Esparex is an npm workspaces monorepo with the following structure:
@esparex/apps-admin(apps/admin): Admin dashboard UI (Next.js)@esparex/apps-web(apps/web): User-facing web application (Next.js)@esparex/backend-user(backend/user): Unified API services (user + admin namespaces)@esparex/core(core): Business logic, domain models, and DB services (Clean Architecture)@esparex/shared(shared): Shared contracts, types, and utility constants
apps/: Presentation layer (UI only)backend/: API gateway layer (routing + validation)core/: The "Brain" — ONLY place for business logic and DB accessshared/: SSOT for types, enums, and interfacesscripts/: Repo governance, guardrails, and CI toolingai-governance: Canonical instructions for repo-aware AI agentsdocs/: Master Documentation Registry
Requirements:
- Node.js
22.x - npm
>=11.8 <12
Install dependencies from the repo root only:
npm installCI is intentionally consolidated to a single workflow:
- Workflow file:
.github/workflows/ci.yml - Trigger:
pushtomain,pull_requesttomain, and manualworkflow_dispatch - Runtime: Node
22.x - Install strategy: deterministic root install (
HUSKY=0 npm ci) - Validation stage:
npm run ci:strict(lint:ci+ type-check + tests) - Build order:
@esparex/shared@esparex/core@esparex/backend-user@esparex/apps-admin@esparex/apps-web
This project uses strict automated guardrails to maintain code quality and architectural integrity.
Standard checks run automatically on every commit/push:
- Linting:
npm run lint(Checks for unused imports,anytypes, and cascading renders). - Type Safety:
npm run type-check(Ensures full TypeScript coverage across all workspaces). - Duplication:
npm run guard:duplication(Flags code blocks with >10 lines of identical content).
The project enforces a "zero-legacy" policy via:
npm run guard:platform-governanceThis will fail if forbidden keywords (legacy, compatibility, @deprecated) are found in comments, variables, or routes. Use OLD or descriptive alternatives instead.
The backend exposes enterprise reliability surfaces:
GET /metrics: Prometheus metrics (API latency/error rate, queue duration/failures, DB latency, subsystem gauges)GET /system/status: runtime subsystem dashboard (DB, Redis, Queue, Worker)GET /system/metrics-summary: SLO-oriented reliability summary (API, queue backlog, failure rates, worker state, security signals)GET /health: health contract for uptime checks
Environment switches for alerting are in backend/user/.env.example:
RELIABILITY_SLACK_WEBHOOK_URLRELIABILITY_ALERT_EMAIL_TORELIABILITY_ALERT_THROTTLE_MSRELIABILITY_API_LATENCY_THRESHOLD_MSRELIABILITY_HIGH_ERROR_RATE_THRESHOLDRELIABILITY_QUEUE_DELAY_THRESHOLD_MSRELIABILITY_DB_RESPONSE_THRESHOLD_MSRELIABILITY_QUEUE_FAILURE_SPIKE_THRESHOLD
The guard:pr-impact-analysis CI check requires every PR to have a description following the repository template. If your PR description is empty, the CI build will fail.
The CI workflow is strict by default and fails on lint/type-check/test/build regressions.
Run workspaces as needed:
npm run dev -w @esparex/backend-user
npm run dev -w @esparex/apps-web
npm run dev -w @esparex/apps-adminThe project is deployed using Vercel (Frontends) and Render (Backends).
Create two separate Vercel projects:
@esparex/apps-web- Root Directory:
apps/web - Install Command: (Use Vercel default install)
- Build Command:
cd ../.. && npm run build -w @esparex/apps-web
- Root Directory:
@esparex/apps-admin- Root Directory:
apps/admin - Install Command: (Use Vercel default install)
- Build Command:
cd ../.. && npm run build -w @esparex/apps-admin
- Root Directory:
Use root-workspace builds so shared/core/backend artifacts stay consistent.
When creating the Web Service (e.g., named esparex-api) for the API system:
- Root Directory: (Leave Empty)
- Build Command:
HUSKY=0 npm ci && npm run build -w @esparex/shared && npm run build -w @esparex/core && npm run build -w @esparex/backend-user && test -f backend/user/dist/index.js - Start Command:
npm start -w @esparex/backend-user
Do not use cross-directory commands such as cd backend or cd backend/user.
To fix 404/403 errors during login/CSRF discovery, ensure the following environment variables are aligned:
| Workspace | Platform | Variable | Recommended Value |
|---|---|---|---|
@esparex/apps-web |
Vercel | NEXT_PUBLIC_API_URL |
https://api.esparex.in/api/v1 |
@esparex/apps-admin |
Vercel | NEXT_PUBLIC_ADMIN_API_URL |
https://api.esparex.in/api/v1/admin |
@esparex/apps-admin |
Vercel | NEXT_PUBLIC_PROD_RISK_OVERRIDE |
false |
@esparex/apps-admin |
Vercel | NEXT_PUBLIC_APP_ENV |
production |
@esparex/backend-user |
Render | COOKIE_DOMAIN |
.esparex.in (required for CSRF) |
@esparex/backend-user |
Render | CORS_ALLOWED_ORIGINS |
https://admin.esparex.in |
@esparex/backend-user |
Render | CSRF_SECRET |
[Random 32-char string] |
Note: Admin routes are served from the unified API under /api/v1/admin.