — Frontend Engineer
Movistar (Telefónica) Account · 1 yr — Sole frontend, reported to CTO
- —Designed and built METEOR, a CRM that replaced InConcert at Movistar Perú. Vue.js + Tailwind CSS frontend, C# .NET + SQL Server backend.
- —Reduced operational process time from 169 min to 79 min (53% ↓). Eliminated $1,000 USD/month in third-party licensing costs. ROI recovered in < 2 months.
- —Built REST APIs for intelligent lead querying, e-commerce integrations (idempotent webhooks), and real-time reporting dashboards. Landed national-scale campaign pages and email templates.
May 2024 → Nov 2024
ITAW Group — Fullstack Developer
Logistics ERP · 7 mo — Fullstack ownership of ERP modules
- —Developed REST APIs and business logic for an internal logistics ERP using C# .NET, SQL Server, and MySQL.
- —Optimized complex SQL queries cutting critical report processing time by 30%. Automated business processes with Python scripts.
Dec 2023 → May 2024
Digital Buho SAC — Web Developer Intern
First role at 18 · 6 mo — Foundation in production web
- —Built corporate websites with WordPress and Vue.js. Technical incident management and responsive layout implementation.
Aug 2023 → Dec 2023
WebemprendePE — Web Developer Intern
First approach to production web · 5 mo
- —Developed and maintained corporate websites with WordPress. Plugin customization and theme integration.
Engineering philosophy
Deterministic AI
LLMs are non-deterministic by nature. I wrap every model output with Zod schemas and state machines. If it doesn't validate, it doesn't reach production.
[Read: Deterministic AI →]Network Asymmetry
External APIs fail. Every fetch in my systems carries exponential backoff, circuit breakers, and graceful degradation. The user never sees a broken spinner.
[Read: Network Asymmetry →]Server-Centric State
Critical state lives on the server. HttpOnly cookies, server-side sessions, zero client-side token storage. The browser is a rendering surface, not a vault.
[Read: Server-Centric State →]Trust signals
Antes perdíamos leads los fines de semana. Ahora SoffIA los convierte mientras dormimos. Mi equipo llegó el lunes con 4 citas nuevas ya pagadas.
— Dra. Jomara Herrera, Cirujana Dentista · Clínica Castro y Herrera
TOOLING
GitHub Activity
ABOUT
21 years old, 3 years of professional experience.
Building production systems since 18.
Remote-first · Lima, PE
SENATI — Computer Science · 2025 · Top cohort
Español nativo · English (Technical)
Initiate connection
Evaluating full-stack and AI engineering roles at product companies where systems reach real users.
If you ship production systems people actually use, let's talk.
Prefer email? devale.alvarado@gmail.com· Response < 4h