What We Just Built: QAtrial's Enterprise Release

QAtrial started as three tables — requirements, tests, and an evaluation dashboard. It now has 35 database models, 90 API endpoints, 70 frontend components, and a PWA that works offline. Here’s what changed and why.

The Problem We Solved

Enterprise quality teams kept asking the same question: “Can we actually use this for real work?” The honest answer was no. QAtrial had impressive features — AI gap analysis, ISO 13485 assessment, design control, 10 industry verticals — but it ran on localStorage. No multi-user. No approvals that enforced anything. No way to track who changed what in a team setting.

The features looked good in a demo. They didn’t survive contact with a real quality department.

So we rebuilt the foundation and added the features that regulated companies actually need to operate.

Building Products for the Enterprise: Product Management in Enterprise Software

As an affiliate, we earn on qualifying purchases.

What’s New

QAtrial – Enterprise Release: What We Just Built

QAtrial · Enterprise Release · What We Just Built

What We
Just Built

3 tables→35+ database models

localStorage only→PostgreSQL + JWT auth

No multi-user→Teams + SSO + 5 roles

Pending / Approved→Multi-step workflows

No Change Control→Full GxP lifecycle

No PWA / mobile→Offline-capable PWA

“Can we actually use this for real work?” The honest answer was no. The features looked good in a demo. They didn’t survive contact with a real quality department. So we rebuilt the foundation.

Before vs. After — Complete Changelog

Metric

Before

After

Database models

35+

API endpoints

90+

Route files

34+

Frontend components

70+

TypeScript files

183

230+

Approval levels

Unlimited (configurable)

Change Control module

None

Full lifecycle + CC-NNN IDs

Deviation Management module

None

With investigation templates

Notifications

Client-only

Server-backed · 11 event types

Threaded comments + @mention

None

Any entity · Audit-logged

Task assignment

None

Due dates · Priority · Dashboard

Mobile / PWA

None

PWA · offline sync · 3 views

A Real Backend

PostgreSQL + Hono + JWT + Docker + SSO — Not a Demo Anymore

Production Stack

Database: PostgreSQL 16 // 35+ models, ACID, append-only audit

Server: Hono (TypeScript) // 90+ endpoints, 34+ route files

Auth: JWT // 5 roles, API-level RBAC middleware

Roles: admin · qa_manager · qa_engineer

auditor · reviewer

Deploy: docker-compose up // app + PostgreSQL, one command

SSO: OIDC // Okta · Azure AD · Auth0 · Keycloak

🗄️

PostgreSQL — every mutation logged

Append-only audit trail on every create, update, delete, approval, and status change. 35 Prisma ORM models covering the complete quality management domain. Data persists across teams, deployments, and restarts.

👥

Multi-user, multi-role, multi-org

JWT with 5 roles enforced at every API endpoint. Organization-level isolation. SSO auto-provisions users from your existing IdP on first login — no manual account creation needed.

🐳

Production in a day — not months

docker-compose up starts the full stack: app, PostgreSQL, health checks, named volumes. No infrastructure procurement. No implementation partner. No license activation. Your infrastructure, your data.

Multi-Level Approval Workflows

From Binary (Pending / Approved) to Configurable Multi-Step Sequences

Example Workflow — SOP Approval

authoredQA Engineer creates and signs as author

peer reviewAny QA Engineer completes structured review

approval ×2Two QA Manager approvals required to advance

e-signatureQA Manager signs with Part 11-compliant e-sig

releasedDocument released · Audit trail complete

The workflow engine is general-purpose. Same configuration drives SOP approvals, design gate reviews, change control sign-offs, and batch record releases.

Multi-step sequences with role requirements per step

Multiple approvers required before advancement

SLA timers — automatic escalation on expiry

Approver delegation when unavailable

Workflow pause and resume capability

Every transition logged to the append-only audit trail

This is what pharma companies need for SOP approval. What device companies need for design gate reviews. What every regulated company needs for change control sign-off.

Two New Modules

Change Control + Deviation Management — Table Stakes for GxP. Now Included.

🔄 Change Control CC-NNN auto-IDs

Initiation: change type, scope, justification, impact rationale

Impact assessment linking affected requirements, tests, documents, and training records

Approval via the multi-step workflow engine with roles, SLAs, and e-signatures

Implementation with assigned tasks and due dates per action item

Effectiveness verification at configurable checkpoints: 30 / 60 / 90 days

Trending by change type and month for management review reporting

🚨 Deviation Management Investigation templates

Detection and classification: minor / major / critical severity

Investigation using fishbone diagram or 5-why structured templates

Root cause identification with evidence attachment and sign-off

Auto-create a linked CAPA directly from investigation results

Closure with evidence and authorized electronic signature

Trending: which areas generate most deviations, which root causes recur

These two modules alone are why companies pay MasterControl $50,000/year. QAtrial provides them at $0 license cost, on your infrastructure, integrated with the same workflow engine, audit trail, and traceability matrix you already use.

Collaboration That Actually Works

Quality Isn’t a Solo Activity. Now QAtrial Isn’t Either.

