Payments are abstracted behind a small adapter interface so the Mock implementation can drive integration tests deterministically. The webhook is its own raw-body Nest route — request body parsing is disabled on that path so signature verification works against the original bytes. Every Payment row carries a unique eventId; the same Stripe event can never be applied twice. Renewals are tied to exact-period payment evidence; missing evidence flips the subscription state to PAST_DUE rather than silently extending access.
- Adapter pattern (Stripe + Mock).
- Raw-body route + signature verification.
- Unique Payment.eventId for idempotency.
- Renewal credits gated on period-matched payments.
- Subscription → PAST_DUE on missed renewal payment.
- Deep dive · 01
Three-app monorepo
web · api · worker, plus one shared zod-contracts package. Postgres 16 + Redis 7 underneath. npm workspaces, no Turborepo.
- Deep dive · 02
Credit ledger booking model
Every booking action emits a typed ledger entry with a deterministic key. Reschedule preserves the hold; cancel inside the window writes a release; complete writes release + use.
- Deep dive · 03
Encryption at rest
AES-256-GCM via a single EncryptionService, shared across messages, therapist notes, and Daily-room join payloads. Round-trip + tamper-detection unit tests.
- Deep dive · 05
Tick-loop worker
One tsx loop runs four jobs per tick — reminder scan, renewal scan, no-show sweep, notification dispatch. NotificationEvent rows carry unique dedupeKeys for safe retries.
- Deep dive · 06
Hardened, reproducible deploy
CI typechecks + tests every push and builds signed images for the three apps. One shell script on the host pulls + migrates + restarts. Edge proxy isolates everything behind automated TLS.
Got something
this size?
Big ambitions, we match the energy. Drop a brief — reply within one working day.