- Client
- React, Vite, TypeScript, Tailwind — modern, audited browser surface
- Server
- Fastify on Node.js (TypeScript end-to-end) — schema-validated routes, secure defaults
- Database
- Standard SQL backbone — production-grade, replication-ready, hot-standby capable. Same application code, same schema, deploy on the database posture your IT team already supports.
- Encryption at rest
- AES-256 at rest for the operational database, using vetted, industry-standard primitives. Backups inherit the same encryption posture.
- Encryption in transit
- TLS 1.2+ for every request; HSTS enforced; no plaintext credentials on the wire
- Realtime
- Socket.IO over TLS — authenticated namespaces, token-bound subscriptions
- SMS
- Optional SMS surface for mobile login links and other field workflows. Provider-agnostic and switchable.
- Auth
- Argon2id for operator passwords and field PINs · role-based permissions with granular scopes · independent mobile auth surface
- License crypto
- Ed25519-signed license bundles bound to an install ID, with periodic host-attestation check-in
- Deployment
- Single Linux VM, systemd-supervised. Production and demo can co-host on one machine without shared state.