01.a - System-Architecture
Relevant source files
Purpose and ScopeLink copied!
This document explains the overall architecture of godeep.wiki, including its event-driven design, integration points with external services, and the rationale behind its stateless, log-based correlation model. The system is fundamentally a repository access provisioning platform, not an automated documentation generator—it facilitates payment processing, GitHub repository access granting, and triggers manual documentation workflows.
For detailed component-level descriptions, see Key Components. For data correlation mechanisms, see Data Flow & Correlation. For authentication specifics, see Authentication & GitHub Integration.
High-Level Architecture OverviewLink copied!
godeep.wiki is built on a serverless, event-driven architecture deployed on Vercel. The system orchestrates a multi-stage workflow: payment processing → repository connection → automated repository cloning → manual documentation generation. Unlike typical SaaS applications, this system intentionally lacks a database—all correlation happens through logs and event payloads, optimized for low-volume, owner-operated workflows.
Core Architectural PrinciplesLink copied!
| Principle | Implementation | Rationale |
|---|---|---|
| Event-Driven | ntfy.sh message broker coordinates async workflows | Decouples payment, GitHub connection, and automation scripts |
| Stateless | No database; uses Vercel logs and cookies for correlation | Simplifies deployment; suitable for low-volume operation |
| Dual Authentication | Separate OAuth (users) and GitHub App (owner) token systems | Security isolation between customer and owner capabilities |
| Manual Workflow | Automation ends at repo cloning; documentation generation is manual | Owner uses external tools (Devin + Chrome extension) for actual docs |
| Cookie-Based State | stripe_session_id and github_oauth_state cookies link flows | Temporary state management during OAuth without persistence |
Sources: CLAUDE.md L1-L225
High-Level Diagrams
System Component MapLink copied!
Sources: CLAUDE.md L54-L68
High-Level Diagrams
Technology StackLink copied!
Frontend & RuntimeLink copied!
| Component | Technology | Key Files |
|---|---|---|
| Web Framework | Next.js 14 (App Router) | app/layout.tsx next.config.mjs |
| Language | TypeScript 5.x | tsconfig.json |
| Styling | Tailwind CSS with oklch colors | app/globals.css L1-L182 |
| UI Components | Custom components + Radix UI | components/ directory |
| Hosting | Vercel (serverless functions) | Deployed via Vercel platform |
Backend & IntegrationsLink copied!
| Service | Purpose | Environment Variables |
|---|---|---|
| Stripe | Payment processing ($10 checkout) | STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET |
| GitHub OAuth | User authentication for dashboard | GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET |
| GitHub App | Owner repository access (installation tokens) | GITHUB_APP_ID, GITHUB_PRIVATE_KEY |
| ntfy.sh | Event message broker | NTFY_TOPIC |
| Cloudflare Analytics | Traffic monitoring (optional) | NEXT_PUBLIC_CF_BEACON_TOKEN |
External AutomationLink copied!
The automation scripts (ntfy-godeep-automation.sh
ntfy-godeep-automation-remote.sh
) run outside the Next.js application as standalone processes. They subscribe to ntfy.sh notifications and execute repository cloning workflows using git, gh CLI, and the admin token generation API.
Sources: .env.example L1-L15
Event-Driven Workflow ArchitectureLink copied!
The system's core workflow is orchestrated through asynchronous events rather than synchronous request-response patterns. This design decouples payment verification, GitHub connection confirmation, and repository automation into independent stages.
Event Flow SequenceLink copied!
Sources: CLAUDE.md L32-L42
app/api/auth/github/callback/route.ts
app/api/webhooks/stripe/route.ts
High-Level Diagram 2
Message Broker: ntfy.shLink copied!
