The complete, point-by-point development blueprint. Every file, every table, every endpoint, every pattern. Follow this document blindly — it covers the entire development lifecycle from empty repo to production B2B enterprise product.
Every technology used. Versions are pinned. Do NOT upgrade without testing. This is not a suggestion list — these are exact dependencies.
Use exact versions in package.json (no ^ or ~). Use lockfiles. Every upgrade is a deliberate PR.
| Package | Version | Purpose | Why This |
|---|---|---|---|
| next | 15.1.x | Full-stack React framework | App Router, Server Components, API routes, middleware, SSR/SSG |
| react / react-dom | 19.x | UI rendering | Server Components, Suspense, useOptimistic, useFormStatus |
| typescript | 5.7.x | Type safety | Enterprise-grade — no JavaScript files allowed |
| tailwindcss | 4.x | Utility-first CSS | Rapid UI iteration, design tokens via config |
| shadcn/ui | latest | Component library | Copy-paste components, full control, accessible by default |
| @tanstack/react-query | 5.x | Server state management | Caching, background refetch, optimistic updates, infinite queries |
| zustand | 5.x | Client state management | Minimal boilerplate, middleware support, devtools |
| @xyflow/react | 12.x | Diagram editor (React Flow) | Diagram Intelligence visual editing canvas |
| framer-motion | 12.x | Animations | Layout animations, gesture support, exit animations |
| zod | 3.x | Runtime validation | Schema validation for forms, API responses, AI outputs |
| react-hook-form | 7.x | Form handling | Performance (uncontrolled), zod resolver integration |
| @supabase/ssr | 0.5.x | Supabase SSR helpers | Cookie-based auth in Next.js Server Components |
| next-intl | 4.x | i18n | Enterprise needs multi-language support |
| recharts | 2.x | Charts/dashboards | Composable, responsive, React-native charting |
| @monaco-editor/react | 4.x | Code editor | Code Intelligence code viewing with syntax highlighting |
| sonner | 2.x | Toast notifications | Clean API, stacking, custom renders |
| Service | Replaces | Purpose | Config Notes |
|---|---|---|---|
| Supabase PostgreSQL | RDS, PlanetScale | Primary database | Enable pgvector, pg_cron, pg_trgm extensions |
| Supabase Auth | Auth0, Clerk | Authentication | Google SSO, SAML (Enterprise), magic link, MFA |
| Supabase Realtime | Pusher, Socket.io | WebSocket subscriptions | Postgres Changes, Broadcast, Presence channels |
| Supabase Storage | S3, Cloudinary | File storage | Diagrams, audio files, exported reports |
| Supabase Edge Functions | AWS Lambda | Serverless compute (Deno) | Webhooks, lightweight processing, CRON triggers |
| Supabase Vault | HashiCorp Vault | Secrets management | API keys, tokens — never in env vars |
| Supabase Queues | SQS, BullMQ | Job queues | Background processing for heavy engine tasks |
| pgvector (extension) | Pinecone, Weaviate | Vector embeddings | 1536-dim OpenAI / 1024-dim Cohere embeddings |
| pg_cron (extension) | CloudWatch Events | Scheduled jobs | ADR health checks, stale decision alerts, usage rollups |
Region: us-east-1 (or closest to users). Plan: Pro ($25/mo) for development, Team ($599/mo) for production. Enable Point-in-Time Recovery, Read Replicas when >1000 users.
| Provider | Model | Use Case | Latency | Cost/1M tokens |
|---|---|---|---|---|
| Anthropic | Claude Sonnet 4.5 | Primary analysis — meetings, code review, ADR generation | ~2s | $3 in / $15 out |
| Anthropic | Claude Haiku 4.5 | Fast classification — trigger detection, PII filter, routing | ~400ms | $0.25 in / $1.25 out |
| Anthropic | Claude Opus 4.6 | Complex reasoning — architecture review, failure simulation | ~5s | $15 in / $75 out |
| OpenAI | GPT-4o | Vision — diagram parsing (PNG/JPG to structured graph) | ~3s | $2.50 in / $10 out |
| OpenAI | text-embedding-3-large | Embeddings — semantic search, similarity, caching | ~200ms | $0.13/1M |
| Deepgram | Nova-3 | Speech-to-text — real-time meeting transcription | ~200ms | $0.0059/min |
| Groq | Llama 4 Scout | Fallback — when primary providers are down/slow | ~300ms | $0.11 in / $0.34 out |
Every AI call goes through the Model Router. Route by: (1) task complexity → Haiku for simple, Sonnet for medium, Opus for complex. (2) latency requirement → meeting pipeline uses Sonnet/Haiku only. (3) cost budget → track spend per org, throttle when approaching limit. (4) fallback chain → if Claude down, route to Groq.
