Unified Booking & Operations Platform

Summit Guardian

A full-stack platform powering every aspect of Highline Adventures — from guest bookings and activity scheduling to equipment tracking, staff operations, and financial reporting.

Built for California's adventure tourism industry. One platform, zero friction.

Launch Application Explore Features

162

API Endpoints

28

Database Tables

124

Automated Tests

70

Template Views

Guest Experience

Everything Guests Need

A seamless booking experience from browsing to checkout, with account management and real-time availability.

Accommodations

Browse and book cabins, yurts, RV sites, and campsites. Interactive property map, image galleries, amenity lists, and real-time availability calendars.

  • 4 property types (cabin, yurt, RV, campsite)
  • Interactive map with clickable positions
  • Dynamic pricing (seasonal, weekend, length-of-stay)

Activities & Adventures

Zipline tours, adventure parks, guided experiences, and lessons. Recurring schedules with time slots, capacity tracking, and resource pool management.

  • 5 activity types with recurring schedules
  • Instructor assignment & resource pools
  • Real-time capacity & slot availability

Equipment Rentals

Kayaks, bikes, helmets, climbing gear, camping equipment, and water sports. QR code scanning for instant checkout and return tracking.

  • 6 equipment categories with QR codes
  • Damage assessment & late fee tracking
  • Maintenance logs & overdue detection

Unified Cart & Checkout

A single shopping cart handles all three booking types — accommodations, activities, and equipment — in one checkout flow. HMAC-SHA256 signed cookie-based cart with no external dependencies.

Smart Pricing

Dynamic pricing engine with seasonal, weekend, holiday, and length-of-stay rules applied automatically.

Tax Compliance

Configurable tax engine — occupancy (TOT), sales tax, and resort fees with date-window support.

Cancellation Policy

4-tier refund policy (100%/50%/25%/0%) based on days-before-checkin, with admin override.

Back Office

Admin & Operations

A comprehensive admin panel with 16 management modules, role-based access, and daily automated background jobs.

Dashboard & Reports

Revenue summaries, occupancy metrics, booking trends, and exportable financial reports.

Booking Management

Full lifecycle control — view, modify, check in, cancel, and manage refunds for all bookings.

Daily Manifests

Check-in/check-out manifests, activity rosters, and guest arrival lists generated daily.

Point of Sale

On-site retail transactions, folio charges to guest bookings, and item catalog management.

User & Role Management

5-tier role system — guest, instructor, property manager, admin, and super admin with scoped permissions.

Grid Optimization

Automatic gap detection and move suggestions for floating inventory to maximize occupancy.

Waivers & Compliance

Digital waiver templates with versioning, e-signatures, and CCPA data privacy compliance tools.

Staff Tasks & Jobs

Task assignment, cleaning schedules, maintenance tracking, and automated daily background jobs.

System Design

Architecture

Purpose-built asset modeling, secure-by-default middleware, and a provider-based integration layer.

FSA

Fixed Spatial Asset

Assets with permanent, fixed locations — specific cabins, numbered campsites. Guests book an exact unit with known coordinates on the property map.

FIA

Floating Inventory Asset

Interchangeable units within a type — guests book "a yurt" and the system assigns the optimal unit. Eligible for grid optimization to minimize gaps.

DRA

Dependent Resource Asset

Activities requiring staff and equipment pools — zipline tours need instructors and harnesses. The system checks resource contention before confirming.

Security & Middleware

Authentication

JWT access + refresh tokens in httponly cookies. Role-based route guards with automatic redirect vs 401 based on request type.

CSRF Protection

Cookie-to-form-field validation on all state-changing requests. API routes (/api/*) exempt for JSON clients.

Rate Limiting

In-memory sliding window. Login (5/5min), registration (3/5min), API (60/min), cart (30/min). HTTP 429 on breach.

Security Headers

CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and GZip compression.

Under the Hood

Technical Framework

A modern, fully async Python stack designed for performance, maintainability, and zero-downtime deployments.

Backend

FastAPI

Fully async Python web framework with automatic OpenAPI docs, dependency injection, and type validation.

SQLAlchemy 2.0

Async ORM with asyncpg driver. Connection pooling, eager loading, and transactional session management.

PostgreSQL

28-table relational schema across 9 categories. Alembic for migrations, pool_pre_ping for resilience.

Pydantic

Settings management via environment variables, request schemas, and data validation throughout.

Frontend

Jinja2

Server-side templating with template inheritance, 70 views across admin, public, auth, and staff sections.

HTMX 2.0

Hypermedia-driven interactions — partial page updates, boosted navigation, and inline form submissions without full page reloads.

Alpine.js 3

Lightweight reactive UI — modals, dropdowns, multi-step checkout wizard, and interactive property maps.

Tailwind CSS

Utility-first styling with custom primary (green) and accent (orange) color scales. Responsive across all breakpoints.

Infrastructure

  • VPS hosting with systemd service management and Apache reverse proxy
  • GitHub Actions CI/CD with FTP-based deployment pipeline
  • Uvicorn ASGI server with hot-reload in development, production-grade in deploy
  • Alembic migrations for schema versioning and safe database evolution
  • APScheduler for daily background jobs — cleaning tasks, overdue rentals, session cleanup

Testing & Quality

  • 124 automated tests across 15 test files using pytest + pytest-asyncio
  • Full async test client via httpx AsyncClient with authenticated fixtures
  • Service + integration + flow tests — pricing, availability, booking, cart, equipment, waivers, cancellation
  • Race condition testing for availability overlap guards and resource contention
  • Coverage reporting via pytest-cov, code quality via ruff and black

Integration Ready

Provider Architecture

External integrations use an abstract base class + implementation + factory pattern, making providers hot-swappable without code changes.

Payment Provider

charge() and refund() interfaces. Currently using mock provider — ready for Stripe or Square integration.

Mock → Stripe/Square

Smart Lock Provider

generate_code() and revoke_code() interfaces. Ready for hardware integration with keycode management.

Mock → Hardware API

Notification Provider

Booking confirmations, cancellation notices, and keycode delivery. Ready for email/SMS integration.

Noop → Email/SMS

See It Live

Summit Guardian is deployed and running in production. Explore the full platform — guest booking, admin operations, and everything in between.

Launch app.summitguardian.com