AI Platform Recommendations
Architecture guidance and AI opportunity areas for the modern replacement platform.
Where AI Adds Value
Opportunity
1. AI-Powered CRM & Lead Scoring
Replace the manual heat scoring (hot/mild/cold) with intelligent lead qualification:
- Predictive lead scoring — use historical conversion data to predict close probability
- Automated follow-up suggestions — AI recommends next best action based on deal stage, communication history, and similar won deals
- Email drafting — generate contextual follow-up emails from CRM data and conversation history
- Churn prediction — identify organisations likely to offboard based on usage patterns, payment history, and engagement signals
Data available: Lead/Opportunity/Task history, Mailarchiva email archives, organisation status transitions, booking patterns, wallet usage.
Opportunity
2. Smart Booking & Space Optimisation
Move beyond manual room selection to intelligent recommendations:
- Room recommendations — suggest optimal rooms based on meeting type, attendee count, past preferences, and current availability
- Predictive occupancy — forecast space utilisation from check-in patterns, booking trends, and seasonal data
- Dynamic pricing — adjust meeting room rates based on demand, time of day, and historical utilisation
- Conflict resolution — when preferred rooms are taken, suggest alternatives with explanation of trade-offs
Data available: Booking history, check-in records, room attributes, peak/off-peak patterns, organisation preferences.
Opportunity
3. Conversational Member Portal
Replace form-heavy admin UIs with natural language interfaces:
- Chat-based operations — "Book the large meeting room for Thursday 2pm", "What's my printing balance?", "Add Sarah to our team"
- Intelligent assistant — understands context ("the usual room" = member's most-booked room at their location)
- Multi-channel — same AI assistant available via web portal, Slack, Matrix, or WhatsApp
- Proactive notifications — "Your team has used 80% of space credits this month" rather than reactive queries
Opportunity
4. Intelligent Invoicing & Financial Insights
- Anomaly detection — flag unusual charges, duplicate line items, or pricing inconsistencies before invoices go out
- Natural language queries — "Show me all unpaid invoices over R10k", "Which organisations have had increasing costs over the last 6 months?"
- Payment prediction — predict which invoices are likely to be late based on historical payment patterns
- Automated reconciliation — match incoming payments to invoices using AI pattern matching
Opportunity
5. Automated Onboarding & Support
- AI-guided onboarding — walk new members through setup via conversational interface
- Self-service troubleshooting — "My WiFi isn't working" triggers diagnostic checks (RADIUS status, credential verification) and resolution
- Document generation — AI-generated contracts, proposals, and welcome packs from templates + organisation data
Opportunity
6. Operational Intelligence
- Capacity planning — predict when locations will reach capacity, recommend expansion timing
- Pricing optimisation — recommend membership pricing based on market data, occupancy trends, and competitor analysis
- Resource allocation — suggest optimal desk/office assignments based on team sizes, collaboration patterns, and growth trajectories
- Community insights — identify potential collaboration opportunities between member organisations based on industry sectors and skills
Architecture Recommendations
1. Event-Driven Architecture
Replace Google Pub/Sub + eval()-based cron with a proper workflow orchestration system:
- Consider: Inngest, Temporal, or a serverless event bus
- Benefits: Typed events, automatic retries, observability, no eval() code injection risk
- Pattern: Domain events (InvoiceCreated, BookingConfirmed, MemberOnboarded) triggering typed handlers
2. Unified Authentication Layer
Replace the mix of sessions, API keys, and JWT tokens:
- Consider: OAuth 2.0 / OIDC with a provider like Auth0, Clerk, or Supabase Auth
- Pattern: Single auth middleware, role-based access control, proper token verification
- Critical: Always use
jwt.verify(), neverjwt.decode()
3. Service Boundaries
The current monorepo shares models directly via file paths. For the replacement:
- Option A: Modular monolith with clear domain boundaries and shared nothing between modules
- Option B: Microservices with API gateway, each service owning its data
- Key: The wallet/ledger, booking, and invoicing domains should be independently deployable and testable
4. Explicit Service Layer
Extract business logic from Mongoose hooks into explicit, testable service functions:
// Instead of logic in model hooks:
class LedgerService {
async createDebit(params) {
const currency = await this.deriveCurrency(params);
await this.validateOrganisation(params.organisationId);
await this.validateSufficientFunds(params);
const splits = this.calculateWalletSplits(params);
return this.ledgerRepo.create({ ...params, currency, splits });
}
}5. Accounting Adapter Pattern
Xero is deeply coupled throughout the current codebase. Abstract behind an adapter:
// Accounting adapter interface
interface AccountingProvider {
createInvoice(data: InvoiceData): Promise<ExternalInvoice>;
recordPayment(data: PaymentData): Promise<ExternalPayment>;
syncContact(data: ContactData): Promise<ExternalContact>;
}
// Implementations
class XeroProvider implements AccountingProvider { ... }
class QuickBooksProvider implements AccountingProvider { ... }
class SageProvider implements AccountingProvider { ... }This allows supporting multiple accounting systems and makes testing far simpler.
