Arcane Tech
Project dossier

ShiftManager for air traffic control

An air traffic control operator running continuously, 24/7. A single planning week ties together individual per-sector authorizations (each with an expiry date), instructor-trainee pairs for on-the-job training, regulated rest-hour caps between shifts, fair rotation of night duty, and uninterrupted coverage on every position.

ShiftManager, shift-planning dashboard with active controllers, expiring authorizations and a weekly calendar
01 / 03
Client
Aviation operator, Bucharest
Sector
Civil aviation
Delivery year
2025
Status
In production

The same story, two registers.

For whoever pays for the projectPlain language, no jargon

The weekly planning of air traffic controllers is done from a single screen. The system proposes options that respect individual authorizations, blocks in the UI any shift that would violate an expired certificate, and notifies the team on their phones at every published change.

For whoever reviews it technicallyConcrete decisions, real versions

Hybrid architecture, PHP 8.3 + Node.js 18 (TypeScript), MariaDB through Prisma 5, a Timefold (JVM) solver isolated as a separate service. Browser push notifications via Service Worker over BullMQ/Redis. Five roles with time-bound delegation, an audit trail per change, JWT with rotation, CSRF on hash_equals, bcrypt cost 12, cross-origin isolation headers.

The same facts, two readings. The CEO reads the top register and knows what was delivered. The CTO reads the bottom one and knows how. No one is forced to translate in their head.

The process that existed before us.

The schedule was built in Excel, adjusted over email and paper diaries. Expired authorizations were caught, at best, by the human check before the shift. Last-minute changes traveled by phone, with no record of who approved what and when.

The system built to measure.

The planner sees the whole organization on one screen, moves shifts by drag-and-drop across sectors, and the Timefold solver (run as an isolated JVM service) builds valid options in a few seconds. PHP 8.3 serves the UI and the session, Node.js 18 exposes the planning API in TypeScript, MariaDB through Prisma 5 stores the model. Authorizations are checked against their validity dates per sector, instructor-trainee pairs respect the on-the-job training requirements, and every change leaves a trace in the audit trail. Browser push notifications travel via Service Worker over BullMQ/Redis. Security is calibrated to the critical perimeter: JWT with rotation, CSRF on hash_equals, bcrypt cost 12, cross-origin isolation headers.

The stack, in production.

  1. 01PHP 8.3 · FPM
  2. 02Node.js 18 · Express · TypeScript
  3. 03Prisma 5 · MariaDB 8
  4. 04Redis · BullMQ
  5. 05Timefold Solver (Java)
  6. 06Vite 5 · Service Worker
  7. 07Nginx · PM2 · Let's Encrypt

Lighthouse, measured at handover.

99
PerformanceExcellent
100
AccessibilityExcellent
100
Best PracticesExcellent
82
SEOVery good
  1. Publicly verifiable

    This project's domain is private, not publicly exposed. The scores were measured on the client's production environment with Google PageSpeed Insights, Google's official tool, and can be re-verified under a confidentiality agreement.

  2. Reference point

    The scores reflect the project's state at the moment of handover to the client (2025). The source code and infrastructure belong to the client afterwards, and the project may be modified, deactivated or migrated with no notice from us.

The measurable result.

The weekly schedule is generated in seconds. An invalid shift cannot be saved; an expired authorization blocks it in the UI before it reaches the database. API under 80 ms at p50, contractual uptime of 99.9% on a dedicated VPS. Handover to production: 28 days from kickoff.

  1. M.01Weekly schedule generationhours → seconds
  2. M.02API median (p50)< 80 ms
  3. M.03Production handover28 days from kickoff

Technical notes and verifications.

  1. [1]

    Lighthouse scores captured at 2025 on the client's production environment. Private domain, not publicly exposed.

  2. [2]

    The source code and infrastructure belong to the client after handover. The scores, the stack and the metrics reflect the delivered state, not the current state of the project.

  3. [3]

    The detailed technical documentation, the implementation logs and the test reports are archived in the internal Arcane Tech repository, available under a confidentiality agreement.

Have a similar system to build?

We start with a technical review led by a principal engineer, under a confidentiality agreement.

Schedule the review