Technology stack¶

The stack is locked — changes require an architecture review. The table below follows the architecture spec §3.

FrontendBackendDataInfra

Concern	Choice
UI framework	React 19 + TypeScript
Build tool	Vite
App shape	Single SPA with role-gated routes
BIM viewer	xeokit-sdk (open source), XKT tile pipeline
State	TanStack Query + Zustand
e2e	Playwright

Concern	Choice
Language / runtime	Python 3.12
HTTP framework	FastAPI
DB access	SQLAlchemy 2 + asyncpg, Alembic migrations
Validation	Pydantic v2
Workflow engine	Temporal (self-hosted on GKE), Temporal Python SDK
Document AI	Google Document AI (PDF OCR / layout), `ezdxf` (DWG), IfcOpenShell (IFC)
LLM	Vertex AI (Gemini) + Vertex AI Vector Search for RAG
Testing	pytest + pytest-asyncio, real dependencies via docker-compose

Concern	Choice
Transactional DB	AlloyDB for PostgreSQL — one instance per service, private IP, pgAudit + RLS
Object storage	Google Cloud Storage (CMEK-encrypted)
Event bus	Google Pub/Sub
Cache / sessions	Memorystore (Redis)
Search / RAG	Vertex AI Vector Search
Audit / BI	BigQuery (Pub/Sub → BQ sink)
Delayed jobs	Cloud Tasks (anything not a Temporal timer)

Concern	Choice
Cloud	Google Cloud Platform, Malaysia region (Singapore fallback until MY regions reach parity)
Compute	GKE Autopilot; separate node pool for AI / BIM workers
Identity	GCP Identity Platform (OIDC / SAML federation)
Signing	Cloud KMS / HSM, PAdES via `pyHanko`
IaC	Terraform + Helm + ArgoCD / Cloud Deploy
Observability	OpenTelemetry → Cloud Trace, Cloud Logging, Cloud Monitoring
Edge	Cloud Load Balancer + Cloud Armor (WAF) + IAP
Service mesh	Anthos Service Mesh (or Istio) for mTLS between services

Key properties that follow from the stack¶

Managed wherever possible. Pub/Sub, AlloyDB, Vertex AI, Cloud KMS, GKE Autopilot, and Identity Platform are all managed — the team owns Temporal and the service code, not the data plane.
Real dependencies in tests. docker-compose brings up Postgres, Redis, Pub/Sub emulator, Temporal, fake GCS, and an OpenTelemetry collector. No mocks for integration tests.
Direct-to-GCS file upload. Large files (especially IFC) never traverse FastAPI — see BIM pipeline and Data.
One region, one fallback. Malaysia-primary with Singapore fallback keeps data residency predictable for compliance.