| Package | Version | Purpose |
|---|---|---|
| electron | 33.x | Desktop runtime — system tray, audio capture |
| electron-builder | 25.x | Build + auto-update (macOS DMG, Windows NSIS, Linux AppImage) |
| electron-store | 10.x | Encrypted local config persistence |
| @electron/remote | 2.x | IPC between main/renderer |
| Technology | Purpose |
|---|---|
| Chrome Manifest V3 | Extension framework — service worker, content scripts |
| Plasmo Framework | Extension build tooling — HMR, TypeScript, React support |
| React 19 | Popup + sidebar UI rendering |
| Tool | Purpose | Config |
|---|---|---|
| GitHub Actions | CI/CD | Lint → Type check → Test → Build → Deploy |
| Hostinger VPS | Next.js hosting (self-managed) | PM2 process manager, Nginx reverse proxy, SSL via Certbot |
| Turborepo | Monorepo build system | Shared packages, parallel builds, remote caching |
| Docker | Containerization | Electron build environment, self-hosted deployment |
| Sentry | Error tracking | Source maps, performance monitoring, session replay |
| PostHog | Product analytics | Feature flags, session recording, funnels, A/B tests |
| Stripe | Billing | Subscriptions, usage-based metering, invoices, tax |
| Resend | Transactional email | React Email templates, webhooks |
| Upstash | Redis (rate limiting) | API rate limiting, session throttling, temp cache |
| Tool | Version | Config |
|---|---|---|
| eslint | 9.x | Flat config. Rules: @typescript-eslint/strict, import/order, no-console |
| prettier | 3.x | printWidth: 100, singleQuote: true, trailingComma: 'all', semi: true |
| husky | 9.x | pre-commit: lint-staged. pre-push: type-check + test |
| lint-staged | 15.x | Run eslint --fix + prettier on staged files only |
| commitlint | 19.x | Conventional commits: feat|fix|chore|docs|refactor|test|perf |
| vitest | 3.x | Unit + integration tests. Coverage threshold: 80% |
| playwright | 1.49.x | E2E tests. Browsers: chromium, firefox, webkit |
| knip | 5.x | Detect unused exports, dependencies, files |
These are not suggestions. Every component, service, and module MUST follow these patterns. Deviations require a written ADR.
ESLint custom rules + PR review checklist enforce these patterns. Code that violates them will not merge.
WHY: No component or API route directly calls Supabase. All DB access goes through repository classes. This isolates data layer, enables testing with mocks, and ensures RLS is always applied.
WHY: API routes are thin controllers. They validate input (Zod), call a service, return the response. All business logic lives in service classes. Services call repositories, never Supabase directly.
WHY: Services depend on repositories, repositories depend on Supabase client. We wire them using a DI container so tests can swap in mocks without changing service code.
WHY: Thrown errors are invisible in TypeScript — callers don't know what can fail. Use a Result type so every return value explicitly declares success or failure.
WHY: Prompts are NOT hardcoded strings. Every prompt is stored in the database with version tracking, A/B testing support, and rollback capability. Think of prompts like database migrations — versioned and tracked.
WHY: When a meeting ends, many things happen: summary generation, ADR extraction, embedding creation, notification sending. Without an event bus, the meeting service must know about ALL downstream consumers. The event bus decouples them.
WHY: If Deepgram is down, you don't want to keep sending requests and waiting for timeouts. Circuit breaker detects failures and "opens" the circuit, returning a fallback immediately.
WHY: Different tasks need different AI models. The Model Router uses the Strategy pattern to select the right model based on task type, latency requirements, cost budget, and provider health.
WHY: The meeting dashboard shows live suggestions, live transcript, live speaker changes. Supabase Realtime fires Postgres changes, and the frontend observes them through React hooks.
WHY: The Diagram Engine supports 7+ formats. Each format has a different parser. The Factory pattern creates the right parser based on the file extension, keeping the DiagramService clean.
WHY: Every API request goes through: auth check → rate limit → input validation → permission check → handler → output validation → audit log. This is a middleware chain, not ad-hoc checks in every route.
