Technology Stack
This page addresses Blueprint Supplement Gap B1.1 ("No concrete tech stack recommendation") and Gap B1.3 ("Missing cost analysis"). The original specification described capabilities without recommending specific technologies or estimating infrastructure costs. This page provides concrete recommendations with cost projections per deployment stage.
- Executive Summary
- Working Knowledge
- Technical Spec
The ReGenesis technology stack is designed for enterprise deployment with security, scalability, and maintainability as primary concerns. Every technology choice is justified by cost, team capability, regulatory compliance, and long-term viability.
Stack at a Glance
| Layer | Technology | Rationale |
|---|---|---|
| Frontend | Next.js 14+ (React) | SSR for performance, React ecosystem, strong hiring pool |
| Backend API | Node.js (TypeScript) or Python (FastAPI) | Both viable; recommend based on team skills |
| Database | PostgreSQL 16+ with RLS | Enterprise-grade, GDPR-friendly, Row-Level Security |
| Object Storage | AWS S3 | Industry standard, lifecycle policies, encryption |
| Vector Database | pgvector (pilot) then Pinecone (scale) | Start simple, scale when needed |
| Cache | Redis 7 (ElastiCache) | Session management, rate limiting, feature flags |
| Search | PostgreSQL full-text (pilot) then Elasticsearch (scale) | Avoid premature optimization |
| LLM | Anthropic Claude API | Best reasoning, safety features, enterprise DPA |
| Auth | Custom JWT + SAML library, or Auth0/WorkOS | SSO/SAML required for enterprise |
| Infrastructure | AWS (us-east-1), Terraform | SOC 2 aligned, IaC from day one |
| CI/CD | GitHub Actions | Integrated with codebase, good marketplace |
| Monitoring | Datadog + CloudWatch | APM, logging, dashboards, alerting |
| Compliance | Vanta or Drata | Automated SOC 2 evidence collection |
Cost Projections
| Stage | Monthly Infrastructure Cost | Team Size | Timeline |
|---|---|---|---|
| MVP/Demo (Phase 0) | $500 - $1,200 | 2-3 engineers | 2-3 months |
| Pilot (Phase 1) | $2,800 - $5,500 | 4-6 engineers | 4-6 months |
| GA Launch (Phase 2) | $8,000 - $15,000 | 6-10 engineers | 6-9 months |
| Global/Enterprise (Phase 3) | $25,000 - $60,000 | 10-15 engineers | 12+ months |
These estimates cover infrastructure only (AWS, SaaS tools, LLM API costs). They do not include salaries, office, or legal costs.
Key Decision Points
Three decisions need CTO validation before sprint planning:
- Backend language: TypeScript (Node.js) vs. Python (FastAPI). Both are viable. The recommendation depends on the founding engineering team's strongest skill set.
- Auth provider: Custom JWT implementation vs. Auth0 vs. WorkOS. Trade-off between control and speed-to-market.
- Vector database: Start with pgvector (free, integrated) or go directly to Pinecone (managed, scalable). Recommendation: start with pgvector for pilot, migrate to Pinecone at GA if vector query volume justifies it.
How to Think About the Tech Stack
The tech stack is the set of tools and technologies that engineers use to build ReGenesis. Think of it as the raw materials and tools for constructing a building — you need to choose the right foundation, framing, plumbing, and electrical before construction starts.
Why These Choices Matter for Jesse
- Hiring: The stack determines what kind of engineers you need to hire. Next.js + TypeScript is the most popular web stack in 2026 — the largest hiring pool
- Speed: Choosing proven, well-documented tools means faster development and fewer custom solutions
- Cost: Each technology has a cost curve. Starting with cheaper options (pgvector instead of Pinecone) saves money during pilot, and you can upgrade later
- Enterprise acceptance: McKinsey's IT team will review our stack. AWS, PostgreSQL, and TypeScript are "safe" choices that enterprise procurement teams approve readily
The Frontend: Next.js
What it is: A React framework that renders web pages both on the server and in the browser.
Why Next.js:
- Largest React framework, backed by Vercel
- Server-side rendering (SSR) improves initial page load speed
- Built-in routing, API routes, and middleware
- Strong TypeScript support
- Huge ecosystem of libraries and components
- Easy to find developers who know it
What Jesse needs to know: The coach dashboard, coachee portal, and admin panel are all built with Next.js. One codebase, three user experiences.
The Backend: TypeScript (Node.js) or Python (FastAPI)
Both options are strong. Here is the comparison:
| Dimension | TypeScript (Node.js) | Python (FastAPI) |
|---|---|---|
| Team alignment | Same language as frontend (full-stack) | Strongest for ML/AI-heavy backends |
| Performance | Excellent for I/O-heavy workloads (API calls, DB queries) | Excellent for compute-heavy workloads (data processing) |
| LLM integration | Good (Anthropic TS SDK) | Excellent (Anthropic Python SDK, LangChain) |
| Ecosystem | Massive (npm) | Strong for data/AI (pip) |
| Hiring | Larger pool of full-stack developers | Larger pool of AI/ML engineers |
| Type safety | TypeScript provides compile-time safety | Type hints are optional (less strict) |
| ORM | Prisma (excellent DX) | SQLAlchemy / Tortoise (mature, flexible) |
| Recommendation | If team is JS/TS-heavy | If team is Python-heavy or plans heavy ML work |
The recommendation: If the founding CTO is a TypeScript person, go TypeScript. If they are a Python person, go Python. Both work. Do not let this decision delay progress.
