Architecture Overview
Wrkbelt is a multi-tenant platform that helps service businesses convert leads into bookings. This section is the architectural reference: how the shipped system is built, where it's heading, and the decisions behind both.
What Wrkbelt is
- An NX integrated monorepo
- A NestJS API horizontally scaled across multiple ECS tasks
- A Next.js 15 application (App Router) deployed on AWS via SST + OpenNext
- An embeddable React scheduler widget injected into customer marketing sites
- A multi-tenant data plane (MongoDB + Redis) backing all of it
The platform is currently at v0.6.0 — the walking-skeleton and multi-instance work has shipped, and the architecture has stabilized around the patterns documented here.
Who Wrkbelt serves
Wrkbelt's tenant model is a four-level hierarchy. Every authenticated request resolves to a tenant in this hierarchy, and every authorization check runs against both the actor's identity and the targeted tenant.
- Platform — Wrkbelt's own org. Houses superadmin users; allowed to act on anything via identity-based authority.
- Portfolio — a holding company or aggregator that owns multiple Brands. Inherits permissions downward.
- Partner — a franchise or agency org that operates on behalf of Brands.
- Brand — a single service business. The unit of customer-facing booking flows, ServiceTitan connection, and product enablement.
A Brand can have a Portfolio parent, a Partner parent, or both; Platform sits above all of them. The hierarchy is materialized as an ancestry_path on each organization document.
How to read this section
The architecture section is split into three parts. Pick based on what you're trying to do:
| If you want to… | Start here |
|---|---|
| Understand how the platform works today | Current State |
| See where the architecture is going | Future State |
| Understand why the shipped system is shaped this way | Decisions |
Current State — what's shipped
These pages describe the v0.6.0 architecture. Every claim cites a code anchor — you can jump from the doc straight to the code that backs it. The seven major subsystems, in reading order:
- Multi-tenant hierarchy — org types, ancestry, dual-check authorization, the
@TargetOrgIddecorator, impersonation, session org context, ancestry cache - Catalog and enablement —
ProductDefinitionandIntegrationDefinitioncatalog;OrgProduct,IntegrationInstance,VendorCredentialentities; the strategy pattern - Multi-instance runtime — production topology, the four ioredis clients, semantic Redis services, Socket.IO fanout, cron + SQS
- Cluster coordination pattern — the decision guide for picking the right coordination primitive
- Booking session pipeline — unified gateway → SQS dedup pipeline,
deriveEventId, processor idempotency - Data model and migrations — entity layout under
types-data, base entity + discriminators,MigrationBootCoordinator, idempotency log - Audit and observability — two-tier audit writes, CloudWatch alarms, structured-log keys, Sentry integration
Future State — where it's going
These pages describe target architecture that is not yet shipped. Each page opens with a status banner and names its tracking ticket plus OpenSpec proposal.
Decisions — why it's this way
OpenSpec specs at openspec/specs/ are the durable contract record. The decisions section captures the rationale for architectural choices — both for shipped patterns and for decisions deliberately deferred with a known revisit trigger.
What the platform handles
Five subsystems, owned by the architecture section in this order:
- Tenancy + authorization — org hierarchy, dual-check authorization, session context, impersonation.
- Catalog + enablement — defining which Products are available, mapping them to required Integrations per industry, and tracking per-org activation state.
- Booking flow runtime — the embeddable scheduler widget and its server-side state machine. The booking session pipeline handles real-time events; the booking flow builder is the operator-facing canvas.
- Multi-instance runtime — horizontal scaling primitives (Redis, SQS, Socket.IO adapter) so the API can run as an autoscaled cluster without coordination bugs.
- Audit + observability — SOC 2-grade audit trail (two-tier write strategy), structured-log keys feeding CloudWatch alarms, Sentry distributed tracing.
For everything else — UI component patterns, scheduler product behavior, QA strategy — see the UI, Products, and Quality sections.
Working with this section
If you're touching architecture-level code, the workflow is:
- Read the current-state page for the subsystem you're working in.
- Check
openspec/specs/for the contract record (linked from each current-state page). - If your change crosses subsystems, read the Cluster coordination pattern — picking the wrong coordination primitive is the most common silent bug.
- If you're proposing a change to a deferred decision, check Decisions → Deferred for the existing revisit trigger before opening a new RFC.
The architecture section deliberately does not duplicate OpenSpec or the API reference. It links into them.