Vault

logo
dashboard
preference matrix
claude using vault mcp
cursor using vault mcp
adaptive ui
architecture

Inspiration

Earlier this year, I was working on a Telegram bot that searches for food you like around NUS based on your preferences. Then it hit me: apps like Deliveroo and Foodpanda already know my food preferences, so why was I repeating myself here? “Do you like spicy food? Are you vegetarian? Any allergies?” The cold start problem seemed to affect almost every app I’ve used. Users would download something new, get bombarded with setup questions, and half would just close the app.

I knew these preferences already existed somewhere. Users had told Netflix they love sci-fi, told Spotify they’re into indie rock, told their food delivery apps they’re lactose intolerant. The data was trapped in silos, and every new app had to start from zero.

That’s when the idea for Vault hit me. What if preferences could be universal? What if there was a privacy-first system that let any app instantly access what users actually want without the cold start problem?

What it does

Vault is a universal preference management system that eliminates the cold start problem forever while maintaining user privacy (Track 7). Here’s how it works:

For Users:

Store your preferences once in natural language (“I love spicy Thai food”, “I prefer dark themes”)
Your preferences follow you across every app that integrates with Vault
Complete privacy: unencrypted text never leaves your device, only semantic embeddings and encrypted text are stored
Granular control over which apps can access which categories of preferences

For Developers:

Integrate via OAuth 2.0 to access user preferences instantly
Query with natural language and get similarity-scored results
No more lengthy onboarding flows or cold start problems
Built-in anti-gaming mechanisms ensure fair usage

The Magic: Instead of storing preferences as rigid categories, Vault converts everything to 384-dimensional semantic embeddings using Snowflake Arctic. “I love spicy Thai food” and “Thai cuisine with heat” become nearly identical points in semantic space, enabling intelligent preference matching and merging.

How we built it

Backend: FastAPI + PostgreSQL + pgvector

I chose FastAPI for sub-100ms API responses and PostgreSQL with the pgvector extension for native vector similarity search:

# Lightning-fast similarity queries directly in SQL
SELECT text, embedding <=> $1::vector as distance
FROM user_preferences
WHERE user_id = $2
ORDER BY embedding <=> $1::vector
LIMIT 5

Tortoise ORM handles data modeling with clean relationships and automatic migrations.

Frontend: Next.js 15 + tRPC + WebLLM

The frontend uses Next.js 15’s App Router with tRPC for end-to-end type safety. The breakthrough was getting WebLLM working reliably for client-side embedding generation:

const embeddingService = new EmbeddingService({
  model: 'snowflake-arctic-embed-s-q0f32-MLC-b32',
  dimensions: 384,
  enablePrivacyTransforms: true
});

const embedding = await embeddingService.generateEmbedding(
  "I prefer dark color schemes",
  true  // Apply privacy noise
);

Privacy-First Architecture

The radical design decision: never send raw text to the server. All embedding generation happens client-side using WebLLM. Users type preferences in natural language, but the server only ever sees [0.23, -0.15, 0.67, ...]. Even with a compromised database, attackers would only find meaningless number arrays.

I also wanted to implement homomorphic encryption, but due to time constraints, I applied a matrix transformation on the embedding vectors instead. The matrix is generated by the user’s unique combination of username, password, and seed (not available to the backend). Hence, the real meaning of the vectors can only be identified by someone who can generate the matrix.

Anti-Gaming with Game Theory

I implemented dynamic noise injection based on contribution ratios:

$$\text{noise_level} = \frac{\text{base_noise} + \text{queries_made} \times 0.01}{\max(1, \text{contributions_made})}$$

Apps that query without contributing get progressively noisier results. The system self-regulates through economic incentives.

Temporal Decay System

Preferences naturally fade unless reinforced, using exponential decay:

$$\text{current_strength} = \text{original_strength} \times e^{-\frac{\ln(2) \times \text{days_elapsed}}{\text{half_life}}}$$

This keeps recommendations fresh and adapts to changing user preferences over time.

