Why SQLite
Portability, durability, single-file backups, zero ops overhead at the scale operations teams actually run. WAL mode handles concurrent reads while writes are serialized. The whole database is a file you can copy.
Under the hood
Built on boring, reliable technology.
Operations software should be the most predictable thing in your incident. ctHelixCAD™ uses a deliberately conservative stack so the only surprises happen out in the field.
Stack at a glance
The whole list.
- Client
- React, Vite, TypeScript, Tailwind
- Server
- Fastify, TypeScript
- Database
- SQLite with WAL mode — the entire database is one file
- Realtime
- Socket.IO
- Auth
- Argon2 password hashing · role-based permissions · separate mobile PIN surface
- License crypto
- Ed25519-signed license bundles, bound to an install ID, with periodic host attestation check-in
- Deployment
- Single Linux VM, systemd — no Kubernetes required
Why these choices
Every decision was a tradeoff. Here’s ours.
Why no proprietary database
No vendor lock-in. No licensing surprises. No offline-corruption mysteries. Standard SQL, standard tooling. Your DBA already knows what to do with it.
Why a separate mobile auth surface
A compromised PIN must never grant console access. The two surfaces are deliberately isolated — different token shapes, different lifetimes, different scopes.
Why Linux systemd
Every shop already knows it. Crash recovery, log rotation, and health checks are all handled by the OS. No new operational surface to learn or staff around.
Security primitives
The pieces your security team will ask about first.
We don’t roll our own crypto. We use well-tested primitives, scope them tightly, and isolate the surfaces that should be isolated.
- Argon2 credential hashing for all secrets — operator passwords and field PINs alike.
- Short-lived, sliding tokens for mobile sessions — never long-lived bearer tokens.
- Role-based permission model with audit trail on every mutation.
- Independent auth surfaces for dispatcher console and mobile — no shared identity.
- Ed25519-signed licenses bound to an install ID — a leaked license can’t run on a second host.
- Self-hostable on air-gapped networks — the system runs without outbound calls between license check-ins.
EMS Transport add-on
What the add-on adds — and what it deliberately doesn’t.
Customers ask three questions about EMS Transport every time. Here are the three answers.
CAD-only, not a PCR replacement
EMS Transport is a CAD module. It captures what dispatch and the unit owe the record — phase timestamps, service level, destination, mileage. Your patient care report stays where it is.
Capture-and-export billing
CMS-aligned data per transport: HCPCS codes, PCS expiration tracking per patient or template, service level classification. Exported on demand for your billing partner. We don’t produce 837P claims.
HIPAA-friendly primitives
PHI tables scoped to the transport module, encrypted at rest. A PHI audit log distinct from the general audit log. Role-gated access and short admin session timeouts. Final compliance posture depends on your deployment — talk to us about your framework.
Compliance posture
Compliance-friendly primitives, deployed honestly.
ctHelixCAD™ is built with compliance-friendly primitives — audit logs, hashing, RBAC, self-hosting. Final compliance is a function of how you deploy it. Talk to us about your specific framework (HIPAA, CJIS, etc.) and we’ll be straight with you about what the system gives you and what your environment still needs to provide.
Want the architecture diagram for your security review?
We’ll send a one-pager you can drop into your packet, then schedule a call if your team has follow-ups.