Tech Stack.

People. Projects. Budgets. Time — Connected.

Built for interactive graph editing, deterministic computation, and a clean path from private beta to paid pilots.

Client

Next.js + React for routing, server capabilities, and deployment maturity.

React Flow for graph editing primitives and custom node UIs.

TypeScript for typed domain objects, calculations, and migrations.

HUD UI rendered as fixed panels to remain stable at any zoom level.

Server and data

The Bureau uses Supabase as the core backend: Postgres for persistence, Auth for identity, Storage for files, and Row Level Security to keep each workspace private by default. The graph is stored as a versioned schema (nodes, edges, registries, saved graphs) so every map remains deterministic, migratable, and audit-ready as the product hardens.

Authentication and onboarding

Identity is handled through Supabase Auth (email + password or magic link), with email verification enforced for production accounts. The public “Request access” flow remains separate from product access, allowing controlled rollout and staged onboarding. As we move into pilots, we can introduce roles and workspace membership (owner / admin / contributor) using Supabase policies without rewriting the app.

Security baseline

Supabase Row Level Security for per-user / per-workspace data isolation. Server-side validation for graph writes (prevent malformed or hostile payloads). Minimal audit fields on all core entities (createdBy, updatedBy, timestamps). Rate limiting and abuse protection on public endpoints.

Third-party product shell

Email deliverability

Resend (preferred for clean DX + reliable transactional delivery). Used for: verification emails, access approvals, product notifications.

Runtime monitoring + error tracking

Sentry for exception tracking, performance traces, and release health. Used for: catching issues before users report them, diagnosing graph edge cases.

Product analytics

Posthog for analytics. Used for: activation funnels (first map created), retention, feature adoption, staged rollouts.

Payments

Stripe for subscriptions, seat-based pricing, invoicing, and tax-ready receipts. Used for: leadership seats, contributor tier, annual upgrades.

File/asset storage

Supabase Storage for user-provided attachments and exports; optional Cloudflare R2 later if storage economics demand it. Used for: exports, snapshots, attachments, branded PDFs.

Deployment

Vercel for web deployment, preview environments, and fast iteration. Used for: shipping weekly, clean staging, predictable rollback.

Computation model

Deterministic rollups computed from graph state with stable rules.

Incremental recalculation to avoid blocking interaction (memoized selectors).

Performance targets

Smooth interaction at real studio scale (target: ~200 nodes).

UI never waits on totals: compute stays off the critical interaction path.

HUD panels remain stable regardless of zoom and canvas density.

Under-the-hood tasks: normalize inputs, detect inconsistencies, summarize diffs, propose structure, render custom derived views.

Any graph changes suggested by AI require explicit confirmation.

Technical hardening

Workspace model: team membership + roles enforced through Supabase RLS policies.

Scenario snapshots: named graph versions, diffing, restore points.

Derived views layer: Resource Load, Work Session Time Allocation, Best Team Suggestions reading from the same truth model.

Multi-user collaboration: roles/permissions, merge-safe updates.

Billing: Stripe subscriptions + seat management once pilots confirm packaging.

Observability: Sentry + structured event logs for audit-grade traceability.

Optional integrations: Python (resource/status/calendar/time/accounting muti-format exports) as downloads and feeds, which are never required for the core map or system function.