Case Study

B2B Equipment Management Platform — Internal Tool for Poland Optical

Poland Optical, managing used and refurbished optical equipment, needed to replace manual inventory tracking with one product that could serve three audiences at once — internal staff, external clients, and operations. Built solo, end-to-end.

Client: Poland Optical
Role: Solo developer · end-to-end
Type: Internal B2B tool · private system
Timeline: 2026

The problem

Poland Optical manages used and refurbished optical equipment and had outgrown manual inventory tracking. The replacement had to serve three audiences with conflicting needs at the same time.

Internal staff

Role-based internal access to the full inventory and day-to-day operations.

External clients

A zero-login way to view and reserve devices, without ever creating an account.

Operations

Inventory that flows in automatically from the existing ERP, with no manual entry.

Built solo, end-to-end — from product decisions and data modelling through to UI, infrastructure, and deployment.

Core decision — dual-audience architecture

The defining decision was a dual-audience architecture: one product serving two completely different trust boundaries.

Internal users (ADMIN / EMPLOYEE / VIEWER / TRADER) work in a full dashboard.
External clients access a completely separate, auth-free, server-rendered surface via per-device share tokens — no account required.
Share tokens are scoped per device, optionally password-protected (bcrypt), price-configurable, and QR-code distributable.
Internal data is never exposed to external clients directly.

Why it matters

One product, two completely different trust boundaries — without duplicating the data layer.

What I built

Role-based dashboard

Permission-driven access for ADMIN, EMPLOYEE, VIEWER and TRADER roles — driven by what each user can do, not rigid role guards.

Device catalogue with media

Devices with images and video, organised into categories that respect per-role visibility.

Reservation & purchase flow

A single flow for reserving or buying a device, usable internally or by external clients through a share link.

Automatic inventory sync

Devices update straight from the client's ERP (Enova) when stock changes or items sell — no manual entry.

Full audit log

Every create, update and delete is recorded — who, what and when — for accountability.

Soft delete + archive

Nothing is ever truly lost; records are archived rather than removed, and only admins can restore them.

Installable PWA

An installable progressive web app with push notifications wired to real events.

Share links & QR codes

Per-device share tokens — optionally password-protected and QR-code distributable — that open the auth-free client view.

Engineering decisions

End-to-end type safety with tRPC v11
Why: Zod schemas act as a single source of truth, shared between the API and the forms that feed it.
Outcome: No drift between backend and UI — a contract change surfaces at compile time, not in production.
Permissions as a typed const map
Why: Access is driven by a compile-time permission map rather than rigid role guards scattered through the code.
Outcome: The same source governs both API and UI, so what a user can see always matches what they can do.
Device status computed from reservations
Why: Availability is derived from reservation records instead of a separate, manually updated status field.
Outcome: Removed a whole class of sync bugs — status can never disagree with reality.
ERP webhook with dual-key matching
Why: Inbound updates must match on both enovaId and serialNumber; a mismatch is treated as a red flag, not an edge case.
Outcome: A mismatch intentionally blocks the action — a safety mechanism against acting on the wrong device.
Supabase Auth + Prisma, each owning its layer
Why: Supabase owns authentication and sessions; Prisma owns business data through type-safe relational queries.
Outcome: A clean split of concerns — security and domain logic can evolve independently.

Architecture

Internal staff and external clients reach the same app through two separate surfaces. The typed API layer is the only path to data — Prisma owns the business records in PostgreSQL, Supabase owns sessions and media, and the ERP pushes inventory in through a single inbound webhook.

Internal staff

ADMIN · EMPLOYEE · VIEWER · TRADER

via tRPC

External clients

No account required

via share token

Enova ERP

Stock & sales events

via webhook

Next.js App — App Router

tRPC v11 · typed API layer

Share-token surface

No auth · server-rendered

Prisma 7 → PostgreSQL

Business data

Supabase

Auth sessions · media storage

Stack

Next.js (App Router)tRPC v11Prisma 7Supabase (Postgres + Storage)shadcn/uiTailwind v4TypeScriptVercel

Screens

Role-based dashboard — Permission-driven overview tailored to each role.

Device list — grid + table — The full catalogue in both grid and table views.

Device detail — Media gallery, reservation panel and share-token controls.

Reservations — Reserving or buying a device through a single flow.

Public share-token view — The auth-free surface an external client sees from a share link.

Category tree — Categories with per-role visibility.

The problem

Internal staff

External clients

Operations

Core decision — dual-audience architecture

What I built

Role-based dashboard

Device catalogue with media

Reservation & purchase flow

Automatic inventory sync

Full audit log

Soft delete + archive

Installable PWA

Share links & QR codes

Engineering decisions

End-to-end type safety with tRPC v11

Permissions as a typed const map

Device status computed from reservations

ERP webhook with dual-key matching

Supabase Auth + Prisma, each owning its layer

Architecture

Stack

Screens