How it's built.

The full-stack framework

Coveroff runs on Next.js with the App Router. Server components handle data fetching close to the database — no over-fetching, no client-side waterfalls for the stuff that matters. Client components are used sparingly, mostly for interactive UI where state genuinely lives in the browser. The route groups ((marketing), (dashboard), (auth)) keep concerns separated without affecting the URL structure.

The API layer

The backend API is built with Hono — a tiny, edge-first web framework with an Express-like feel but a fraction of the overhead. It runs as a Next.js API route handler, so there's no separate service to deploy. Routes are typed end-to-end using Hono's RPC client, which means the frontend calls the API with full TypeScript inference — no code generation, no GraphQL schema. Zod validates every input at the boundary.

The OpenAPI spec is generated automatically from the Hono router and surfaced as an interactive reference using Scalar. Scalar produces a genuinely beautiful API explorer — far better than Swagger UI — and it took about ten lines to integrate.

The database

Postgres, modelled with Drizzle ORM. Drizzle sits right at the line between raw SQL and a full abstraction — you write schema as TypeScript, get type-safe queries, and can always drop to raw SQL when the query planner needs help. The schema reflects the regulatory domain directly: substances, formulations, registrations, submissions, dossier sections, studies, and obligations are all first-class tables with proper foreign keys, not JSON blobs in a generic “items” table.

Auth

Authentication is handled by Better Auth — a newer, fully self-hostable auth library that's genuinely pleasant to work with. Sessions are stored in Postgres alongside the application data. The middleware (a thin proxy.ts that runs as a Next.js middleware) checks for a session cookie and gates every non-public route before any server component runs.

The MCP server

This is the part we're most excited about. Coveroff exposes a Model Context Protocol server that gives AI agents structured, queryable access to your regulatory workspace. An agent can call gap_analysis and get back a typed list of missing studies for a specific submission, or call get_dossier_section and receive the actual structured content — not a PDF to parse.

The MCP server runs alongside the Hono API. It's transport-agnostic — it can run over stdio for local agents or over HTTP/SSE for remote ones. Claude, GPT, Grok, and Open Interpreter can all connect to the same server. Because the tools return structured data instead of natural language, agents can reason over it reliably rather than hoping their extraction was accurate.

Realtime

Collaborative features — live cursors, presence, and document-level sync — run on PartyKit. PartyKit gives you persistent WebSocket rooms (called “parties”) that run at the edge. Each dossier section is its own party. When two users are editing the same section, they see each other's cursors and changes propagate immediately without needing to poll or refresh.

Styling

Tailwind CSS for everything. No CSS files, no CSS modules. Component primitives come from shadcn/ui, which is less a component library and more a collection of copy-pasteable components built on Radix UI primitives — fully accessible, unstyled, owned by the project. Icons are from Lucide. The design system is defined as CSS custom properties in globals.css and consumed as Tailwind tokens — one variable change shifts the entire theme.

The stack at a glance