Last Updated: December 21st, 2025 at 9:13:05 PM GMT+9
We're eSolia — a Tokyo-based IT consultancy that builds software. Since 1999, we've helped international companies navigate Japan's business technology landscape, and along the way, we've developed serious software engineering capabilities.
This GitHub profile is where we share our work: internal tools that solve real problems for our clients, and open-source utilities that might help you too.
We develop business software focused on security, compliance, and operational visibility for international companies in Japan.
| Product | Purpose | Stack |
|---|---|---|
| Nexus | Central platform hub — OAuth provider, secure file sharing with provenance, unified client management across all apps | Hono, Cloudflare Workers, D1, R2, Queues |
| Pulse | Compliance dashboard for SOC 2, ISO 27001, PCI-DSS — accumulates evidence against vetted control lists with secure, shareable executive reports | SvelteKit, Cloudflare Pages, D1, R2 |
| Periodic | DNS drift monitoring and alerting — detects unauthorized changes before they become security incidents | SvelteKit, Cloudflare Pages, D1 |
| Courier | Desktop secure file sharing — PIN-protected document delivery with BCC-trigger workflow for frictionless sharing | SvelteKit, Cloudflare Pages |
| Chōchō | ESL listening comprehension trainer — pre-generated multi-accent TTS audio for Japanese staff preparing for international calls | SvelteKit PWA, Cloudflare Pages, D1, R2 |
| Codex (coming soon) | Unified knowledge infrastructure — single source of truth with dual authoring (CMS for staff, Git for power users), AI-powered RAG search, and SharePoint integration. Ask Miko (巫女) | SvelteKit, Cloudflare Pages, D1, R2 |
All apps emphasize physical data isolation per client — we don't do shared databases with logical separation for compliance-grade applications. Nexus provides single sign-on across the suite via OAuth2/OIDC with Microsoft 365 SSO and magic link authentication.
We build primarily on Cloudflare's platform (Workers, Pages, D1, R2, Queues) for its compelling security-to-cost ratio: enterprise-grade edge security, DDoS protection, and WAF capabilities without enterprise pricing. For applications requiring Deno KV's strong consistency model, we deploy to Deno Deploy.
| Principle | Policy |
|---|---|
| OWASP Top 10 | → Every project, every review: Compliance-grade applications must adhere to the OWASP Top 10 security risks. |
| ISO 27001 | → Incorporated into dev practices for comprehensive security management. |
| Defense in depth | → Multiple security layers, not one wall. |
| Continuous Integration/Continuous Deployment (CI/CD) | → Automated testing and deployment pipelines ensure quality and security. |
| Security by Design | → Security is integrated into the design and development process. |
| Security Automation | → Automated security tools and processes for faster response and prevention. |
| Security Awareness Training | → Regular training for developers and users to understand and mitigate security risks. |
| Security Monitoring | → Continuous monitoring for threats and anomalies. |
| Edge-first | → Security and performance at the edge. |
| Zero Trust | → Trust no one, verify everything. |
Languages & Frontend
Platforms & Runtime
Tools & Environment
We incorporate ISO 27001:2022 good practices into our development work. Here's how we address Annex A Control 8.25 ("rules for secure development of software and systems"):
ISO 27001:2022 Annex A Control 8.25 Compliance
| Requirement | How We Address It |
|---|---|
| Separate dev, test, and production environments | Local development → protected preview branches → production. For PROdb, combined dev/test environments merge to production after approval. |
| Security guidance in SDLC | Handled via SOP with OWASP Top 10 as baseline for every project. |
| Security requirements in design phase | Every project specifies security requirements during initial specification. |
| Security checkpoints in projects | Security framework established in spec → developed per guidelines → security implementation reported. |
| Security and system testing | Security header validation for websites. Platform vendor penetration testing plus our checks on table, view, and form security for database projects. |
| Secure source code repositories | Write permissions (commit/merge) restricted to permitted personnel only. |
| Version control security | Change management process explicitly considers version control security. |
| Developer security knowledge | Ongoing training and knowledge development program. |
| Flaw recognition capability | Active effort to understand and identify security weaknesses in our work. |
| Licensing compliance | Full awareness and adherence to all licensing requirements. |
- 📣 New Blog Post We’ve summarized the key basics and tips for using Microsoft Teams Webinars. It’s easy to follow—perfect for first-time hosts. Check it out👇 https://blog.esolia.pro/en/posts/20251212-teams-webinar-en/ #MicrosoftTeams #Webinar #OnlineEvents #RemoteWork #TeamsTips
- 📣 New Blog Post Microsoft Teamsのウェビナー機能の基本と活用方法をまとめました!初めての方にもわかりやすく解説しています。オンラインイベント開催の参考にぜひご覧ください👇 https://blog.esolia.pro/posts/20251212-teams-webinar-%E5%9F%BA%E6%9C%AC%E3%81%A8%E6%B4%BB%E7%94%A8-ja/ #MicrosoftTeams #ウェビナー #オンラインイベント #リモートワーク #TeamsTips #Webinar #オンラインセミナー
- 📣 New Blog Post Have you upgraded to Windows 11 yet? I’ve highlighted three useful features in my latest blog post — they might just boost your productivity. Check out the article here👇 https://blog.esolia.pro/en/posts/20251120-windows-11-features-en/ #Windows11Tips #Windows11Features
| Item | Value |
|---|---|
| Repo Total Files | 1 |
| Repo Size in MB | 149 |
| Lume Version | v2.4.2 |
| Deno Version | 2.6.3 |
| V8 Version | 14.2.231.17-rusty |
| Typescript Version | 5.9.2 |
| Timezone | Asia/Tokyo |
We're generating this readme using the Lume static site generator from within the eSolia .github repository. See this page for details to get your own dynamic readme!