ramadhan sjamsani
a7a2a32d27
- Backend: Fastify with two listeners (public + internal), routes, services, DB migration + seed - client_app: Flutter with BLoC, all auth screens (welcome, display name, register, OTP, force-register) - mitra_app: Flutter with BLoC, OTP-only login - control_center: React + Vite, email/password login, mitra/user management, anonymity settings - Docs: phase1 plan, API contract, client app mockup - CLAUDE.md and shared memory for all subprojects Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
911 B
911 B
name, description, type
| name | description | type |
|---|---|---|
| Control Center Context | Stack, security rules, and responsibilities for the Halo Bestie internal control center | project |
React + Vite SPA — internal management tool. Never expose to public internet.
Stack: React, Vite, Firebase Auth (admin role required)
API: Calls internal Fastify listener only (/internal/ routes, port 3001). Accessed via VPN or private network. Domain: internal.halobestie.com.
Security:
- Network-level protection: Nginx
allow 10.0.0.0/8; deny all - Every API call requires
role: adminverified server-side - Do not add any public-facing routes or features here
Responsibilities: Approve/manage mitra accounts, platform config, session/payment monitoring, mitra-client escalation management, trial period configuration.
Why: Network-level blocking means even an auth bug cannot expose internal routes to the internet.