🔔

Notification Inbox

11 event types · server polling 30s

Approval requests, overdue tasks, CAPA deadlines, workflow escalations, @mentions. Server-backed polling. In-app inbox with read/unread state. All notifications audit-logged with timestamp and user identity.

💬

Threaded Comments

Any entity · @mention → notification

Comment on any requirement, test, CAPA, deviation, change control, or document. @mention a colleague and they receive a notification. Comments are audit-logged — never editable after submission.

✅

Task Assignment

Due dates · Priority · My Tasks view

Assign tasks to team members with due dates, priorities, and status. Tasks link to CAPAs, deviations, change controls, or any quality record. “My Tasks” dashboard surfaces everything assigned across the quality system.

This turns QAtrial from a documentation tool into a coordination platform — where quality work, communication, and accountability happen in the same system as the quality records themselves.

Vertical Depth

Deep in Three Verticals — Not Shallow in Ten

Medical Devices

ISO 13485 · EU MDR · QMSR

Complaint trending by frequency, severity, product, and month — plus MTTR

Supplier quality scorecards with auto-requalification on score threshold breach

Post-market surveillance dashboard with PSUR data assembly

UDI tracking with GUDID and EUDAMED export support

Pharmaceuticals

21 CFR 210/211 · ICH Q7/Q10

Electronic batch records: step-by-step execution, deviation flagging, e-sig release

Stability studies: ICH Q1A design · OOS/OOT auto-detection · trending

Environmental monitoring with alert/action thresholds and excursion tracking

Training management with compliance dashboard and auto-retraining on SOP update

Software / GAMP

21 CFR Part 11 · Annex 11 · GAMP 5

Live impact analysis: full dependency chain when a requirement changes

Computerized system inventory with GAMP 5 categories and validation status

Periodic review automation with 7-step wizard

Cross-Vertical

All 10 verticals · 37 countries

Document lifecycle: 6-stage SOP versioning with full approval workflow

Audit management: findings tracker, classification, CAPA linkage

All modules available across all verticals and countries

PWA + Mobile Access

Quality Work Happens on Manufacturing Floors. Not Just at Desks.

📱

Install on your phone’s home screen

QAtrial is a Progressive Web App. No App Store. No MDM. Install directly from the browser on iOS or Android. Native-like experience from a URL — same codebase as the desktop.

📡

Offline-first with automatic sync

Service worker caches static assets and queues mutations when offline — readings, batch steps, complaints — then syncs automatically when you reconnect. Works in cleanrooms and basement labs.

👆

Touch-optimized for field use

Large touch targets, simplified forms, quick numeric input designed for gloved hands on manufacturing floors — not for a keyboard and mouse at a desk.

Three Mobile-Optimized Views

📋

Batch Record Step Entry

Step-by-step execution with large touch targets. Inline deviation flagging. E-signature per step. Works offline in ISO 5/7 cleanrooms.

🌡️

Environmental Monitoring Readings

Quick numeric input for temperature, humidity, particle counts. Auto-alerts on threshold breach. Log during rounds — no return to a workstation needed.

📢

Complaint Intake

Simplified form with structured intake fields — product, lot, complaint code, description. Syncs to the complaint trending module automatically on submission.

What This Means

No Longer Competing with Spreadsheets — Competing with Enterprise QMS Vendors

MasterControl charges $50,000/year for:

Workflow engine + Change Control + Deviation Management

Multi-step workflows, change control with 30/60/90-day effectiveness verification, deviation management with structured investigation templates. All in QAtrial, same audit trail, same RBAC.

QAtrial: $0 license

Greenlight Guru device companies depend on:

Complaint trending + Supplier QMS + Post-Market Surveillance

Complaint trending with frequency/severity analysis, PSUR data assembly, GUDID/EUDAMED export, and supplier scorecards with auto-requalification — all in the Medical Devices vertical.

QAtrial: $0 license

What pharma teams still do on paper:

Electronic Batch Records + Stability Studies + Environmental Monitoring

Step-by-step batch record execution with e-signature release, ICH Q1A stability studies with OOS/OOT auto-detection, and environmental monitoring with excursion tracking.

QAtrial: $0 license

“QAtrial is no longer competing with spreadsheets. It’s competing with Greenlight Guru, MasterControl, and Veeva Vault — at $0 license cost, with source code you can inspect, on infrastructure you control.”

🗄️

35+ models · 90+ endpoints · 34+ route files · 230+ TS files. PostgreSQL, Hono, JWT, Docker, OIDC SSO. A system teams share.

⚙️

Unlimited workflow steps · SLA escalation · delegation. Change Control and Deviation Management. What $50K/year QMS software provides.

📱

PWA with offline sync · 3 mobile views. Batch records in cleanrooms. Environmental readings on the floor. Complaints at clinical sites.

🔓

AGPL-3.0 · Every line on GitHub. Inspect the source. Validate the system. Own the result.