WHY: Dashboard reads (list projects, view suggestions, analytics) are fundamentally different from writes (create session, upload diagram). Separate query handlers from command handlers for clarity and performance. Use Supabase Read Replicas for queries at scale.
Non-negotiable rules for every line of code. These are not optional guidelines — violations block merge.
{ error: { code, message, details? } }strict: true in tsconfig.json — no exceptions.noUncheckedIndexedAccess: true — arrays/objects are never blindly accessed.any type. Use unknown + type guards instead.@ts-ignore or @ts-expect-error.supabase gen types — never hand-write DB types.type X = z.infer<typeof XSchema>@next/bundle-analyzer.{ timestamp, level, service, traceId, userId?, orgId?, message, data? }describe('ServiceName') → it('should verb when condition')feat/AP-123-short-description (AP = ArchPilot ticket prefix).fix/AP-456-short-descriptionfeat:, fix:, chore:, docs:)./api/v1/ — always versioned./api/v1/projects, /api/v1/sessions/api/v1/projects/:id/sessions (max 2 levels deep).?status=active&sort=created_at&order=desc&limit=20&cursor=xxx{ data: T, meta?: { cursor, total, page } }{ error: { code: 'VALIDATION_ERROR', message: '...', details: [...] } }
Components: PascalCase.tsx → ProjectCard.tsx, MeetingDashboard.tsx
Hooks: use-kebab-case.ts → use-realtime-suggestions.ts
Services: kebab-case.service.ts → project.service.ts
Repositories: kebab-case.repository.ts → project.repository.ts
Types: kebab-case.types.ts → project.types.ts
Utils: kebab-case.ts → format-date.ts, sanitize-html.ts
Tests: co-located → project.service.test.ts next to project.service.ts
Zod schemas: kebab-case.schema.ts → create-project.schema.ts
One repository, five applications, shared packages. Every file has a home. If you don't know where to put it, it doesn't exist yet.
Shared types between web app and Electron agent. Shared UI components. Single CI pipeline. Atomic cross-app changes. One dependency tree.
NEXT_PUBLIC_SUPABASE_URL=https://xxx.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=xxx
SUPABASE_SERVICE_ROLE_KEY=xxx (server-side only, NEVER expose to client)
ANTHROPIC_API_KEY=xxx
OPENAI_API_KEY=xxx
DEEPGRAM_API_KEY=xxx
STRIPE_SECRET_KEY=xxx
STRIPE_WEBHOOK_SECRET=xxx
SENTRY_DSN=xxx
UPSTASH_REDIS_URL=xxx
POSTHOG_KEY=xxx
In production: ALL of these go in Supabase Vault or server env vars, not .env files.
Every table, every column, every type, every index, every RLS policy. This is the exact SQL you run. Nothing is implied.
NEVER modify the database through Supabase Dashboard in production. All changes are SQL migration files in supabase/migrations/. Run via supabase db push or CI pipeline. Every migration is version-controlled and reversible.
Every endpoint, every method, every input/output schema. All routes go through the middleware chain: Auth → RateLimit → Validate → Handler → Audit.
https://app.archpilot.dev/api/v1 — all endpoints are versioned. Breaking changes = new version.