6. Double-Entry Accounting
The current wallet/ledger system is the most complex piece. Redesign with proper double-entry principles:
- Every transaction creates both a debit and credit entry
- Balance is always derivable from the ledger (no cached Balance model needed)
- Immutable ledger entries — corrections via reversing entries, not updates
- Clear separation of concerns: the ledger records facts, business rules live in the service layer
Technical Debt to Avoid Repeating
| # | Current Problem | New Platform Solution |
|---|---|---|
| 1 | Deprecated createCipher() |
Use createCipheriv() with scrypt key derivation from day one |
| 2 | No input validation | Schema validation (Zod/Joi) on every API endpoint |
| 3 | Secrets in config files | Use a vault (AWS Secrets Manager, HashiCorp Vault, Doppler) |
| 4 | Root Docker containers | Non-root users, current Node LTS, health checks, security scanning |
| 5 | ~9 test files | Build testing into development process — aim for 80%+ coverage on business logic |
| 6 | Xero deeply coupled | Accounting adapter pattern supporting multiple providers |
| 7 | 3 frontend frameworks | Single modern framework (React/Next.js, SvelteKit, or similar) |
| 8 | Logic in model hooks | Explicit service layer with clear domain boundaries |
| 9 | eval() in cron | Typed job handlers with proper scheduling (Inngest, BullMQ, Temporal) |
| 10 | Manual audit via deep-diff | Event sourcing for complete, immutable audit trail |
Data Migration Considerations
Key Challenges
- Heavily denormalised MongoDB schema — computed fields in hooks mean the stored data doesn't always reflect the "truth". Plan for data transformation, not lift-and-shift.
- Wallet/Ledger system — 6 transaction types, priority-based multi-wallet deduction, overflow logic, and reserve-to-debit conversion. This is the hardest piece to migrate correctly.
- Xero IDs everywhere — many models store Xero-specific IDs (
xero_id,xero_invoice_id,xero_tenant_id). These need mapping to the new accounting adapter layer. - Encrypted data — PINs, passwords, and session data encrypted with deprecated cipher. Must decrypt with old method and re-encrypt with new.
- Multi-instance federation — some data lives across multiple WSM instances. Migration needs to handle cross-instance references.
Migration Strategy
- Phase 1: Read-only access to legacy data via API adapter. New platform reads from old MongoDB.
- Phase 2: Dual-write period. New operations write to both systems.
- Phase 3: Full migration. Historical data transformed and loaded into new schema.
- Phase 4: Legacy system decommissioned.
Suggested Technology Stack
| Layer | Recommendation | Why |
|---|---|---|
| Runtime | Node.js 22+ or Bun | Team familiarity, ecosystem compatibility |
| Framework | Next.js or SvelteKit | Full-stack, SSR, API routes, modern DX |
| Database | PostgreSQL + Prisma/Drizzle | Strong typing, relational integrity for financial data, ACID transactions |
| Cache | Redis / Upstash | Sessions, rate limiting, real-time features |
| Search | Typesense or Meilisearch | Simpler than Elasticsearch, excellent for this use case |
| Queue | Inngest or BullMQ | Typed events, observability, automatic retries |
| Auth | Clerk or Auth0 | OAuth/OIDC, social login, RBAC built-in |
| AI | Claude API (Anthropic) | Function calling for tool use, large context for document processing |
| Hosting | Cloudflare Workers + Pages | Edge deployment, global performance, existing account |
| Monitoring | Sentry + PostHog | Error tracking + product analytics |
| Validation | Zod | TypeScript-first schema validation |
| Testing | Vitest + Playwright | Fast unit tests + E2E browser testing |