Architecture decisions
Every load-bearing choice the platform makes is recorded here as a numbered ADR (Architecture Decision Record). The intent is transparency: if the platform behaves a certain way, the reasoning is in this list.
Full disclosure;
- 0001 pnpm monorepo with apps/* and packages/* accepted
- 0002 Multi-tenancy via single Supabase + organization_id partitioning accepted
- 0003 Stack: React + Vite + Express, TypeScript everywhere, port from internalize accepted
- 0004 Tenant config: repo bootstraps, DB authoritative at runtime accepted
- 0005 Public sites deploy to Cloudflare Pages, one project per tenant accepted
- 0006 API + admin portal deploy to Railway accepted
- 0007 TypeScript strict mode everywhere, no exceptions accepted
- 0008 Transparency-as-product: ADRs and decision-making are user-facing features accepted
- 0009 TDD and stability as primary; the RLS isolation test is the keystone gate accepted
- 0010 Google Workspace integration: view, never own accepted
- 0011 Internalize is a reference, not an architectural exemplar accepted
- 0012 Use Supabase CLI for migrations accepted
- 0013 Design system in `packages/ui`, mobile-first member-first shell, modal-for-edit, plain-text first accepted
- 0014 RLS is the security gate; the UI gates affordances by role as a UX hint, not a security control accepted
- 0015 Image storage = Supabase Storage accepted
- 0016 Forum uses admin-curated tags, not member-curated channels accepted
- 0017 Storage uploads route through the API, not direct from the browser accepted
- 0018 Cloudflare Pages auto-provisioning is the default; manual override stays available accepted
- 0019 Security posture and threat model accepted
- 0020 Cross-tenant audit log accepted
- 0022 Google Calendar integration: trust model accepted
- 0023 Platform extensions: opt-in features that live outside ark's core accepted