Tech Stack

Authoritative as of late April 2026. This page supersedes Deepak's 12-card POC tech stack from the launch briefing. The synthesis is Victor's — "we already have most of this working in the Starlight repo, the popular boring stacks are interchangeable, the main thing is going with battle-tested solutions." Nao's alternative recommendations are kept as an appendix.

The stack

What's already in the Starlight repo (keep)

Layer	Choice	Notes
Database	Postgres + Drizzle ORM	14 numbered SQL migrations, multi-tenancy via `practice_id`, RLS enforced via dedicated `app_user` role, soft-delete, pricing tiers
Infra	AWS via SST	Across `dev` / `staging` / `prod`. Single infra tree, no second provider
Frontend framework	Next 16 + React 19	App Router, server components, OpenNext
UI	MUI + Tailwind + Apexcharts + TanStack Table	Materio template baseline; not strictly opinionated against shadcn/etc — just what's already wired
Backend runtime	AWS Lambda (clean architecture)	Domain → application → infrastructure → entrypoints. Behind API Gateway v2
Auth	Cognito + Google + B4M OAuth	UserPool with hosted UI, JWT authorizer on the API Gateway

What we'll add as we need it

When	Choice	Reason
Membership billing	Stripe	Standard pick. Setup Intent flow already in Deepak's onboarding mock
SMS / phone	Twilio	Standard pick
AI scribe + parent summaries	Claude + Whisper	Runs on Lambda, no extra infra. Anthropic SDK + OpenAI Whisper for transcription
Mobile	Expo	Solid reputation, popular, fits parent app. Victor hasn't shipped on Expo personally (last mobile was Capacitor for B4M) but no objections
eRx	DoseSpot	Default for small practices
Telehealth video	LiveKit	When we get there. No objections
Lab/imaging integrations	Health Gorilla	When we get there
Compliance automation	Vanta	When we hit HIPAA pilot

Where this differs from Deepak's POC stack

Deepak's original 12-card stack listed: Postgres+Drizzle · Next 15 · Clerk · Expo · DoseSpot · Stripe · Twilio · LiveKit · Claude+Whisper · Health Gorilla · Vanta · AWS+Vercel.

Two material differences:

1. Auth: Cognito (with Google + B4M OAuth) instead of Clerk

	Cognito	Clerk
Already wired	✓ (current Starlight UserPool, IdP federations, hosted UI)	(would need to replace)
Pricing model	Pay per MAU above free tier (50k free)	Pay per MAU
HIPAA-eligibility	AWS BAA covers it	Clerk's HIPAA add-on is enterprise-tier
Control	Full control over flows + claims (used for the `starlight-admin` group gate)	Managed

We're keeping Cognito.

2. Hosting: AWS-only via SST instead of AWS + Vercel

For a HIPAA-eligible workload, AWS-only feels more production-ready: HIPAA-eligible services across the board, fine-grained IAM, RDS, VPC isolation, single bill, single audit surface. SST gives us the DX we'd otherwise want from Vercel without splitting the infra tree across two providers. We're keeping AWS-only.

Where this differs from Nao's alternative

Nao recommended a different shape: Tanstack Start (frontend) · Hono + tRPC (backend) · SST · Postgres + Drizzle · Expo · pnpm + Turborepo.

Three deltas vs. what we're shipping:

Layer	Nao	Ours	Why ours
Frontend framework	Tanstack Start	Next 16	Already wired, App Router/RSC working, OpenNext deploy is solid
Backend RPC layer	Hono + tRPC	Lambda handlers behind API Gateway JWT	Clean architecture already in place, no need for an extra abstraction
Monorepo	pnpm + Turborepo	pnpm workspaces (no Turbo)	Pipeline is simple enough; we can add Turborepo when build orchestration becomes a real cost

The principle Victor and Nao both endorsed: popular boring stacks are interchangeable at this level — Next vs Tanstack Start, Cognito vs Clerk, Hono vs Lambda, MUI vs shadcn. None of these is the thing that'll make or break the product, especially with AI making code generation as fast and cheap as it is now. The main thing is battle-tested. Everything we're using qualifies.

Decision

Tech stack as per Nao, Victor, Ken — Erik, decision #3.

Tracking back to first principles: keep what's working, add Stripe + Twilio + Claude/Whisper + Expo first, layer in DoseSpot · LiveKit · Health Gorilla · Vanta as the roadmap demands, don't replatform.

Appendix A — Deepak's original POC stack (superseded)

12-card opinionated stack from the launch briefing:

Postgres + Drizzle · Next 15 · Clerk · Expo · DoseSpot · Stripe · Twilio · LiveKit · Claude + Whisper · Health Gorilla · Vanta · AWS + Vercel

Areas of agreement: Postgres + Drizzle, Expo, DoseSpot, Stripe, Twilio, LiveKit, Claude + Whisper, Health Gorilla, Vanta, AWS.

Resolved differently above: Clerk → Cognito; AWS + Vercel → AWS-only via SST; Next 15 → Next 16 (which is what's already in our repo).

Appendix B — Nao's alternative stack (not adopted)

Frontend — Tanstack Start Backend — Hono + tRPC Infra — SST DB — Postgres + Drizzle Mobile — Expo Monorepo — pnpm + Turborepo

Adopted: SST, Postgres + Drizzle, Expo, pnpm. Not adopted: Tanstack Start, Hono + tRPC, Turborepo — all good choices but switching cost not justified by the upside given we already have working equivalents.

The stack​

What's already in the Starlight repo (keep)​

What we'll add as we need it​

Where this differs from Deepak's POC stack​

1. Auth: Cognito (with Google + B4M OAuth) instead of Clerk​

2. Hosting: AWS-only via SST instead of AWS + Vercel​

Where this differs from Nao's alternative​

Decision​

Appendix A — Deepak's original POC stack (superseded)​

Appendix B — Nao's alternative stack (not adopted)​