Challenges we ran into

WebLLM Integration

Getting WebLLM running smoothly in browsers was brutal. This technology is so cutting-edge that even modern browsers like Firefox don’t support it yet, it only works on Chromium-based browsers for now.

OAuth 2.0 Integration Complexity

Getting OAuth working properly was way harder than expected: PKCE for security, proper scope management, token refresh handling, graceful error states. I probably spent more time on OAuth edge cases than on the core embedding logic. I also had to consider the OAuth flow for the system tray on Mac and Windows, which added complexity.

Privacy vs. Utility Trade-offs

Adding noise preserves privacy but hurts accuracy. I experimented with different noise distributions and levels, eventually settling on the current function, but this will definitely evolve as I experiment further.

Accomplishments that we’re proud of

Technical Breakthroughs

Client-side embeddings at scale: Successfully deployed WebLLM for production-grade embedding generation entirely in browsers
Semantic intelligence: Built a system that understands “I love spicy Thai food” and “Thai cuisine with heat” are nearly identical preferences
Privacy-preserving similarity search: Achieved meaningful preference matching without ever storing raw user text
Self-regulating economics: Created a game theory system that prevents abuse through dynamic noise injection

Real-World Impact

Demo app magic: Built a website that adapts UI themes, font sizes, and suggestions based on universal preferences
Developer experience: Created OAuth integration so smooth that apps can eliminate onboarding flows entirely
Universal compatibility: Designed architecture that works across web, mobile, and desktop applications
MCP Server: Allowed Cursor to code for me based on my coding preferences, reducing redundant instructions. In fact, I used Cursor + Vault to develop Vault.

Performance Achievements

Sub-100ms API responses for preference queries
Efficient vector similarity search handling hundreds of preferences
Client-side embedding generation with minimal impact on page load times
Intelligent preference merging that prevents database bloat

What we learned

Technical Insights

Embeddings are magical when you understand their geometric properties: cosine similarity in high-dimensional space can capture nuanced preference relationships
Client-side AI is finally viable with WebAssembly and WebLLM, opening new possibilities for privacy-preserving applications
Game theory can solve software problems: economic incentives can prevent system abuse better than rigid rules
Privacy and utility aren’t mutually exclusive if designed cleverly

Product Insights

Universal preferences resonate deeply with anyone who’s built consumer apps
Privacy concerns are real but solvable with technical solutions users can understand and trust
OAuth complexity is worth it for the security and user experience benefits

Personal Growth

This project pushed me into uncharted territory: vector databases, advanced privacy techniques, game theory, WebAssembly optimization. I went from a basic understanding of embeddings to implementing production-grade similarity search. The learning curve was steep but incredibly rewarding.

What’s next for Vault

Phase 2: Advanced Intelligence

ML-based preference prediction: Use historical patterns to predict new preferences before users express them
Collaborative recommendations: Make use of similar user profiles to suggest preferences beyond content-based recommendations
Advanced privacy transformations: Implement homomorphic encryption for stronger privacy guarantees
Custom embedding models: Support for domain-specific models (food, music, shopping, etc.)
Federated learning: Let users contribute to model improvements while preserving privacy

Phase 3: Enterprise & Scale

Multi-region deployment: Global infrastructure with data residency compliance
Enterprise permission management: Advanced admin controls for organizational deployments
Plugin ecosystem: Allow custom embedding models and privacy transforms
Advanced analytics: Deep insights into preference trends while maintaining user privacy

Integration Expansions

Mobile SDKs: Native iOS and Android libraries for seamless app integration
Browser extensions: Universal preference layer for any website
Desktop applications: Deep OS integration for system-wide personalization
IoT devices: Smart home devices that adapt based on universal preferences

The Ultimate Vision

I envision a world where your preferences follow you seamlessly across every application. Your music taste informs travel recommendations. Dietary restrictions automatically configure restaurant apps. Accessibility needs adapt every interface. The cold start problem becomes a relic of the past.