The system uses ntfy.sh as a lightweight message broker. Two event types trigger notifications:
- Payment Completed: app/api/webhooks/stripe/route.ts sends notification when
checkout.session.completedwebhook fires - GitHub Connected: app/api/auth/github/callback/route.ts sends notification after successful OAuth callback with
installation_id
Notification Payload Structure:
Title: "GitHub Repository Connected - [Match ID]"
Message: "[username] connected installation [installation_id]"
Tags: github_connection
Match ID: Last 12 characters of session_id
The automation scripts subscribe to NTFY_TOPIC and parse these notifications to extract installation_id, which they use to call the admin token API.
Sources: CLAUDE.md L153-L167
High-Level Diagram 4
Authentication ArchitectureLink copied!
The system implements two separate authentication mechanisms serving different purposes: OAuth tokens for customers viewing their own repositories, and GitHub App installation tokens for the owner accessing customer repositories.
Dual Token ModelLink copied!
Sources: CLAUDE.md L68-L80
app/api/admin/generate-token/route.ts
High-Level Diagram 3
Token Characteristics ComparisonLink copied!
| Aspect | User OAuth Token | Installation Access Token |
|---|---|---|
| Generated By | app/api/auth/github/callback/route.ts L80-L95 | lib/github-app.ts L20-L45 via GitHub App |
| Storage | HTTP-only cookie (github_token) | Not stored; generated on-demand |
| Lifespan | 24 hours | 1 hour |
| Scope | User's repositories only | Customer's selected repositories |
| Used By | Customer in app/dashboard/page.tsx | Owner in automation scripts + manual access |
| Credentials | GITHUB_CLIENT_ID + GITHUB_CLIENT_SECRET | GITHUB_APP_ID + GITHUB_PRIVATE_KEY |
| Authorization | User-level permissions | Installation-level permissions (read-only) |
Key Security Principle: Users never receive installation tokens, and the owner never uses customer credentials. This architectural separation prevents privilege escalation and enforces principle of least privilege.
Sources: CLAUDE.md L68-L80
Deployment Model and Design RationaleLink copied!
Stateless ArchitectureLink copied!
Unlike traditional web applications, godeep.wiki intentionally avoids databases. All data correlation happens through:
- Cookies: Temporary state during OAuth flow (app/api/auth/github/route.ts L25-L30 sets
stripe_session_idandgithub_oauth_state) - Vercel Logs: Permanent record of
session_id+installation_idlinkage (app/api/auth/github/callback/route.ts L95-L110 ) - Stripe Dashboard: Customer email and payment details searchable by
session_id - ntfy Notifications: Carry
installation_idin payload for automation scripts
Rationale for No Database:
| Benefit | Explanation |
|---|---|
| Deployment Simplicity | No database provisioning, migrations, or backups needed |
| Cost Efficiency | Avoids database hosting costs for low-volume operation |
| Operational Transparency | Owner reviews logs manually; no hidden state |
| Low-Volume Optimization | Manual correlation acceptable when processing <10 requests/day |
| Stateless Scaling | Vercel functions can scale without database connection limits |
Trade-Off: Manual correlation is required. Owner must:
- Check Stripe for
session_idof payment - Search Vercel logs for matching
session_idto findinstallation_id - Use
installation_idin admin panel to generate token
Sources: CLAUDE.md L44-L50
High-Level Diagram 5
Vercel Serverless DeploymentLink copied!
The application runs entirely on Vercel's serverless platform:
- Web Pages: Rendered as serverless functions (app router pages)
- API Routes: app/api/**/route.ts deployed as individual endpoints
- Server Actions: app/actions.ts bundled with pages that invoke them
- Edge Functions: None (uses standard Node.js runtime)
- Static Assets: public/ served via Vercel CDN
Configuration: next.config.mjs L1-L10
disables optimizations for static export compatibility.
Sources: next.config.mjs
External Automation ScriptsLink copied!