| Method | Path | Input | Output | Auth | Rate |
|---|---|---|---|---|---|
| GET | /projects | ?org_id, ?cursor, ?limit | { data: Project[], meta: Pagination } | member | 100/min |
| POST | /projects | { name, description, tech_stack, org_id } | { data: Project } | admin+ | 20/min |
| GET | /projects/:id | — | { data: Project } | member | 100/min |
| PATCH | /projects/:id | { name?, description?, settings? } | { data: Project } | admin+ | 20/min |
| DELETE | /projects/:id | — | { success: true } | owner | 5/min |
| GET | /projects/:id/stats | ?range=7d|30d|90d | { sessions, decisions, suggestions, diagrams } | member | 100/min |
| Method | Path | Input | Output | Notes |
|---|---|---|---|---|
| POST | /sessions | { project_id, title? } | { data: Session, ws_url: string } | Returns WebSocket URL for audio streaming |
| GET | /sessions/:id | — | { data: Session } | — |
| PATCH | /sessions/:id | { status: 'paused'|'recording' } | { data: Session } | Pause/resume |
| POST | /sessions/:id/end | — | { data: Session, summary } | Triggers post-meeting summary generation |
| GET | /sessions/:id/transcript | ?cursor, ?limit | { data: Transcript[] } | Paginated transcript chunks |
| GET | /sessions/:id/suggestions | ?type, ?severity, ?status | { data: Suggestion[] } | Filter by type/severity |
| GET | /sessions/:id/decisions | — | { data: Decision[] } | Decisions detected during session |
| WS | /ws/sessions/:id/audio | Binary audio chunks (16kHz PCM) | SSE: transcript, suggestion events | WebSocket for Electron agent |
| Method | Path | Input | Output | Notes |
|---|---|---|---|---|
| POST | /diagrams/upload | FormData: { file, project_id, name } | { data: Diagram } | Max 25MB, triggers async analysis |
| GET | /diagrams/:id | — | { data: Diagram, graph, analysis } | Includes parsed graph + analysis results |
| POST | /diagrams/:id/analyze | { rules?: string[] } | { data: AnalysisResult } | Re-run analysis with custom rule set |
| POST | /diagrams/:id/suggest-replacement | { node_id, context? } | { alternatives: Alternative[] } | Each has pros/cons/risk/cost |
| POST | /diagrams/:id/apply-replacement | { node_id, replacement_id } | { data: Diagram (new version) } | Creates new version with rewired connections |
| GET | /diagrams/:id/compare/:otherId | — | { comparison: Comparison8D } | 8-dimension comparison |
| GET | /diagrams/:id/versions | — | { data: Diagram[] } | Version history chain |
| Method | Path | Input | Output | Notes |
|---|---|---|---|---|
| POST | /code/repos/connect | { provider, owner, repo, project_id } | { data: CodeRepo } | Starts OAuth, installs webhook |
| GET | /code/repos/:id | — | { data: CodeRepo, scan_results } | Latest architecture scan |
| POST | /code/repos/:id/scan | { branch? } | { job_id } | Async — triggers full repo scan |
| GET | /code/repos/:id/scan/:jobId | — | { status, results? } | Poll for scan completion |
| GET | /code/repos/:id/reviews | ?cursor | { data: CodeReview[] } | All PR reviews for repo |
| GET | /code/repos/:id/drift | — | { drift_items: DriftItem[] } | All decision-code mismatches |
| POST | /webhooks/github | GitHub webhook payload | { received: true } | Edge Function — handles PR events |
| Method | Path | Input | Output | Notes |
|---|---|---|---|---|
| GET | /adrs | ?project_id, ?status, ?cursor | { data: ADR[] } | ADR repository listing |
| POST | /adrs | { project_id, title, context, decision, consequences } | { data: ADR } | Manual ADR creation |
| POST | /adrs/generate | { session_id } or { decision_id } | { data: ADR (draft) } | AI-generated from meeting/decision |
| GET | /adrs/:id | — | { data: ADR, quality_score, conflicts } | Full detail + quality + conflicts |
| PATCH | /adrs/:id | Partial ADR fields | { data: ADR } | — |
| POST | /adrs/:id/score | — | { quality_score: QualityScore } | Re-run 12-criteria scoring |
| GET | /adrs/:id/conflicts | — | { conflicts: ConflictItem[] } | Cross-reference with other ADRs |
| POST | /adrs/:id/supersede | { new_adr_id } | { data: ADR } | Mark as superseded, link to new |
| Method | Path | Input | Output | Notes |
|---|---|---|---|---|
| PATCH | /suggestions/:id | { status: 'accepted'|'rejected'|'deferred', feedback? } | { data: Suggestion } | User acts on suggestion |
| POST | /suggestions/:id/feedback | { rating: 1-5, comment? } | { data: Feedback } | Feeds back into prompt improvement |
| GET | /suggestions/search | ?q=query&project_id | { data: Suggestion[] } | Semantic search via pgvector |
| Method | Path | Auth | Purpose |
|---|---|---|---|
| GET | /admin/org | owner | Org settings, billing, limits |
| PATCH | /admin/org | owner | Update org settings |
| GET | /admin/members | admin+ | List all org members with roles |
| POST | /admin/members/invite | admin+ | Invite user by email |
| PATCH | /admin/members/:id | admin+ | Change member role |
| DELETE | /admin/members/:id | owner | Remove member |
| GET | /admin/audit-log | admin+ | Paginated audit trail |
| GET | /admin/usage | admin+ | Usage metrics + cost breakdown |
| GET | /admin/compliance | admin+ | Compliance dashboard data |
| POST | /admin/billing/portal | owner | Creates Stripe billing portal session |
Complete auth flow using Supabase Auth. RBAC with 6 roles. Permission matrix for every action.
