2025LiveFullstack Engineer — design, schema, security, edge functions, frontend

NHWA Sentinel

Multi-tenant governance, compliance & workforce-advisory platform for North Hudson Workforce Advisors

A SaaS-style multi-tenant governance, compliance and workforce-advisory portal for North Hudson Workforce Advisors. Each client organization is isolated at the database level, while NHWA staff get global cross-tenant visibility. Unifies intakes, documents, regulatory exports, payroll integration, projects, vendors, MWBE/DBE compliance, an anonymous hotline, and an AI policy assistant in a single platform.

View details Live site

User roles

20+

Server functions

Industry packs

AI assistant modes

Overview

NHWA Sentinel is a multi-tenant compliance and workforce-advisory platform. Every record is scoped to a tenant and gated at the database level, so cross-tenant data leakage is impossible by construction.

Tenant users (admins, HR, workers, read-only auditors) only see their own organization. NHWA staff act as platform operators with global visibility for intake review, exports, advisory, and compliance oversight.

The platform unifies intake management, versioned document control, regulatory reporting, payroll/HRIS integration, project and vendor tracking, MWBE/DBE compliance, an anonymous hotline, and an AI policy assistant. A configurable pack system (Core, Construction, Industrial, Logistics, Health, Command) tailors required fields and reports per industry.

Architecture

React SPA → Lovable Cloud (Postgres + RLS + Storage + Auth) → Edge Functions → Lovable AI Gateway

React SPA

Vite · TypeScript · Tailwind · shadcn/ui

Auth & MFADashboardIntakesDocumentsProjects & VendorsMWBE / DBEPayrollHotlineAI assistant

Lovable Cloud

Auth · Storage · Postgres client

Email/Password + TOTPPrivate storage bucketsRealtimeTenant-aware data access

Postgres + Row Level Security

Tenant-isolated relational core

tenants & coverageprofiles & rolesintakes & messagesdocumentsprojects & vendorsmwbe / dbepayrollexceptions & exportshotlineaudit & security eventssentinel rules

Edge Functions & AI

Server-side workflows · Lovable AI Gateway

Tenant onboardingUser invites & lifecycleIntake notificationsXLSX export generationEvidence binder ZIPHotline submit / replyPolicy assistant (RAG)Advisor mode (NH only)Security event logging

Tech stack

Frontend

React 18TypeScriptViteTailwind CSSshadcn/uiLucide icons

State, Routing & Forms

TanStack React QueryReact Router v6React Hook FormZod

Backend

PostgreSQLRow Level SecurityEdge Functions

Gemini 2.5 ProPolicy RAGAdvisor mode

Auth & Security

Email/passwordTOTP MFAIdle session timeoutPassword re-entryAudit logging

Theming

Dark/light modeColor palettes

User roles

NH_ADMIN

Global

Full platform admin — manages tenants, users, and all data across the portal.

NH_ADVISOR

Global

Cross-tenant read and advisory actions for review and response work.

TENANT_ADMIN

Tenant

Manages their organization's users, intakes, and documents.

TENANT_HR

Tenant

HR-specific intake and document access within their organization.

TENANT_WORKER

Tenant

Submits intakes and views their own organization's data.

TENANT_AUDITOR_READONLY

Tenant

Read-only access for internal compliance audits.

MVP features

Intakes & messaging

Structured intake submissions with topic-specific fields and threaded conversations. Server-side search, filtering, sorting, and pagination. PII anonymization is enforced automatically for whistleblower submissions.

Document library

Upload compliance documents with metadata (type, effective date, jurisdiction, version). Files served via short-lived signed URLs from private storage buckets, with strict approval-gated activation rules.

Projects, vendors & decisions

Project lifecycle with linked vendors and project-level tasks, a vendor directory with detail pages, and an organizational decision log.

MWBE / DBE compliance

Tracks Minority/Women/Disadvantaged Business Enterprise participation by contract value with weighted-average calculations.

HRIS / payroll integration

Four-step CSV workflow that produces LCPtracker-format output, with jurisdiction-specific validation rules and full audit history.

Regulatory exports & report catalog

Pivot-ready XLSX generation from a templated report catalog, executed server-side with per-run exception tracking.

Evidence binder

One-click ZIP export bundling policies, intakes, approvals, and compliance artifacts for audits.

Exceptions

Cross-domain compliance and payroll exception tracking with automated severity, linked back to originating intakes, exports, or payroll runs.

Tenant & coverage management

NH-only view of all tenants with a lifecycle workflow and per-tenant industry pack toggles (Core, Construction, Industrial, Logistics, Health, Command).

Hotline (Blind Bridge)

Public submission without login, anonymous two-way messaging, internal investigation notes, and rate limiting on public endpoints.

Analytics dashboard

Multi-tab insights with cross-tenant noise prevention. Summary cards for intakes, documents, open exceptions, and exports.

Notifications

Real-time in-app bell with deduplication, read-state sync, and per-event routing.

Billing

Visual pricing and packaging guide with industry pack cards, add-on marketplace, consulting retainers, and non-profit tiers.

Theming & branding

Light/dark mode plus configurable color palettes. Dynamic sidebar branding adapts per tenant or NH console.

AI assistant — policy assistant

RAG-based first-response layer that answers from approved policies only, with citations, and escalates to NH when no answer is found.

AI assistant — advisor mode

NH-only assistant on intake detail pages. Pulls case context, tenant metadata, and active governance rules; cites only official agency sources and flags time-sensitive numbers.

Workflows

Tenant lifecycle

1
Company is invited or signs up; a server-side onboarding flow provisions the tenant, coverage, profile, and initial admin role.
2
Tenant enters a documents-required phase where intakes are blocked until required compliance documents are uploaded.
3
NHWA reviews and approves the submitted documents, moving the tenant to an active state.
4
Tenant can be suspended or soft-deleted later as needed; all history is preserved in the audit trail.

Intake lifecycle

1
Tenant user submits an intake with topic-specific fields and any attachments.
2
NHWA staff are notified in-app and by email.
3
The AI assistant searches the tenant's approved policies and suggests a first-response answer with citations.
4
NHWA replies in the threaded conversation and can route the intake back to the tenant for more information.
5
Once resolved, the intake is closed with a full audit trail of every action.

NH admin provisioning

1
Existing NH admin invites a new NH user via email.
2
Invitee signs up and lands in a pending-approval state with no access.
3
An existing NH admin reviews and approves the account, granting full NH admin privileges.

Payroll / HRIS workflow

1
Tenant uploads a payroll CSV from their HRIS.
2
Field mapping step aligns source columns to the canonical payroll model.
3
Jurisdiction-specific validation rules run and surface any exceptions with severity.
4
Validated data is exported in LCPtracker-compatible format, with a full audit record of the run.

Security

Row Level Security enforced on every table so users only ever see data scoped to their organization (or globally for NH staff).
TOTP-based multi-factor authentication required for administrators, with assurance-level checks on sensitive routes.
Strong password policy (minimum length plus complexity rules) and re-authentication required for sensitive operations.
30-minute idle session timeout with automatic logout.
Whistleblower PII protection enforced automatically at the database level.
Rate limiting on public hotline endpoints to prevent abuse.
Private storage buckets with tenant-scoped access — files only served through short-lived signed URLs.
Email-change and password-recovery flows hardened with re-authentication and routing locks.
Comprehensive audit log of system events plus a separate security-event log for login attempts, MFA challenges, and suspicious activity.
Database validation triggers preferred over time-based constraints, keeping migrations clean and restorable.