SkillMate/docs/ARCHITECTURE.md

Architecture Overview

Layers

• Domain: Types in shared/ reused by backend/frontend.
• Use-Cases: backend/src/usecases (e.g., auth/loginUser, employees CRUD, users management).
• Repositories: backend/src/repositories do all DB access; controllers do not use SQL.
• Adapters/HTTP: backend/src/routes/* map HTTP <-> use-cases and validate inputs.
• Infra/Services: encryption, email, sync components, logger.

Database Ownership

• Canonical core schema lives in backend/src/config/secureDatabase.ts (users, employees, skills + junctions, language_skills, specializations, controlled_vocabulary, system_settings, security_audit_log). These include field encryption and hash indexes.
• Extended, non-sensitive schema lives in backend/src/config/database.ts (profiles + facets, workspaces/bookings, analytics, organizational structure, deputies, reminders, audit_log).
• Initialization order: initializeSecureDatabase() runs before initializeDatabase(). Routes import db from either module, but both resolve to the same secure DB instance.

Security

• JWT required; in production JWT_SECRET must be set.
• Field-level encryption (AES) for sensitive data + deterministic hashes for lookups.
• Error redaction: sensitive fields are redacted in logs.

Sync

• Modular components under backend/src/services/sync:
  • queueStore: DB interactions (pending, status, metadata)
  • transport: HTTP communication between nodes
  • applier: applies changes entity-wise
  • SyncService: orchestrates and exposes routes

Migrations

• Simple runner: npm run migrate in backend
• Tracks applied migrations in schema_version; add files to backend/scripts/migrations.

Frontend

• API abstraction with normalized error handling
• ErrorBoundary wraps the app