Appearance
Technology Stack Summary
A comprehensive reference of every technology used in the Microtec platform, organized by layer. For deeper per-technology details, see the Technology Catalog.
Backend (.NET 8)
| Technology | Version | Role | Notes |
|---|---|---|---|
| .NET | 8.0 (LTS) | Runtime and SDK | All microservices target net8.0 |
| ASP.NET Core | 8.0 | Web framework | Minimal API + controller-based APIs |
| MediatR | 12.x | CQRS mediator | Dispatches commands and queries through pipeline behaviours |
| FluentValidation | 11.x | Input validation | All request DTOs have a corresponding validator |
| Entity Framework Core | 8.x | ORM | SQL Server provider; migrations per service |
| AutoMapper | 13.x | Object mapping | DTO ↔ Domain entity projection |
| Hangfire | 1.8.x | Background jobs | Scheduled tasks, ZATCA retries; SQL Server job store |
| YARP | 2.x | Reverse proxy | Used in Gateway alongside Ocelot |
| Ocelot | 23.x | API Gateway | Route configuration, auth delegation |
| MassTransit | 8.x | Message bus abstraction | Over Azure Service Bus; publishers and consumers |
| QuestPDF | 2024.x | PDF generation | Report and invoice PDF rendering |
| ClosedXML | 0.102.x | Excel generation | Export functionality across modules |
| Polly | 8.x | Resilience | Retry, circuit breaker for HTTP clients |
| Serilog | 3.x | Structured logging | Sinks: Seq, Application Insights |
| OpenTelemetry SDK | 1.7.x | Distributed tracing | OTLP exporter → Application Insights / Seq |
| .NET Aspire | Preview | Local orchestration | Used in Gateway/ for local multi-service dev |
| xUnit | 2.7.x | Unit testing | All backend test projects |
| Moq | 4.x | Mocking | Used in unit tests |
Key Framework Conventions
Service Registration
Services do not call services.AddScoped<IFoo, Foo>() manually. Instead, any class implementing IScopedService, ITransientService, or ISingletonService is auto-registered by a platform startup convention.
MediatR Pipeline
Every command/query passes through three pipeline behaviours in order:
ValidationBehaviour<TRequest, TResponse>— runs FluentValidation; throws if invalidWorkflowBehavior<TRequest, TResponse>— triggers business workflow hooksRequestLoggingPipelineBehavior<TRequest, TResponse>— logs request metadata to Serilog
Frontend (Angular)
| Technology | Version | Role | Notes |
|---|---|---|---|
| Angular | 17 (current), migrating to 20 | SPA framework | NgModule-based (standalone: false) |
| Nx | 17.x | Monorepo tooling | Build, lint, test orchestration for all 13 apps + 4 libs |
| Webpack | 5.x | Module bundler | With Module Federation plugin |
| @angular-architects/module-federation | 17.x | MFE wiring | Configures host and remote apps |
| NgRx | 17.x | State management | Store, Effects, Selectors per feature module |
| PrimeNG | 17.x | Component library | Data tables, dialogs, forms, charts |
| Bootstrap | 5.x | CSS framework | Utility classes and grid |
| SCSS | — | Styling | Per-component scoped styles |
| @ngx-translate | 15.x | i18n | Arabic (ar) and English (en) |
| Angular CDK | 17.x | UI primitives | Overlay, drag-drop, virtual scroll |
| Chart.js / ngx-charts | — | Data visualization | Dashboard charts |
| keycloak-angular | 14.x | Keycloak OIDC client | Wraps keycloak-js for Angular apps |
Build Configurations
| Config Name | Purpose |
|---|---|
development | Local dev, source maps enabled, mock data allowed |
stage | Stage environment, microtecstage.com URLs |
cloud | Generic cloud target (non-prod) |
uat | UAT environment, microtec-uat.com URLs |
preprod | Pre-production environment |
prod | Production, onlinemicrotec.com.sa URLs |
Mobile (Flutter)
| Technology | Version | Role | Notes |
|---|---|---|---|
| Flutter | 3.x | Cross-platform UI framework | iOS and Android targets |
| Dart | 3.x | Language | Null-safe Dart throughout |
| Melos | 3.x | Monorepo tooling | Manages multi-package Flutter workspaces |
| Dio | 5.x | HTTP client | REST API calls to backend services |
| Riverpod / BLoC | — | State management | Per-app choice (BLoC preferred in BO app) |
| go_router | 7.x | Navigation | Declarative routing in all apps |
| freezed | 2.x | Immutable models | Code generation for DTOs |
| json_serializable | 6.x | JSON serialization | Generated from annotations |
| firebase_messaging | — | Push notifications | FCM for mobile push |
| MobileDesignSystem | internal | UI components | Shared design system package (submodule) |
| MobileAPIClients | internal | API clients | Auto-generated from OpenAPI specs (submodule) |
| MobileSharedComp | internal | Shared utilities | Common widgets and services (submodule) |
Mobile Apps
| App | Repository | Description |
|---|---|---|
| BusinessOwner (BO) | BoMobileApp/ | Tenant admin mobile app |
| ERP Mobile | ERPMobileApps/ | ERP end-user mobile app |
