L6
Public Website
Marketing, product, resources, and conversion surfaces. Edge-rendered, statically cacheable.
L5
Authentication Gateway
OAuth, MFA, passwordless, session management, device fingerprinting, risk scoring.
L4
API Gateway
Authorization, rate limits, request logging, schema validation, API versioning.
L3
Portal · AI · File Services
Portal services, AI engine (OpenAI + local LLM gateway), file services on S3-compatible object storage.
L2
PostgreSQL Database
Users, roles, projects, documents — multi-region, continuous backup, point-in-time recovery.
L1
Monitoring & Security
SIEM, immutable audit logs, threat detection, OpenTelemetry traces, Grafana + Loki.
Recommended technology stack
Pragmatic defaults the platform team can build on day one — and replace, layer-by-layer, as scale demands.
- Frontend
- Next.js 15 · React · TypeScript
- UI
- TailwindCSS · shadcn/ui
- State
- Zustand
- Auth
- Supabase Auth / Auth0
- Database
- PostgreSQL
- File Storage
- S3-compatible object storage
- Search
- Postgres FTS + pgvector
- AI Layer
- OpenAI + Local LLM gateway
- Background Jobs
- Temporal.io
- API
- REST + GraphQL
- Deployment
- Vercel + Kubernetes
- Observability
- OpenTelemetry
- Logging
- Grafana + Loki
- Analytics
- PostHog
Scalability targets
- Concurrent users
- 10,000+
- API latency
- < 250 ms p95
- Uptime
- 99.9%
- Database availability
- Multi-region
- Backup frequency
- Continuous
- Disaster recovery RTO
- < 1 hour
- Disaster recovery RPO
- < 15 minutes