A small npm-workspaces monorepo. The web app is Next.js 16 (App Router, React 19, Tailwind 4) — public marketing plus role-gated client and therapist surfaces. The api is NestJS 11 with Prisma 6, Helmet, Throttler, Passport JWT and class-validator. The worker is plain tsx-run TypeScript: a tick loop that runs four idempotent jobs per cycle. A single shared package, @trs/shared, ships zod contracts, enums and constants in both .ts and .cjs to be consumable across all three apps. Six services in docker compose; only the edge proxy is publicly reachable, everything else lives behind it on a private internal network.
- apps/web — Next.js 16 marketing + role-gated client / therapist app, JWT session cookie issued by Next route handlers.
- apps/api — NestJS 11 + Prisma 6, AES-256-GCM EncryptionService, Stripe webhook with raw-body verification.
- apps/worker — tsx ESM tick loop: reminder-scan, renewal-scan, no-show-sweep, notification-dispatch.
- packages/shared — zod schemas + enums + constants, ships .ts and .cjs.
- Private EU-region VPS · automated-TLS edge proxy · signed-image CI/CD pipeline.
- Deep dive · 02
Credit ledger booking model
Every booking action emits a typed ledger entry with a deterministic key. Reschedule preserves the hold; cancel inside the window writes a release; complete writes release + use.
- Deep dive · 03
Encryption at rest
AES-256-GCM via a single EncryptionService, shared across messages, therapist notes, and Daily-room join payloads. Round-trip + tamper-detection unit tests.
- Deep dive · 04
Stripe webhook + payment ledger
Adapter pattern with a Mock twin for local. Signature-verified raw-body Nest route. Payment.eventId unique. Renewal pipeline gates credits on exact-period payment evidence.
- Deep dive · 05
Tick-loop worker
One tsx loop runs four jobs per tick — reminder scan, renewal scan, no-show sweep, notification dispatch. NotificationEvent rows carry unique dedupeKeys for safe retries.
- Deep dive · 06
Hardened, reproducible deploy
CI typechecks + tests every push and builds signed images for the three apps. One shell script on the host pulls + migrates + restarts. Edge proxy isolates everything behind automated TLS.
Got something
this size?
Big ambitions, we match the energy. Drop a brief — reply within one working day.