Back to selected work
Consultant-led implementation · Vendor-neutral skeleton · Reference build

Customer onboarding, stripped to the framework.

A working three-tier app for any vertical where a consultant guides a customer through a structured intake — the workbook saves itself, the consultant approves it, and approved data pushes to whatever external system goes live. The vendor specifics were stripped; the framework around them was kept.

Onboarding workbook with presence, push job, and audit log

illustrative product mockup · workbook with live presence, push job, and append-only audit

The shape

Every consultant-led implementation looks the same underneath.

A customer fills out structured data. A consultant reviews and approves it. At go-live, the approved data gets pushed to an external system. Around that core: invites with use limits, milestones with phase gates, audit trails that survive deletion, file uploads kept out of the autosave path, per-section optimistic locking so two editors don't clobber each other.

Originally built for a workforce-management vendor — Calabrio NWFM with thirty WFM-specific tabs, twenty-one-column historical-data importers, and a sixty-question discovery questionnaire — this skeleton strips the vendor and keeps the seams. The only contract with an external system is a four-function adapter file. Fork it for any domain that fits the shape.

Framework primitives

The seams every implementation tool needs.

Per-section optimistic locking

Autosave debounces to 1.5 s and posts only dirty sections with a version-by-tab map. Server merges per-section and returns 409 with the colliding section names plus current server values — the UI surfaces a 'reload to merge' banner without blocking the other section.

Push as a background job

External-system writes return 202 with a jobId. The frontend polls at ~1 Hz. Per-engagement/kind dedup prevents replace-semantics collisions; per-owner concurrency caps stop fan-out abuse. Swap the in-memory runner for BullMQ or pg-boss without touching the surface.

Invite tokens, hashed at rest

Tokens stored as SHA-256 — a DB dump doesn't yield redeemable links. Redemption is atomic, with role and engagement scope baked in. Customer redemptions auto-upsert into a separate customer_users table so the user can re-enter without the token.

Audit log that survives deletion

Append-only event log per engagement. The FK is ON DELETE SET NULL — deletion history survives. Every privileged route writes one. Powers per-engagement audit panels and the cross-engagement activity feed, plus time-travel via the before/after JSONB on each row.

The stack

Boring tools, narrow seams.

Frontend
  • React 19 · Vite 7
  • Vitest 4
  • SpreadsheetGrid (editable)
  • useDraftAutosave hook
  • Demo highlights overlay
API
  • Fastify 4 · Node 20+
  • pg pool · optimistic lock
  • Push-job runner (in-memory)
  • Cookie sessions · SSO-shaped
  • Append-only audit log
Infrastructure
  • Postgres 16
  • nginx · same-origin
  • Docker compose · single port
  • External-system adapter
  • Idempotent migrations on boot

Have a vendor with a repetitive intake?

If your business is consultant-led, customer-filled, and ends with a push to an external system — this is the skeleton you fork. The framework's done; the domain is yours.

Start the conversation