LeadOrch
Live B2B lead gen SaaS that takes a company name and a use case and gives you 4 verified, scored, personalised outreach drafts. A 15 stage AI pipeline runs on Cloudflare Workflows and talks to 11 external APIs per run. Live at leadorch.io.
Highlights
- 15 stage AI pipeline on Cloudflare Workflows that orchestrates 11 third party services per run
- Live SaaS with Stripe live mode at 29 eur per month, billed through a Dutch sole proprietorship (Yigit AI, KVK 94668388)
- 5 level dedup (LinkedIn URL norm, email, name plus company, source id, fuzzy plus corroboration) with company suffix and country subdomain normalisation
- Email OTP signup verification via Resend on the verified leadorch.io domain in the EU region
- Per user Gmail OAuth with auto refresh, AES 256 GCM token encryption at rest and PKCE flow
- Websocket first message auth with serializeAttachment so the session survives Cloudflare DO hibernation, plus a REST fallback for past runs
- Admin dashboard at /admin with per source API credit usage, user disable/enable and tier aware rate limits
- Migrated end to end from Python and FastAPI (v2.x) to TypeScript on Cloudflare Workers (v3.0) in March 2026
Deep dive
LeadOrch (codename CTACT) is a full stack SaaS I build with Baran as the product owner. The backend is a Hono API on Cloudflare Workers and fronts a 15 stage Cloudflare Workflow that orchestrates 11 third party services per run, including Apollo, RocketReach, Hunter.io, SerpAPI, Brave, Apify, Perplexity, NinjaPear/Proxycurl, OpenAI, Stripe and Resend, plus a per user Gmail OAuth flow. Live progress streams to the React and Vite and Tailwind frontend over a Cloudflare Durable Object websocket, with first message auth, a 5 second auth timeout via DO alarm and serializeAttachment so the per socket state survives DO hibernation. Persistence is Neon Postgres through Drizzle, with composite indexes on runs(status) and runs(user, started_at). Gmail tokens are encrypted at rest with AES 256 GCM via Web Crypto. The product is launch ready. Stripe is live through a Dutch sole proprietorship (KVK 94668388) on a 29 eur per month Pro plan, free tier daily run limits are enforced server side, and the webhook handler verifies HMAC off the raw request body. Email OTP signup runs through Resend on the verified leadorch.io domain (EU region). There is an admin dashboard at /admin gated by role middleware that exposes per source API credit usage, user disable/enable and recent runs. I migrated the whole stack end to end from Python and FastAPI (v2.x) to TypeScript on Cloudflare Workers (v3.0) in March 2026 so it could hibernate cleanly and run closer to the user. Every architecture constraint I hit during validation (Workers isolate teardown, immutable DO tags after acceptWebSocket, Stripe raw body verification) is now written down in HANDOFF.md so the next engineer does not learn it the hard way.