→ /signup page
supabase.auth.signInWithOAuth / signInWithOtp
/auth/callback → exchanges code for session
on auth.users INSERT → creates profile row
Create/join org, set name, avatar
Redirect to /
| Action | Owner | Admin | Architect | Developer | Viewer | Billing |
|---|---|---|---|---|---|---|
| View projects | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| Create/edit projects | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Delete projects | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Start meeting sessions | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Upload diagrams | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Create/edit ADRs | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Approve ADRs | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Connect repos | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| View suggestions | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| Manage team members | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| View audit log | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Manage billing | ✓ | ✗ | ✗ | ✗ | ✗ | ✓ |
| View compliance | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Org settings | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
Enterprise customers (>100 seats) get SAML SSO + SCIM auto-provisioning.
/scim/v2/Users and /scim/v2/GroupsReal-time audio capture → STT → context assembly → AI suggestion → broadcast. End-to-end latency target: <5 seconds.
desktopCapturer
webm/opus 16kHz
250ms chunks
Nova-3 ~200ms
~50ms
2-min window
Haiku ~100ms
pgvector
1-3s
Schema
Realtime
Triggered by meeting.ended event. Runs as background job queue task.
User clicks stop
Assemble all
Sonnet gen
From transcript
Per decision
Chunk + vectorize
Email summary
STT latency: <300ms | Trigger detection: <100ms | Suggestion generation: <3s | Total end-to-end: <5s | Post-meeting summary: <30s
Upload any architecture diagram → parse to graph → detect anti-patterns → suggest replacements → visual editing → version compare.
7 formats
Auto
Route to parser
nodes + edges
40+ rules
pros/cons/risk
Visual editor
| Format | Parser | Strategy | Output |
|---|---|---|---|
| PNG / JPG / PDF | VisionParser | GPT-4o Vision → extract components, arrows, labels | Structured JSON graph |
| Draw.io (.xml) | DrawioParser | Parse mxGraphModel → extract mxCell elements | Native graph with styles |
| Excalidraw | ExcalidrawParser | JSON → elements array + arrow bindings | Positional graph |
| Mermaid (.md) | MermaidParser | Mermaid.js parser → AST → nodes/edges | Semantic graph |
| SVG | SvgParser | DOM parsing + AI label extraction | Labeled graph |
| Terraform / CDK | IaCParser | HCL/TS parser → resource dependency map | Infrastructure graph |
e.g. "RDS"
3-5 alternatives
Pros/Cons/Risk/Cost
All connections
Impact on system
| Dimension | Original | AI Optimized | Cost Optimized |
|---|---|---|---|
| Reliability | 62/100 | 89/100 | 74/100 |
| Scalability | 45/100 | 92/100 | 71/100 |
| Security | 58/100 | 85/100 | 60/100 |
| Monthly Cost | $2,400 | $4,100 | $1,800 |
| Anti-Patterns | 7 | 1 | 3 |
| Compliance | No | SOC2+HIPAA | SOC2 |
Connect GitHub/GitLab → AST parse → detect patterns → compare decisions vs code → PR-level architecture review.
PR opened
Changed files
AST parse
60+ rules
Decision vs code
PR comments
Module boundaries, dependency graphs, "is this a monolith disguised as microservices?"
REST endpoints, GraphQL schemas, versioning, error handling, auth middleware.
ORM usage, N+1 queries, missing indexes, connection pooling, transaction boundaries.
Try/catch coverage, retry logic, circuit breakers, timeouts, graceful degradation.
Auth middleware, input validation, SQL injection, XSS, hardcoded secrets, CORS config.
Repository, factory, strategy, CQRS, event sourcing, DDD. Flags misuse.
| Decision (Meeting/ADR) | Code Reality | Drift Type | Severity |
|---|---|---|---|
| "Use event-driven for orders" | Synchronous HTTP calls found | Architecture Drift | Critical |
| "All services need circuit breakers" | 3 of 8 services missing | Implementation Gap | High |
| "Use PostgreSQL for user data" | PostgreSQL confirmed ✓ | Aligned | None |
| "API versioning via URL path" | Mix of URL + header versioning | Inconsistency | Medium |
Auto-generate ADRs from meetings → 12-criteria quality scoring → conflict detection → living repository with health monitoring.
