AI-native software studio · Saen Labs

AI-native software,
yours to own and grow.

Anyone can build a product. The hard part: building it so a small team can own, run, and grow it — securely, for years. That’s our work — AI-native software, hardened from day one, that gets better as AI improves. Proven across two very different products. We’ll build yours the same way.

What we’re building
  • QkFill— live · immigration
  • StaffLink— in build · staffing
Two products, one foundation — more verticals coming.
  • Shipping2 products, more coming
  • QkFilllive · immigration
  • StaffLinkin build · staffing
  • BasedToronto, 2024
What we do

From an idea to full-grown SaaS.

Saen — from द्रष्टा (draṣṭā), the seer.

We design, build, and ship AI-native products end to end. The agents and pipelines do the real work, each one fluent in its vertical. It all runs on one hardened foundation — security and customer isolation built in from day one. Documents or the field, it’s built to be owned and run by a lean team.

01

AI at the core, not bolted on

AI agents and pipelines do the real work — each one fluent in its vertical: immigration for QkFill, labour and payroll for StaffLink. Designed in from the start, not a generic copilot stapled on. As the models improve, so does the product.

02

Hardened from day one

Secure sign-in, walled-off customer data, role-based access, payments, audit trails — security and compliance built in, not retrofitted. Every build starts most of the way home, not from zero.

03

Built for a small team to run

Built for a lean team to run for years without the original engineer — documented, tested, no black box, no lock-in.

Everything is built to be owned and run by a lean team — not locked to its makers.

The difference

Auto-grows with AI.
Owned, not rented.

The point isn’t just shipping software — it’s software that keeps improving as AI does, and that a lean team can take over and keep running. No black box. No lock-in. Two products as different as immigration paperwork and field staffing already run on it.

AI-native builds·Document AI·Real-time operations·Payments & payroll·Compliance·Full product build
Product 01In productionImmigration

AI immigration form-filling. QkFill reads an applicant’s documents once, builds a reusable profile, and auto-fills government visa forms into submission-ready PDFs — a human reviews before anything generates. For immigration firms, and for individuals and families filing on their own. Billed in CAD, shipping today.

QkFill prepares and checks forms — it does not submit them and gives no legal advice. You submit through official IRCC / USCIS channels; complex cases go to licensed RCICs and attorneys.

The problem

Today, an applicant or consultant downloads each government PDF and hand-types the same name, passport number, and financials into a dozen unconnected forms.

  • IRCC's core forms are locked PDFs that won't open on a phone and silently fail in ordinary tools.
  • The same details get re-keyed into ten-plus forms — the DS-160 alone is 50+ pages — and every retype risks a typo.
  • One mismatched name or date across the package can trigger a refusal or a “send more evidence” letter.
  • Every spouse and child starts from a blank page; nothing carries forward to the next filing.
The idea

Capture each person’s data and documents once, then fill every locked form for the whole family from that single source — consistent across the package, and reusable next time.

How it works · the pipeline

द्रष्टा · ज्ञाता · कर्ता — see, know, do.

01

See

Upload passports, certificates, bank statements. AI detects each document's type and country, reads it accurately, and links family members across them.

02

Profile

One reusable profile per applicant. Every value traces to its source document; conflicts are flagged for quick resolution.

03

Map

Known fields fill automatically; only uncertain ones get flagged — so reviewers focus where it matters.

04

Fill

Fills the locked government PDFs most tools can't — plus standard forms. AI fills, a human approves, out comes a submission-ready PDF.

Immigration coverage
Canada (IRCC)
Auto-fill ready

The proven core. Visitor / Super Visa, Study Permit, and Work Permit / LMIA bundles, with full government-PDF auto-fill.

United States (USCIS)
Documents only

Family, work, and visitor categories run as document collection + checklists today. Auto-fill is on the roadmap, not yet wired.

Schengen · UK · Australia
Documents only

Schengen Tourist, UK Standard Visitor, and Australia ETA/eVisitor ship as checklist + document-collection bundles. No auto-fill yet.

Every bundle adds visa intelligence: the right forms, a prioritized document checklist, country-specific guidance overlays (India, China, Philippines, Pakistan, Nigeria, UAE), edge-case handling, per-person family expansion, and SOP generation from profile data.

