Technical Stack

Overview

Karpous is built on a modern, scalable technology stack designed for security, performance, and developer experience.

---

Backend Stack

Core Framework

Technology	Version	Purpose
Encore.dev	1.48+	Backend framework
TypeScript	5.2+	Programming language
Node.js	18+	Runtime environment

Database & Storage

Technology	Version	Purpose
PostgreSQL	15+	Primary database
Supabase	-	Managed PostgreSQL hosting
Drizzle ORM	0.44+	Database ORM
Redis	7+	Caching layer

Authentication

Technology	Version	Purpose
jsonwebtoken	9.x	JWT token handling
bcryptjs	3.x	Password hashing
firebase-admin	12.x	Google OAuth
tweetnacl	1.x	Solana signature verification

Communication

Technology	Version	Purpose
nodemailer	7.x	Email delivery
axios	1.x	HTTP client
ioredis	5.x	Redis client

Validation & Utils

Technology	Version	Purpose
zod	4.x	Schema validation
i18next	25.x	Internationalization
nanoid	5.x	Unique ID generation
uuid	11.x	UUID generation

---

Blockchain Stack

Smart Contracts

Technology	Version	Purpose
Solidity	0.8.26	Contract language
Foundry	Latest	Development framework
Forge	Latest	Testing & deployment

Contract Libraries

Library	Version	Purpose
Solmate	6.x	Gas-optimized primitives
OpenZeppelin	5.x	Security standards

Blockchain Integration

Technology	Version	Purpose
ethers.js	6.x	Ethereum library
@solana/web3.js	1.87+	Solana library
viem	Latest	TypeScript Ethereum client

Networks

Network	Chain ID	Purpose
Base Mainnet	8453	Production
Base Sepolia	84532	Testnet

---

Frontend Stack

Web Application

Technology	Version	Purpose
Next.js	14+	React framework
React	18+	UI library
TypeScript	5.x	Type safety
TailwindCSS	3.x	Styling

Mobile Application

Technology	Version	Purpose
React Native	0.73+	Cross-platform mobile
Expo	50+	Development platform
TypeScript	5.x	Type safety

State Management

Technology	Purpose
TanStack Query	Server state
Zustand	Client state

Web3 Integration

Technology	Purpose
wagmi	React hooks for Ethereum
RainbowKit	Wallet connection
@solana/wallet-adapter	Solana wallets

---

Infrastructure Stack

Cloud Services

Service	Purpose
AWS / GCP	Cloud hosting
Cloudflare	CDN & DDoS protection
Supabase	Database hosting

Security

Service	Purpose
Cloudflare WAF	Web application firewall
AWS KMS	Key management
HashiCorp Vault	Secrets management

Monitoring

Tool	Purpose
Encore Dashboard	API observability
Sentry	Error tracking
Grafana	Metrics visualization

CI/CD

Tool	Purpose
GitHub Actions	CI/CD pipelines
Encore Cloud	Backend deployment
Vercel	Frontend deployment

---

Development Tools

IDEs & Editors

Tool	Purpose
VS Code	Primary IDE
Cursor	AI-assisted development

Code Quality

Tool	Purpose
ESLint	JavaScript linting
Prettier	Code formatting
Solhint	Solidity linting

Testing

Tool	Purpose
Vitest	Unit testing (Backend)
Foundry	Smart contract testing
Jest	Frontend testing
Playwright	E2E testing

Version Control

Tool	Purpose
Git	Version control
GitHub	Repository hosting
Conventional Commits	Commit standards

---

Package Managers

Environment	Tool
Backend	Yarn 1.x
Frontend	pnpm
Contracts	Forge (Foundry)

---

API Standards

REST API

• OpenAPI 3.0 specification
• JSON response format
• JWT authentication
• Rate limiting per endpoint

WebSocket

• Real-time notifications
• Live price updates
• Transaction status updates

---

Security Standards

Encryption

Type	Standard
At Rest	AES-256-GCM
In Transit	TLS 1.3
Passwords	bcrypt (cost 12)
JWT Signing	RS256

Authentication

Method	Implementation
OTP	Email/SMS verification
Web3	Wallet signature (ed25519)
OAuth	Google via Firebase
MFA	TOTP support

---

Architecture Decisions

Why Encore.dev?

Consideration	Benefit
TypeScript-first	Full type safety
Built-in infra	Less configuration
Auto-scaling	Handles traffic spikes
Observability	Built-in monitoring

Why Base (L2)?

Consideration	Benefit
Low fees	Cost-effective transactions
EVM compatible	Solidity contracts
Fast finality	Quick confirmations
Coinbase backing	Enterprise reliability

Why Drizzle ORM?

Consideration	Benefit
TypeScript-first	Type-safe queries
Lightweight	No runtime overhead
SQL-like	Familiar syntax
Migrations	Schema management

Why BoringVault Pattern?

Consideration	Benefit
Minimal code	Fewer attack vectors
No fund storage	Maximum security
Immutable	Cannot be modified
Auditable	Easy to verify

---

Version Requirements

Minimum Versions

{
  "node": ">=18.0.0",
  "typescript": ">=5.2.0",
  "solidity": "0.8.26",
  "postgres": ">=15.0"
}

Recommended Versions

{
  "node": "20.x LTS",
  "typescript": "5.3.x",
  "encore": "1.48.x",
  "foundry": "latest"
}

---

Dependency Overview

Backend Dependencies

Core:
├── encore.dev        # Framework
├── typescript        # Language
├── drizzle-orm       # Database
└── postgres          # DB driver

Auth:
├── jsonwebtoken      # JWT
├── bcryptjs          # Hashing
├── firebase-admin    # OAuth
└── tweetnacl         # Crypto

Communication:
├── nodemailer        # Email
├── axios             # HTTP
└── ioredis           # Cache

Blockchain:
├── ethers            # Ethereum
├── @solana/web3.js   # Solana
└── bs58              # Encoding

Smart Contract Dependencies

solmate/
├── auth/Auth.sol           # Authorization
├── tokens/ERC20.sol        # Token standard
└── utils/SafeTransferLib.sol

@openzeppelin/
├── access/AccessControl.sol
├── utils/ReentrancyGuard.sol
└── utils/structs/EnumerableSet.sol

---

Performance Benchmarks

API Response Times

Endpoint Type	Target	Max
Read (cached)	50ms	100ms
Read (DB)	100ms	200ms
Write	150ms	300ms
Blockchain	500ms	2000ms

Database Performance

Query Type	Target
Simple SELECT	under 10ms
Complex JOIN	under 50ms
Batch INSERT	under 100ms
Full-text search	under 100ms

Smart Contract Gas

Operation	Gas Estimate
Deposit	~150,000
Withdrawal Request	~120,000
Yield Claim	~100,000
Admin Config	~50,000