Sanitized product illustrationA focused operational overview, designed around records requiring attention.Synthetic demo data — not a production screenshot.
Access4 application roles
WorkflowInspection → agreement → signature
DeliveryDeployed app + public source
01 / Overview
From vehicle records to signed agreements.
Full-stack product design and implementation.
Domain modelling for vehicles, users and operational records
Shared authorization policy for authenticated agreement operations
Server-rendered data views with focused client interaction for forms and tables
02 / System context
Permissions and auditability shape the workflow.
The interface needs to stay simple while the server preserves access rules and an understandable record trail across vehicles, drivers, inspections, agreements, signatures and supporting documents.
Engineering focus
Making role-secured operational records understandable across inspections, signatures, agreements and documents.
03 / Architecture
A server-led operational application.
Next.js Server Components render data-heavy views. Agreement endpoints use a shared server authorization boundary, while the signing route validates transport input and delegates the workflow transition, persistence and invitation email to a service.
01User interface
Server-rendered dashboards, forms and tables
02Authentication
Better Auth sessions and active-user checks
03Authorization
Shared admin and manager policy boundary
04Workflow service
Signing transition, persistence and invitation
05Typed data
Drizzle models and migrations
06PostgreSQL
Supabase-hosted operational records
04 / Key decisions
Three implementation choices behind the product.
01
Centralize agreement authorization
Problem
Repeated session and role queries can drift between endpoints and omit important checks.
Decision
Use one server helper for the session, active-user lookup and allowed-role policy across agreement endpoints.
Trade-off
The shared boundary adds a module dependency, but removes repeated authorization implementations.
Result
Agreement mutations now apply the same admin and manager access policy.
02
Put signing orchestration behind a service
Problem
The finalisation route previously mixed authorization, database reads, state changes, link generation and email delivery.
Decision
Keep request parsing in the route and move agreement lookup, state validation, persistence and invitation delivery into a named service.
Trade-off
Email remains an external side effect after persistence, so a failed send returns a retryable error while retaining the same signing token.
Result
The HTTP entry point is small enough to review while the workflow has one implementation.
03
Model the agreement lifecycle explicitly
Problem
Documents, signatures and compliance records need clear relationships to the operational subject.
Decision
Represent draft, pending-signature, signed and terminated states with permitted transitions.
Trade-off
Explicit workflow records require more domain modelling and migrations, but preserve the relationships needed for auditability.
Result
Invalid reversals and actions on terminated agreements are rejected before persistence.
05 / Operating concerns
Access, state and delivery boundaries.
01 / Access
Enforce roles at the request boundary
A shared server helper checks the session, active user and permitted roles before agreement mutations run.
02 / Integrity
Model supporting evidence as structured records
Agreements, inspections, signatures and documents retain clear relationships to the vehicle and workflow they support.
03 / Delivery
Keep the client boundary deliberately small
Server-rendered views handle data-heavy screens while focused client components provide forms, tables and immediate feedback.
06 / Evidence & outcomes
A sanitized view of the working product.
A deployed application demonstrates the role-secured operational workflow.
The public repository exposes the implementation, schema and focused policy tests.
Agreement signing has explicit state transitions from draft through signature or termination.
Sanitized product illustrationExplicit workflow state keeps supporting records understandable.Synthetic demo data — not a production screenshot.
07 / Reflection
Designing the record and interface together.
The project demonstrates that operational software becomes easier to use when permissions, record structure and interface state are designed together.
Learned
Compliance workflows should expose their state and evidence clearly instead of hiding important relationships inside generic attachments.
Next
Extend automated workflow coverage and operational feedback as the product continues to mature.