Architecture¶

How the platform is designed. Read these in order if you're new — each builds on the last.

In this section¶

• System Overview — the 30,000-foot view, request flows, technology choices
• Multi-Tenancy — how we isolate data between customer organisations
• Authentication & Authorization — Cognito, Entra ID, RBAC, JWT tokens
• Offline Sync — PowerSync, local SQLite, conflict resolution
• Data Model — core entities, custom fields, audit trail
• Configurability Engine — field schema builder, module config
• Decision Records (ADRs) — why we made the architectural choices we did

Architecture principles¶

These principles guide every architectural decision:

1. Simplicity over cleverness — we have a small team. Boring, well-understood patterns are better than clever ones.
2. Compliance built in, not bolted on — audit logging, encryption, isolation are designed in from day one.
3. Managed services over self-hosted — we pay AWS and PowerSync to handle hard problems instead of building them.
4. Multi-tenancy is sacred — any code that touches data must respect tenant boundaries. No exceptions.
5. Configurability without complexity — tenants can extend the schema, but the core data model stays stable.