Who it's for
For firms · B2B

Each firm’s clients are walled off from every other firm’s. Five roles, seat-based teams, client upload portals (agents approve before forms generate), and batch workflows where one profile drives 12+ forms across a family. Admin dashboards for coverage, AI-cost, billing, and audit. Solo / Team / Enterprise tiers.

For individuals & families · B2C

Self-serve sign-up to fill your own Canada / US forms — no consultant. Pay-as-you-go passes, no subscription, plus a family package covering up to four members on one shared profile. Cross-form consistency checks, step-by-step submission guides, and error checks for common preventable refusals.

Platform & trust
  • Live Stripe billing in CAD — subscriptions, case packs, one-off passes, plus a permanent free plan.
  • Data encrypted end to end; documents sit behind private, expiring links.
  • Bank-grade security on every layer, sign-in to storage.
  • A new country or visa type is a config change, not a rebuild.
Document AI·Government PDF fill·Reusable profile·IRCC auto-fill·Per-firm isolation·Stripe (CAD)
How we build

Agentic. Spec-driven. Audited.

A small, senior team operating with platform-grade rigor: every change is spec-first, agent-reviewed, and shipped through ~20 mechanized gates before a human signs off.

QkFill and StaffLink were built with this exact workflow, refined over ~12 months in production. See the harness map ↗

01

Agentic, multi-agent development pipeline

Work is decomposed across specialist AI agents — backend/API, frontend, multi-tenancy/RLS, SQL/migrations, security, and QA — each scoped to its domain and orchestrated against a written spec. Humans set intent and own architecture; agents do the implementation and cross-checking under enforced phase isolation (separate plan, implement, and verify contexts) so a stale assumption can't leak across stages.

02

Spec-driven, story-first SDLC with full traceability

A hard gate blocks any implementation file from being touched until a story spec exists — Goal, Done-When acceptance criteria, and an explicit Files contract — so scope and definition-of-done are fixed before a line of code. Every diff is then walked back against its Done-When with file:line citations, giving requirement-to-commit traceability.

03

~20 mechanized commit-to-CI gates · shift-left DevSecOps

Pre-commit, pre-push, and CI fail-closed on secret scanning, static security-lint rules, dependency audit, TypeScript typecheck, route-auth enforcement, SSOT-drift and live-DB identifier validation, plus migration safety and immutability checks. Bypasses require a logged reason — no silent --no-verify — so quality lands at the commit, not the release.

04

Adversarial multi-agent review before human sign-off

Every change runs a blind, adversarial multi-agent pass: independent AI reviewers — an external code-review bot plus dedicated security and quality agents — probe for missed auth layers, RLS gaps, and idempotency bugs that self-review rationalizes away, with money- and migration-touching diffs getting a dedicated security/billing refute pass on top. A human reviewer is the last gate before merge — agents inform the decision, they don't make it.

05

Defense-in-depth security, multi-tenancy & audited mutations

Tenant isolation is enforced in depth — least-privilege RBAC (no hardcoded role checks; privileged identity granted by DB role only), per-route permission guards, and Postgres RLS as the last line — behind a tenant-isolation suite that must be 100% green to merge. Money and state mutations are idempotent and audited by construction: replay-safe webhooks keyed on event IDs, atomic counter decrements, append-only audit history, and organizations that are suspended, never deleted.

Agentic multi-agent pipeline·Spec-driven story-first SDLC·~20 mechanized gates·Secret scan + security-lint·Shift-left DevSecOps·Blind adversarial AI review·RLS multi-tenancy·Least-privilege RBAC (DB-role)·Idempotent + audited·100% tenant-isolation suite
What’s next

The next vertical is chosen with a partner — not pre-announced.

We take one painful, compliance-heavy workflow at a time and turn it into AI-native software. Two products in completely different shapes already prove the range — one in documents, one in the field — both on the same foundation we’d build the next on. A new domain is mostly new data and domain-trained reasoning on infrastructure that already exists. We don’t keep a shelf of half-built verticals. The next one starts with a real problem and a real partner.

Have a workflow like this?

If filling forms or running operations taxes your team, it could be the next vertical.

Let’s talk ↗
Team

Small, senior, and growing.

A small, senior team operating with platform-grade rigor, growing deliberately. We add the right people and partners for the work, never for headcount, and never lower the bar.

Open to builders & partners

Want ground-floor ownership, or just to compare notes? This is the door.

Let’s talk
Let’s talk

Working on something interesting? Let’s talk.

An investor, a fellow builder, or just curious about what we’re making? Start here.