Technology Stack
Validated infrastructure and technology inventory
Last Updated: February 16, 2026
Runtime Environment
| Component |
Technology |
Version |
Notes |
| Runtime |
Node.js |
20 LTS |
ARM64 (aarch64) |
| Language |
TypeScript |
5.x |
Strict mode |
| Process Manager |
PM2 |
Latest |
Process: vitara-admin-api, port 3002 |
| Database |
PostgreSQL |
16 |
Prisma ORM 5.22 |
| Web Server |
NGINX |
Latest |
Host-level, SSL termination on port 443 |
Voice AI Stack
| Component |
Technology |
Purpose |
| Voice Platform |
Vapi.ai |
Squad orchestration, tool calls |
| LLM |
GPT-4o (OpenAI) |
All 9 agents (EN + ZH tracks) |
| EN STT |
Deepgram Nova-2 en |
English speech-to-text |
| ZH STT |
Deepgram Nova-2 zh |
Mandarin speech-to-text |
| Router STT |
AssemblyAI Universal |
Bilingual auto-detect |
| EN TTS |
ElevenLabs multilingual_v2 |
English text-to-speech |
| ZH TTS |
Azure zh-CN-XiaoxiaoNeural |
Mandarin text-to-speech |
| Config Management |
Vapi GitOps |
Config-as-code for assistants, tools, squads |
EMR Integration
| Component |
Technology |
Purpose |
| SOAP Client |
node-soap |
OSCAR CXF SOAP connectivity |
| WS-Security |
ws-security (node-soap) |
UsernameToken authentication |
| Circuit Breaker |
Opossum |
4s timeout, 50% threshold, 30s reset |
| REST Client |
Axios |
Bridge fallback + OAuth 1.0a |
Application Framework
| Component |
Technology |
Purpose |
| HTTP Framework |
Express 4.x |
API server |
| ORM |
Prisma 5.22 |
Database access, migrations |
| Validation |
Zod |
23 schemas (8 .strict() + 15 .strip()) |
| Authentication |
JWT (jsonwebtoken) |
HS256, 1h access / 7d refresh tokens |
| Password Hashing |
bcrypt |
Cost factor 12 |
| Logging |
Pino + pino-http |
Structured JSON logging |
| Security Headers |
Helmet |
CSP, HSTS, X-Frame-Options |
| Rate Limiting |
express-rate-limit |
5/min auth, 100/min API, 300/min webhooks |
| Encryption |
Node.js crypto |
AES-256-GCM for credentials at rest |
| SMS |
Telnyx API (native fetch) |
Booking/reschedule/cancel confirmations, platform-level key |
| Scheduling |
node-cron |
Data retention job (daily 3 AM) |
Admin Dashboard
| Component |
Technology |
Version |
| Framework |
React |
18.2 |
| Language |
TypeScript |
5.x |
| Build Tool |
Vite |
5.x |
| Styling |
Tailwind CSS |
3.4 |
| Routing |
React Router |
6 |
| State |
React Context + hooks |
Auth context, clinic context |
| Icons |
Lucide React |
- |
| UI Components |
shadcn/ui patterns |
- |
Infrastructure
| Component |
Details |
| Cloud |
OCI Toronto (Oracle Cloud Infrastructure) |
| Instance |
VM.Standard.A1.Flex — ARM64, 2 OCPUs, 24 GB RAM |
| OS |
Ubuntu 24.04 LTS (aarch64) |
| SSL |
Let's Encrypt (auto-renewal via certbot) |
| DNS |
Cloudflare |
| Telephony |
Telnyx (voice via Vapi + SMS via platform API) |
| Backups |
pg_dump daily at 2 AM, 14 retained |
Development Environment
| Component |
Details |
| OSCAR EMR |
Docker on AWS Montreal (15.222.50.48) |
| REST Bridge |
Node.js on AWS Montreal, port 3000 |
| Docs Site |
MkDocs Material → host-level NGINX |
| Version Control |
Git (local repository) |
Key Design Decisions
| Decision |
Choice |
Rationale |
| PM2 over Docker |
PM2 |
Simpler ARM64 deployment, no container overhead for single-process server |
| SOAP over REST Bridge |
SOAP direct |
Universal OSCAR connector (ships since OSCAR 12), no middleman |
| GPT-4o for both tracks |
GPT-4o |
Best tool-call reliability; ZH LLM bake-off is post-launch |
| Prisma over raw SQL |
Prisma |
Type-safe ORM, migration management, schema as code |
| Zod over Joi |
Zod |
TypeScript-native, .strict() enforcement, better DX |
| ElevenLabs + Azure TTS |
Split |
ElevenLabs excellent for EN; Azure zh-CN-XiaoxiaoNeural better for Mandarin |
Next: Architecture — how these components connect