Discussion
Decisions
AI Draft
12 criteria
Conflicts
Approve
Repository
Weekly
| Criterion | Weight | Checks | Common Failure |
|---|---|---|---|
| Context Completeness | 12% | WHY was this needed? | Jumps to solution |
| Options Considered | 10% | 3+ alternatives listed? | Only chosen option |
| Trade-off Analysis | 10% | Pros/cons per option? | Only pros of chosen |
| Decision Reasoning | 10% | WHY this option won? | No explanation |
| Consequences | 10% | Impact documented? | Missing in 70% of ADRs |
| Risk Assessment | 10% | What could go wrong? | Overly optimistic |
| Reversibility | 8% | How hard to reverse? | Missing entirely |
| Scale Assumptions | 8% | At what scale? | Made for 100, applied at 1M |
| Cost Implications | 7% | Cost impact? | No cost analysis |
| Compliance Impact | 5% | Regulatory? | Not considered |
| Expiry / Review Date | 5% | When to revisit? | Decisions become stale |
| Cross-References | 5% | Related ADRs linked? | ADRs in isolation |
85-100: Excellent — publish immediately | 70-84: Good — minor improvements suggested | 50-69: Needs Work — specific gaps flagged | Below 50: Insufficient — requires significant revision
Two-pass approach: embeddings similarity (fast, broad) → rule-based check (precise, specific).
Living knowledge base across 11 domains. Contextual recommendations with pros/cons/risks. Learning loop from user feedback.
AWS, Azure, GCP, multi-cloud, hybrid, serverless
Monolith, microservices, CQRS, DDD, event sourcing
SQL/NoSQL, data lakes, streaming, data mesh
REST, GraphQL, gRPC, versioning, error handling
Zero trust, OAuth/OIDC, encryption, secrets mgmt
Horizontal/vertical, caching, CDN, connection pooling
Circuit breakers, retries, graceful degradation, chaos
GitOps, IaC, blue-green, canary, feature flags
Observability, tracing, alerting, SLOs/SLIs
SSR, micro-frontends, state mgmt, performance
Team topologies, Conway's law, tech debt mgmt
Shown to user
Accept / Reject
1-5 stars
prompt_registry
Higher relevance
Accepted suggestions boost the underlying prompt's performance_score. Rejected suggestions with feedback trigger prompt review. Low-scoring prompts get A/B tested against new versions.
Compliance, policy engine, audit logging, billing, and admin console for B2B enterprise customers.
| Rule | Evaluated Against | Action on Violation |
|---|---|---|
| "All services must have circuit breakers" | Code scans, Diagrams | Flag in PR review + diagram analysis |
| "No single point of failure" | Diagrams | Anti-pattern alert in diagram analysis |
| "All APIs must be versioned" | Code scans | Flag unversioned endpoints in PR review |
| "ADRs required for infrastructure changes" | PR labels + commit messages | Block merge until ADR linked |
| "Max 3 sync hops between services" | Diagrams, Code | Critical anti-pattern alert |
| Tier | Price | Seats | AI Calls/mo | Features |
|---|---|---|---|---|
| Free | $0 | 1 | 50 | 1 project, meeting only, no export |
| Starter | $29/seat/mo | 5 | 500 | 3 projects, all engines, basic analytics |
| Professional | $79/seat/mo | 25 | 5,000 | Unlimited projects, RBAC, integrations, priority support |
| Enterprise | Custom | Unlimited | Unlimited | SSO/SAML, SCIM, compliance, dedicated support, SLA, on-prem option |
From meeting/ADR
Auto-validate
Blast radius
Notify architects
Multi-sig
PRs + drift
Lightweight system tray app. Captures system audio, streams to backend, shows floating suggestions. No meeting bot — no joining calls.
No session
WebSocket open
Audio streaming
Buffer locally
Post-meeting
Summary ready
| Channel | Direction | Payload |
|---|---|---|
| START_SESSION | Renderer → Main | { projectId, title } |
| STOP_SESSION | Renderer → Main | { sessionId } |
| AUDIO_STATUS | Main → Renderer | { state, duration, bytesStreamed } |
| NEW_SUGGESTION | Main → Renderer | Suggestion object from backend SSE |
| CONNECTION_STATUS | Main → Renderer | { connected, latency } |
| AUTH_TOKEN | Main → Renderer | { token, expiresAt } |
GitHub Actions CI, PM2 for process management, Nginx reverse proxy, Certbot SSL. Supabase hosted (managed).