The Database: PostgreSQL 16+
What it is: The most trusted open-source relational database. Used by companies from startups to NASA.
Why PostgreSQL:
- Row-Level Security (RLS): The killer feature for multi-tenant isolation. The database itself enforces that Tenant A cannot see Tenant B's data, even if there is a bug in the application code
- JSONB: Flexible JSON storage for Evidence Packs and dynamic content without sacrificing SQL capabilities
- Full-text search: Built-in search eliminates the need for a separate search engine at pilot scale
- pgvector extension: Vector similarity search for AI embeddings, integrated right in the database
- Enterprise trust: Every enterprise IT team approves PostgreSQL
- AWS RDS: Managed service with automated backups, failover, and patching
What Jesse needs to know: PostgreSQL is the "brain" of the data layer. It stores everything from user profiles to AI insights to audit logs, all encrypted and tenant-isolated.
The AI Layer: Anthropic Claude
What it is: The LLM (Large Language Model) that powers Sasha's intelligence.
Why Claude:
- Reasoning quality: Claude consistently outperforms competitors on nuanced reasoning tasks (critical for coaching insights)
- Safety: Claude has the strongest built-in safety features (important for handling sensitive personal data)
- Context window: 200K token context window enables processing full session transcripts without chunking
- Enterprise DPA: Anthropic provides a Data Processing Agreement with contractual no-training guarantees
- No-training flag: Technical enforcement that our data is never used for model training
Cost breakdown per model:
| Model | Use Case | Cost per 1M Input Tokens | Cost per 1M Output Tokens |
|---|---|---|---|
| Claude Sonnet | Session analysis, insight generation | $3.00 | $15.00 |
| Claude Haiku | Companion chat, classification | $0.25 | $1.25 |
| Claude Opus | Deep analysis (special cases) | $15.00 | $75.00 |
Typical session cost: Processing a 60-minute coaching session through Sasha costs $0.50 - $3.00 in LLM fees, depending on transcript length and analysis depth.
Infrastructure: AWS (us-east-1)
What it is: Amazon Web Services, the largest cloud platform.
Why AWS:
- SOC 2 / ISO 27001: AWS has every compliance certification McKinsey will ask about
- us-east-1: US data residency for CCPA compliance (per ADR-006)
- Managed services: RDS (PostgreSQL), ElastiCache (Redis), S3 (storage), CloudFront (CDN) — all managed by AWS
- Terraform: Infrastructure as Code from day one means reproducible, auditable infrastructure
- Cost optimization: Reserved instances and Savings Plans reduce costs 30-60% at scale
What Jesse needs to know: Everything runs on AWS in a US data center. AWS handles the physical security, hardware, and base-level compliance. We handle the application security on top.
Monitoring: Datadog
What it is: A platform for monitoring application performance, errors, and infrastructure health.
Why Datadog:
- APM (Application Performance Monitoring): Track every API request, database query, and LLM call
- Log aggregation: All application logs in one searchable place
- Custom dashboards: Sasha cost tracking, AI quality metrics, tenant usage
- Alerting: PagerDuty integration for on-call engineers
- SOC 2 evidence: Monitoring dashboards serve as SOC 2 compliance evidence
What Jesse needs to know: Datadog is how the engineering team knows if something is broken before users notice. It is also how you track AI costs and quality metrics.
Compliance Automation: Vanta
What it is: A platform that automates SOC 2 and ISO 27001 compliance evidence collection.
Why Vanta:
- Connects to AWS, GitHub, Datadog, and HR systems
- Automatically collects evidence that controls are working
- Generates auditor-ready reports
- Tracks policy completion and employee training
- Alternative: Drata (similar capabilities, different UI)
What Jesse needs to know: Vanta replaces manual spreadsheet tracking for compliance. Instead of asking engineers to screenshot their MFA setup, Vanta verifies it automatically. This saves weeks of audit prep time.
Technology Stack Overview
Set up billing alerts in AWS at 50%, 75%, and 90% of the monthly budget. LLM API costs (Anthropic) are the most volatile line item and should be monitored daily. A single runaway process could consume an entire month's AI budget in hours. The token budget management system (see Sasha AI Engine) is the primary defense.
All technology choices in this document are proposals pending CTO validation. The backend language decision (TypeScript vs. Python) and auth provider decision (custom vs. Auth0 vs. WorkOS) should be made by the founding technical lead based on team composition. Do not let these decisions block progress — either choice works.
Every piece of infrastructure must be defined in Terraform. No manual AWS Console changes in production. This is a SOC 2 requirement (change management controls) and prevents "configuration drift" where production differs from what is documented. The Terraform state is stored in S3 with state locking via DynamoDB.