Search Results

ADR-006: SQLite for Development, PostgreSQL for Production Status: SUPERSEDED by ADR-014: PostgreSQL-Only Architecture (2026-03-03) Date: 2026-02-21 Deciders: John (AI Director) Category: Database Context Drop requires a database strategy that supports rapid ...

ADR-007: BankID as Sole Authentication Provider Status: Accepted Date: 2026-02-21 Deciders: Alem (CEO), John (AI Director) Category: Security Context Drop is a financial application operating under PSD2 in Norway. PSD2 mandates Strong Customer Authentication ...

ADR-008: Hono v4 for Mobile API Status: Accepted Date: 2026-02-21 Deciders: John (AI Director) Category: Backend Context Drop has two client platforms with different API needs: Platform Auth Pattern Token Storage API Style Deployment Web (Next.js) Cook...

ADR-009: Custom Feature Flag System Status: Accepted Date: 2026-02-21 Deciders: John (AI Director) Category: Backend Context Drop needs feature flags for several reasons: Gradual rollout: Cards feature requires a card issuing partner before activation -- mus...

ADR-010: Dual Database Driver Abstraction Status: SUPERSEDED by ADR-014: PostgreSQL-Only Architecture (2026-03-03) Date: 2026-02-21 Deciders: John (AI Director) Category: Database Context Per ADR-006, Drop uses SQLite for development and PostgreSQL for produc...

ADR-011: Expo SDK 54 for Mobile App Status: Accepted Date: 2026-02-21 Deciders: John (AI Director), Alem (CEO) Category: Mobile Context Drop requires a mobile app for iOS and Android. The mobile app is the primary interface for remittance and QR payments -- u...

ADR-012: AWS App Runner for Deployment Status: Accepted Date: 2026-02-21 Deciders: John (AI Director), Alem (CEO) Category: Infrastructure Context Drop needs a deployment target for its backend services (Next.js BFF and Hono mobile API). The deployment platfo...

BankID OIDC Integration Version: 1.0 Date: 2026-02-21 Author: Banking Architecture Team Status: Approved Applies to: Drop — Authentication via Norwegian BankID 1. Overview Drop uses BankID OIDC (OpenID Connect) as its sole authentication method. BankID provid...

Open Banking Integration: AISP & PISP Version: 1.0 Date: 2026-02-21 Author: Banking Architecture Team Status: Approved Applies to: Drop — PSD2 Pass-Through Model 1. Overview Drop operates as a Third Party Provider (TPP) under PSD2, using two regulated service...

Payment Processing Architecture Version: 1.0 Date: 2026-02-21 Author: Banking Architecture Team Status: Approved Applies to: Drop — Payment Initiation & Settlement 1. Overview Drop processes two types of payments, both initiated via PISP (Payment Initiation S...

Sentry Observability Integration Error tracking, performance monitoring, alerting, and SLO/SLI definitions for the Drop fintech platform. Covers Sentry SDK integration, data scrubbing, Slack alerting, structured logging, and release tracking. Observability ...

Sumsub KYC/AML Integration Identity verification architecture for the Drop fintech platform using Sumsub as the KYC/AML provider. Covers webhook architecture, applicant lifecycle, document check types, risk level definitions, SDK integration for web and mobil...

Database Design Version: 1.0 Date: 2026-02-21 Status: Approved Owner: Database Architect Design Philosophy Drop's database schema is designed around three principles: Simplicity over abstraction. 19 tables for a well-scoped fintech app. No generic "entities"...

Migration Strategy: SQLite to PostgreSQL STATUS: COMPLETED (2026-03-03) This document describes the completed migration from the old dual-driver architecture to PostgreSQL-only. The migration is done. Current architecture: PostgreSQL 16 (all environments), Dr...

Data Lifecycle Management Version: 1.0 Date: 2026-02-21 Status: Approved Owner: Database Architect Overview Drop processes personal and financial data subject to multiple overlapping regulatory frameworks. This document defines retention periods, archival str...

Audit Architecture Version: 1.0 Date: 2026-02-21 Status: Approved Owner: Database Architect Overview Drop's audit system records all significant user actions for compliance (PSD2, GDPR, AML) and security monitoring. The audit_log table is the central audit st...