Technology & Architecture

Built on battle-tested open-source foundations with enterprise-grade security and scalability

Modern Full-Stack

Cutting-edge technologies chosen for performance, developer experience, and long-term maintainability

Frontend

Next.js 16

React 19

Tailwind CSS 4

TypeScript 5.9

Backend

App Router (RSC)

Server Actions

API Routes

NextAuth v5

Database

PostgreSQL

Prisma 7

13 Schemas

109 Models

Infrastructure

Google Cloud

Stripe Payments

AI SDK (OpenAI)

Serwist PWA

DevOps

Turborepo

npm Workspaces

ESLint + Prettier

CI/CD

Database Architecture

PostgreSQL with Prisma 7 — 13 domain-organized schemas housing 109 models with fully type-safe queries

Schema

Models

public

programme

document

company

auth

project

annotation

emergency

sales

drawing

safety

defect

manual

Monorepo Architecture

Turborepo + npm Workspaces — 15+ shared packages across all applications

@goodwill/ui

Shared UI components (Button, Card, Table, etc.)

@goodwill/auth

Authentication & session management

@goodwill/i18n

Internationalization (EN/TH/JP)

@goodwill/hooks

Shared React hooks

@goodwill/data-table

Advanced data table with sorting/filtering

@goodwill/pdf

PDF generation & export

@goodwill/map-components

Leaflet & Mapbox map integration

@goodwill/rich-text-editor

WYSIWYG editor

@goodwill/user-management

User CRUD & permission UI

@goodwill/annotation

Image/PDF annotation (Fabric.js)

@goodwill/onboarding

User onboarding flows

@goodwill/api-client

Typed API client

@goodwill/tailwind-config

Shared Tailwind configuration

@goodwill/typescript-config

Shared TypeScript configuration

@goodwill/eslint-config

Shared ESLint rules

OBAC Permission System

OBS-Based Access Control — 5 scopes, 6 action flags, 5-layer resolution with dual hierarchy inheritance

Permission Scopes

Page — Page-level access (e.g., /safety, /settings)

Document Type — DBS code access (e.g., MCL, RFI)

Workflow Action — Approval & workflow step access

Report — Report generation & export access

Admin — Settings page restrictions for admins

Action Flags

can_view — Read access

can_create — Create new items

can_edit — Modify existing

can_delete — Remove items

can_approve — Approve/reject

can_export — Export & download

Resolution Layers

1Admin Bypass — Master or project admin gets full access

2Admin Scope — Restrict admins on settings pages

3OBAC Check — OBS hierarchy × path hierarchy

4ReBAC Check — Document-level relationships

5Bootstrap — No rules configured → allow all

Compliance Standards

Built-in compliance with international construction and security standards

FIDIC — Clauses 1.8, 8.1–8.5, 14 built into programme & document workflows

OSHA — LTIFR, TRIFR, AFR, ASR calculations with automated trend analysis

ISO 45001 — Risk assessment, incident reporting, corrective action tracking

ISO 27001 — Encrypted storage, access control, audit trails, data retention

GCS Regional Storage — Data residency options: Asia, Japan, US, EU

Technology & Architecture

Built on battle-tested open-source foundations with enterprise-grade security and scalability