1. Ubuntu 22.04 LTS on Hostinger VPS (min 4GB RAM, 2 vCPU)
2. Install: Node.js 22 (via nvm), pnpm, PM2, Nginx, Certbot
3. pm2 start npm --name archpilot-web -- start (Next.js on port 3000)
4. Nginx reverse proxy: 443 → localhost:3000 with SSL via Certbot
5. pm2 startup && pm2 save (auto-restart on reboot)
6. UFW firewall: allow 22, 80, 443 only
7. Environment variables in /var/www/archpilot/.env.production
| Tool | Purpose | Alert Threshold |
|---|---|---|
| Sentry | Error tracking + performance | Error rate > 1% → Slack alert |
| PostHog | Product analytics + feature flags | Conversion drop > 20% → alert |
| UptimeRobot | Uptime monitoring (free tier) | Down > 30s → SMS + Slack |
| PM2 Plus | Server monitoring (CPU/RAM/disk) | CPU > 80% or RAM > 90% → alert |
| Environment | URL | Database | Deploy |
|---|---|---|---|
| Local | localhost:3000 | Supabase local (Docker) | pnpm dev |
| Staging | staging.archpilot.dev | Supabase staging project | Push to staging branch |
| Production | app.archpilot.dev | Supabase production project | Merge to main |
Testing pyramid: Unit (70%) → Integration (20%) → E2E (10%). Coverage gates block merge.
| Layer | Target | Includes |
|---|---|---|
| Services | 80% | All business logic in src/lib/services/ |
| Repositories | 80% | All DB access in src/lib/repositories/ |
| Engines | 75% | AI engines, parsers, rules |
| Components | 70% | React components with logic |
| Utils | 60% | Helper functions, formatters |
| E2E | Happy paths | Auth, meeting, diagram upload, settings |
34 sprints × 2 weeks = 68 weeks. Follow this order exactly. Each sprint has dependencies on prior sprints. Do not skip ahead.
A sprint is DONE when: all code merged to main, all tests passing (coverage gates met), no critical bugs, feature demo recorded, documentation updated.
pnpm create turbo@latest → configure workspaces (apps/web, apps/agent, packages/*)pnpm create next-app apps/web → TypeScript strict, App Router, Tailwind 4, shadcn/ui initDone when: Auth works, empty dashboard loads, all 18 tables exist with RLS, seed data present.
Done when: Can create/edit/delete projects. Navigation works. Audit log captures all writes.
Done when: Can send test prompt → get AI response → store suggestion → collect feedback. Circuit breaker tested.
Fully functional web app with auth, project management, AI pipeline, and feedback loop. Ready for Meeting Intelligence.
Done when: Electron app captures system audio and sends to backend via WebSocket. Works on macOS + Windows.
Done when: Full loop: speak → transcript appears → suggestion appears in <5s. Dashboard shows everything live.
Done when: Complete meeting lifecycle. Summary emails sent. Decisions extracted. ADR drafts created.
Meeting Intelligence fully operational. Users can record meetings, get real-time suggestions, and receive post-meeting summaries with auto-generated ADRs.
All 5 intelligence engines operational. Full platform intelligence across meetings, diagrams, code, ADRs, and best practices.
Enterprise-ready. RBAC, compliance, SSO, billing, admin console. Ready for B2B sales.
Scaled, polished, extensible. Browser extension live. Self-hosted option available. API platform for ecosystem. Ready for $200M+ ARR growth.
| Phase | Sprints | Weeks | Key Deliverables |
|---|---|---|---|
| 1. Foundation | 1-6 | 12 | Auth, DB, project CRUD, AI pipeline, feedback loop |
| 2. Meeting Intelligence | 7-12 | 12 | Electron agent, real-time STT, live suggestions, post-meeting |
| 3. Diagram + Code + ADR | 13-22 | 20 | All 5 engines operational, cross-engine integration |
| 4. Enterprise | 23-28 | 12 | RBAC, compliance, SSO, Stripe billing, admin console |
| 5. Scale & Extensions | 29-34 | 12 | Chrome extension, performance, self-hosted, API platform |
Total: 34 sprints × 2 weeks = 68 weeks ≈ 16 months from empty repo to full enterprise product.