The automation pipeline (ntfy-godeep-automation.sh
ntfy-godeep-automation-remote.sh
) runs outside Vercel as long-running processes. These scripts:
- Subscribe to
NTFY_TOPICusingcurlin blocking mode - Parse JSON notifications to extract
installation_id - Call api/admin/generate-token to obtain temporary access token
- Clone customer repository using
git clone - Re-initialize as new repository and push to
klaudioz/customer-email-reponame
Why External Scripts?
- Vercel functions have 10-second timeout (hobby plan) or 5-minute max (pro)
- Repository cloning for large repos may exceed these limits
- Long-running ntfy subscription requires persistent connection
- Owner's local machine or VPS provides unlimited execution time
Sources: ntfy-godeep-automation.sh
ntfy-godeep-automation-remote.sh
High-Level Diagram 4
Security ModelLink copied!
Transport and Session SecurityLink copied!
| Layer | Implementation | Code Reference |
|---|---|---|
| TLS Encryption | All traffic over HTTPS (enforced by Vercel) | Production environment |
| CSRF Protection | OAuth state parameter via crypto.randomUUID() | app/api/auth/github/route.ts L20-L25 |
| XSS Mitigation | HTTP-only cookies for token storage | app/api/auth/github/callback/route.ts L105-L110 |
| Webhook Verification | Stripe signature validation | app/api/webhooks/stripe/route.ts L15-L30 |
| Webhook Verification | GitHub signature validation | app/api/webhooks/github/route.ts L15-L30 |
Secrets ManagementLink copied!
All sensitive credentials stored in environment variables (see .env.example
):
- Server-Side Only:
GITHUB_PRIVATE_KEY,STRIPE_SECRET_KEY,GITHUB_CLIENT_SECRET - Client-Exposed:
NEXT_PUBLIC_ADMIN_PASSWORD(unusual pattern, see below)
Security Consideration: The admin password (.env.example L8
) uses NEXT_PUBLIC_ prefix, making it accessible in browser bundle. This suggests simplified security model suitable for single-owner operation rather than enterprise-grade access control. For production hardening, consider:
- Moving admin auth to server-side session
- Implementing rate limiting on api/admin/generate-token
- Adding IP allowlisting for admin routes
Sources: .env.example L1-L15
High-Level Diagram 6
Permission ScopingLink copied!
GitHub App Permissions (github-app-description.md L19-L21
):
contents: read- Read repository filesmetadata: read- Read repository metadataemail_addresses: read- Read user email (for customer communication)
Critical User Choice: During GitHub App installation, users choose between:
- "All repositories" - Grants access to every repo in account
- "Only select repositories" - Grants access only to chosen repos
The app description (github-app-description.md L8-L10
) strongly recommends selecting specific repositories to minimize security exposure.
Sources: github-app-description.md L1-L46
SummaryLink copied!
godeep.wiki's architecture prioritizes simplicity and manual control over automation and scale. The event-driven design using ntfy.sh enables asynchronous processing without complex job queues, while the stateless, log-based correlation eliminates database dependencies. The dual authentication model (OAuth for customers, GitHub App for owner) provides security isolation, and the external automation scripts work around serverless execution time limits. This architecture is optimized for low-volume (1-10 customers/day), owner-operated workflows where manual intervention is acceptable and even preferred for quality control.
Sources: CLAUDE.md L1-L225
All High-Level Diagrams
Refresh this wiki
Last indexed: 23 November 2025 (922b35)
On this page
- System Architecture
- Purpose and Scope
- High-Level Architecture Overview
- Core Architectural Principles
- System Component Map
- Technology Stack
- Frontend & Runtime
- Backend & Integrations
- External Automation
- Event-Driven Workflow Architecture
- Event Flow Sequence
- Message Broker: ntfy.sh
- Authentication Architecture
- Dual Token Model
- Token Characteristics Comparison
- Deployment Model and Design Rationale
- Stateless Architecture
- Vercel Serverless Deployment
- External Automation Scripts
- Security Model
- Transport and Session Security
- Secrets Management
- Permission Scoping
- Summary
Ask Devin about godeep.wiki-jb