| Van Sales | VanSalesMobileApp/ | Field sales representative app |
Infrastructure & Cloud
| Technology | Role | Notes |
|---|---|---|
| Azure Container Apps | Microservice hosting | Serverless containers with KEDA autoscaling |
| Azure Container Apps Environment | CAE | 2 per env: public (internet) + private (VNet) |
| Azure Bicep | IaC | All infra defined in Devops/azure/infrastructure/ |
| Azure Front Door | CDN + WAF + global LB | Entry point for all environments |
| Azure Container Registry (ACR) | Docker registry | Per-environment private registry |
| Azure Service Bus | Message broker | Replaced RabbitMQ; Standard tier for dev, Premium for prod |
| Azure Redis Cache | Distributed cache | Session cache, query cache; SSL enabled |
| Azure SQL Server | Relational database | Shared SQL VM (mic-backend-shared-sql-rg) for non-prod; managed for prod |
| Azure Key Vault | Secrets management | All connection strings and keys; keyvaultref: in CAE |
| Azure Static Web Apps (SWA) | Frontend hosting | Each Angular app = one SWA per env |
| Azure Monitor / App Insights | Telemetry | APM, distributed tracing, log analytics |
| Azure Managed Identity | IAM | ACR pull, Key Vault access — no stored credentials |
| Azure Virtual Network | Network isolation | One VNet per env; Private Endpoints for all PaaS |
| Azure Private Endpoint | PaaS isolation | SQL, Redis, ASB, Key Vault, ACR all on private IPs |
| Azure NSG | Network security | Inbound/outbound rules per subnet |
Security & DevSecOps
| Tool | Stage | Purpose |
|---|---|---|
| Gitleaks | Pre-build | Secret scanning in git history and current diff |
| SonarCloud | Build | SAST — code quality, security hotspots, coverage gates |
| Trivy | Post-build | Container image vulnerability scanning (OS + libs) |
| OWASP Dependency-Check (DC) | Build | SCA — third-party library CVE scanning |
| Hadolint | Build | Dockerfile linting (best practices) |
| Syft | Post-build | SBOM generation (CycloneDX format) |
| OWASP ZAP | Post-deploy | DAST — active scan against running stage/UAT |
| Azure OpenAI (GPT-4) | Post-build | AI-assisted code review — diff analysis |
| Keycloak | Runtime | SSO, OIDC, RBAC, session management |
| mTLS | Runtime | Transparent mutual TLS inside private CAE |
| Azure WAF | Runtime | Web Application Firewall rules on AFD |
Observability Stack
| Tool | Layer | Purpose |
|---|---|---|
| Serilog | App | Structured log emission (JSON format) |
| Seq | Infrastructure | Centralized log aggregation and search (port 1234 locally) |
| OpenTelemetry | App + Infrastructure | Distributed traces and metrics (OTLP: 4317/4318) |
| Application Insights | Cloud | APM, dependency tracking, live metrics |
| Health Checks | App | /health endpoints on every service; probed by CAE |
| Azure Monitor Alerts | Cloud | Threshold-based and anomaly alerts to on-call |
Developer Tooling
| Tool | Purpose |
|---|---|
| Docker / Docker Compose | Local dev (dev/ directory) and CI builds |
| Azure CLI | Infrastructure automation and pipeline scripts |
| PowerShell | Build and deployment scripts (cross-platform) |
| Bash / Zsh | CI/CD shell scripts on build agents |
| Azure DevOps CLI | Pipeline management from CI |
| JetBrains Rider / VS Code | IDE options for backend development |
| Visual Studio Code | Frontend and DevOps configuration |
| Postman / Bruno | API testing and documentation |
Shared NuGet Packages (16 Packages)
All packages are published to the Microtec private Azure DevOps NuGet feed.
| Package | Purpose |
|---|---|
Microtec.Domain | Base domain entities, value objects, IMultiTenantEntity |
Microtec.Persistence | EF Core base context, query filters, unit of work |
Microtec.Web.Core | Auth middleware, JWT validation, IScopedService conventions |
Microtec.Web.Hosting | App startup, Serilog, OpenTelemetry wiring |
Microtec.Application.Core | MediatR pipeline behaviours, base command/query types |
Microtec.PublicApi.AppsPortal | HTTP client for ERP AppsPortal inter-service calls |
Microtec.PublicApi.BusinessOwners | HTTP client for BusinessOwners service |
Microtec.PublicApi.Notification | HTTP client for Notification service |
Microtec.PublicApi.Attachment | HTTP client for Attachment service |
Microtec.PublicApi.Workflow | HTTP client for Workflow service |
Microtec.Reporting | QuestPDF/ClosedXML report base classes |
Microtec.Zatca | ZATCA e-invoicing SDK and helpers |
Microtec.Eta | ETA e-invoicing SDK and helpers |
Microtec.Import | Data import framework (Excel/CSV parsing) |
Microtec.Testing | Test base classes, EF Core in-memory helpers |
Microtec.Caching | Redis cache abstraction and helpers |
NuGet Setup
Before building the backend locally, you must authenticate with the private NuGet feed. See NuGet Setup for the one-time configuration steps.