Engineering

How we build regulated clinical software.

Technical notes from the Harbor team on data modeling, infrastructure, validation, and high-integrity clinical systems.

Building Automatic, Contextual Clinical Trial Audit Logging in Postgres Without Triggers

Featured | Monday, May 18th, 2026

Software subject to 21 CFR Part 11 requirements cannot afford best-effort audit logging: missing even a few records is a compliance failure. We needed audit trails that triggered automatically on every write to Postgres and carried rich business context. Here's how we built it in an ergonomic, maintainable, and secure way — using app-native TypeScript, without relying on baroque PL/pgSQL logic.

Read article
Building Automatic, Contextual Clinical Trial Audit Logging in Postgres Without Triggers
Building Automatic, Contextual Clinical Trial Audit Logging in Postgres Without Triggers
Monday, May 18th, 2026
Building Automatic, Contextual Clinical Trial Audit Logging in Postgres Without Triggers
Software subject to 21 CFR Part 11 requirements cannot afford best-effort audit logging: missing even a few records is a compliance failure. We needed audit trails that triggered automatically on every write to Postgres and carried rich business context. Here's how we built it in an ergonomic, maintainable, and secure way — using app-native TypeScript, without relying on baroque PL/pgSQL logic.
Nathan Leung
How We Model Clinical Trial Data When Every Trial Is Different
Friday, March 6th, 2026
How We Model Clinical Trial Data When Every Trial Is Different
When every clinical trial has a different data model, relational databases struggle with changes while NoSQL trades off safety for flexibility. Here's how Harbor uses a constrained EAV model in Postgres, taking advantage of relational guardrails and Zod-powered app-layer validation to support sparse, user-defined, constantly-evolving clinical data schemas — without compromising safety or integrity.
Nathan Leung
Why We Love Functional Programming but Don't Use Effect-TS
Monday, November 24th, 2025
Why We Love Functional Programming but Don't Use Effect-TS
We embrace functional programming patterns and principles throughout our full-stack TypeScript codebase, making ample use of libraries and tools like ts-pattern, Jotai, and Terraform to write declarative, composable, and type-safe code. That said, we don't use Effect-TS, and we don't have any plans to. Here's why.
Nathan Leung
Using Atomic State to Improve React Performance in Deeply Nested Component Trees
Sunday, October 26th, 2025
Using Atomic State to Improve React Performance in Deeply Nested Component Trees
Atomic state has enabled us to build complex, deeply nested React component trees in our clinical trial data capture application without trading off render performance or developer ergonomics. Here's a very brief overview of the difference between vanilla React Context-based state management and atomic state management, with an interactive demo based on real-world clinical trial data showing how we use atomic state to keep Harbor's EDC UI responsive and performant.
Nathan Leung
How We Use Terraform in Local Dev for Reproducible, High-Fidelity Development Environments
Tuesday, September 30th, 2025
How We Use Terraform in Local Dev for Reproducible, High-Fidelity Development Environments
Terraform allows us to quickly spin up high-fidelity local development environments that share the same infrastructure-as-code configuration that we deploy to production. Here's exactly how we use Terraform to configure Docker, Postgres, S3-compatible storage and other required services on developer machines so our local dev environment starts with one command, shares the same IaC, and feels like prod, without the mess of ad-hoc Bash orchestration or the heft of local Kubernetes.
Nathan Leung