A Real Backend

QAtrial now runs on PostgreSQL with a Hono API server. 35 database models. JWT authentication with 5 roles (admin, qa_manager, qa_engineer, auditor, reviewer). Every mutation logged in an append-only audit trail. Docker deployment with docker-compose up. SSO via OIDC for Okta, Azure AD, Auth0, and Keycloak.

This isn’t a demo anymore. It’s a system teams can share.

Multi-Level Approval Workflows

The old approval system was binary: pending or approved. The new workflow engine supports multi-step sequences — review, then two approvals, then a signature. Each step can require a specific role, multiple approvers, and an SLA timer. If the SLA expires, it escalates automatically. Approvers can delegate. Workflows can be paused and resumed.

This is what pharma companies need for SOP approval. What device companies need for design gate reviews. What every regulated company needs for change control.

Change Control & Deviation Management

Two new modules that are table-stakes for any GxP quality system:

Change Control tracks the full lifecycle: initiation, impact assessment, approval (using the workflow engine), implementation with assigned tasks, and effectiveness verification at 30/60/90 days. Auto-generated CC-NNN numbers. Trending by type and month.

Deviation Management handles detection through closure: classify (minor/major/critical), investigate using fishbone or 5-why templates, identify root cause, auto-create a linked CAPA, and close with evidence. Trending shows which areas generate the most deviations and which root causes recur.

These two modules alone are why companies pay MasterControl $50K/year.

Collaboration That Actually Works

Quality isn’t a solo activity. Now QAtrial has:

Notification inbox with 11 event types — approval requests, overdue tasks, CAPA deadlines, @mentions. Server polling every 30 seconds.
Threaded comments on any entity. @mention a colleague, they get a notification. Audit-logged.
Task assignment with due dates, priorities, and a “My Tasks” dashboard. Tasks can be linked to CAPAs, deviations, change controls, or any other entity.

This turns QAtrial from a documentation tool into a coordination platform.

Vertical Depth

We went deep in three verticals instead of staying shallow in ten:

Medical Devices: Complaint management with trending (frequency by product/severity/month, mean time to resolution). Supplier quality scorecards with auto-requalification when scores drop below threshold. Post-market surveillance dashboard with PSUR data assembly. UDI tracking with GUDID and EUDAMED export.

Pharma: Electronic batch records with step-by-step execution, deviation flagging, and e-signature release. Stability study manager with ICH Q1A design, OOS/OOT auto-detection, and trending. Environmental monitoring with alert/action thresholds and excursion tracking. Training management with compliance dashboard and auto-retraining when SOPs update.

Software/GAMP: Live impact analysis showing the full dependency chain when a requirement changes. Computerized system inventory with GAMP 5 categories and validation status. Periodic review automation with a 7-step wizard.

Cross-vertical: Document lifecycle management (6-stage SOP versioning). Audit management with findings tracker, classification, and CAPA linkage.

PWA and Mobile Access

QAtrial is now a Progressive Web App. Install it on your phone’s home screen. The service worker caches static assets and queues mutations when you’re offline — readings, batch steps, complaints — then syncs automatically when you reconnect.

Three mobile-optimized views for field use: batch record step entry (large touch targets), environmental monitoring readings (quick numeric input), and complaint intake (simplified form).

This matters because quality work happens on manufacturing floors, in cleanrooms, and at clinical sites — not just at desks.

Amazon

offline PWA for quality teams

As an affiliate, we earn on qualifying purchases.

By the Numbers

Metric	Before	After
Database models	15	35+
API endpoints	60	90+
Route files	21	34+
Frontend components	42	70+
TypeScript files	183	230+
Approval levels	1	Unlimited (configurable)
Mobile support	None	PWA with offline
Change Control	None	Full lifecycle
Deviation Management	None	With investigation templates
Notifications	Client-only	Server-backed, 11 types
Comments	None	Threaded, @mention
Tasks	None	Assigned, tracked, dashboarded

ISO WARRIOR: Journal, Notes, Ideas, Actions, Priorities, Checklists, Log | Tool for Daily Goal Setting Tracker | Time Management | Performance Reviews | Project Office Book Gifts for Meetings

As an affiliate, we earn on qualifying purchases.

What This Means

QAtrial is no longer competing with spreadsheets. It’s competing with Greenlight Guru, MasterControl, and Veeva Vault — at $0 license cost, with source code you can inspect, on infrastructure you control.

The workflow engine handles what MasterControl charges $50K/year for. The complaint trending does what Greenlight Guru’s device companies depend on. The batch records digitize what pharma teams still do on paper.

And it’s open source. AGPL-3.0. Every line of code is on GitHub.

QAtrial is available at github.com/MeyerThorsten/QAtrial.

WavePad Audio Editing Software – Professional Audio and Music Editor for Anyone [Download]

Full-featured professional audio and music editor that lets you record and edit music, voice and other audio recordings

As an affiliate, we earn on qualifying purchases.

What We Just Built: QAtrial’s Enterprise Release

Up next

The Training Compliance Gap: Why 40% of Audit Findings Are About People

Author

QAtrial Team

Share article

The Problem We Solved

Building Products for the Enterprise: Product Management in Enterprise Software