Technology

Engineered for scale & sovereignty

A modern GraphQL backbone, an isolated multi-tenant data model, and an AI engine tuned for Cambodian commerce.

Technology

Engineered for scale & sovereignty

A modern GraphQL backbone, an isolated multi-tenant data model, and an AI engine tuned for Cambodian commerce.

Apollo GraphQL Backend

Node.js + Express + Apollo Server + MongoDB. Multi-tenant collections scoped by tenantId & shopId.

TenantSubscriptionSubProductShiftSessionWarehouseTransferCmsPost

Edge-Ready

RLS-style scope

Realtime

graphql · playground

query GetDashboardOverview($shopId: ID!) {
  dashboardOverview(shopId: $shopId) {
    totalSales      { value percentageChange trend }
    profit          { value percentageChange trend }
    totalExpenses   { value }
  }
}

Request lifecycle

From the cashier tap to a real-time update on the owner's phone — four stages, fully observable.

1 · Edge ingress

Cloudflare terminates TLS, fingerprints abuse, and routes to the nearest API node.

2 · Auth & scoping

JWT verified. tenantId + shopId attached to the request context for every resolver.

3 · GraphQL resolution

Apollo executes the query against MongoDB with scoped filters and DataLoader batching.

4 · Subscriptions

Mutations fan out over WebSocket subscriptions to every connected device in the tenant.

MongoDB collections

A document model that mirrors how merchants actually think — tenants, shops, shifts, transfers, posts.

collection

Tenant

Root scope for a customer organization. Owns billing, branding, and shop list.

collection

Subscription

Plan, seat count, billing cycle, dunning state. Drives feature flags.

collection

SubProduct

Variant SKUs, modifiers, recipes, and per-shop pricing overrides.

collection

ShiftSession

Per-cashier session: opening cash, sales, voids, refunds, closing variance.

collection

WarehouseTransfer

Stock movement between branches with approve / receive / discrepancy events.

collection

CmsPost

Scheduled social posts, attachments, channel targets, and engagement metrics.

Security & data sovereignty

Tenant data isolation

Every collection carries a tenantId. Resolvers reject queries missing scope; an audit job verifies isolation daily.

RBAC per shop

Owner, manager, cashier, and accountant roles with granular permissions and PIN-protected privileged actions.

Encryption

TLS 1.3 in transit, AES-256 at rest on MongoDB Atlas. Secrets rotated per environment.

Audit log

Every privileged mutation is appended to an immutable audit collection with actor, scope, and diff.

Backups & DR

Continuous backup, 30-day point-in-time restore, cross-region replica with documented RTO/RPO.

Data export

Owners can export a full MongoDB dump + CSV of their tenant at any time, no questions asked.

The full stack at a glance

Node.js + Express

Battle-tested HTTP runtime powering Apollo Server with subscriptions and file streaming.

Apollo GraphQL

Strict schema-first contracts. Tenant + shop context injected on every resolver.

MongoDB Atlas

Document collections per tenant scope: Tenant, ShiftSession, WarehouseTransfer, CmsPost.

AI Inference

On-device + cloud hybrid. Demand forecasting, anomaly detection, Khmer NLP.

Isolation Layer

Dynamic tenantId + shopId scope on every query, mutation, and subscription.

Versioned Schema

Zero-downtime schema migrations with shadow collections + dual-write.

End-to-end Auth

JWT + refresh rotation, RBAC roles per shop, audit log for every privileged action.

Edge Delivery

Cloudflare CDN + regional MongoDB replicas keep p95 latency under 120 ms in-country.