Saltar a contenido

Constraints

These are the hard boundaries within which we operate. They are not aspirational — they are facts about our current situation that directly shape technical decisions.

Team

  • Size: Solo developer / small team (1-3 people)
  • Implication: Tooling must minimize operational overhead. Prefer convention over configuration. Prefer fewer, well-chosen tools over a sophisticated but maintenance-heavy stack.
  • Implication: No 24/7 on-call. The system must be resilient to operator absence.

Budget

  • Infrastructure: Firebase free tier / Blaze (pay-as-you-go) only
  • No dedicated servers: No Redis instance, no WebSocket server, no Kubernetes cluster
  • Implication: The L2 cache uses a CacheBackend interface with an in-memory fallback. Redis can be plugged in later when budget allows, but the system works without it.
  • Implication: Real-time sync uses Firebase Realtime Database / Firestore onSnapshot, not a custom WebSocket server.

Technology Compatibility

The packages must be consumable by the existing monorepo without breaking changes:

Technology Version Constraint
TypeScript 5.3.3+ Strict mode, moduleResolution: bundler
Firebase SDK 11.8.1+ Client-side only (no firebase-admin in packages)
React 18.3.1+ Only in @cyber-eco/auth hooks/context, as optional peer dep
Next.js 15.3.2+ Packages must work with App Router and Server Components
Node.js 18+ Minimum runtime version

Distribution

  • Registry: GitHub Packages (@cyber-eco organization scope)
  • Access: Restricted (private to organization members) — not public npm
  • Implication: Every consuming project needs .npmrc with GitHub Packages configuration
  • Future: Can be moved to public npm when the ecosystem is mature

Monorepo Coexistence

  • The cybereco-monorepo must continue working during and after migration
  • No big-bang switch — adoption is gradual, one app at a time
  • During transition, both the old libs/ directories and the new packages may coexist
  • The old @cyber-eco/shared-types, @cyber-eco/firebase-config, @cyber-eco/auth import paths must remain valid until all apps are migrated

Runtime Environment

  • Browser + Node: All packages except @cyber-eco/auth/server must work in browser environments
  • No native modules: No packages that require compilation (no bcrypt, use bcryptjs; no native WebSocket, use interfaces)
  • Bundle size matters: Tree-shaking must work. @cyber-eco/types should add zero bytes to a production bundle. Firebase must be externalized, not bundled.

Package Boundaries

  • @cyber-eco/services must have zero imports from firebase/* — this is the core architectural constraint that enables storage agnosticism
  • @cyber-eco/types must have zero runtime dependencies — it is pure TypeScript
  • @cyber-eco/firebase is the only package that imports from firebase/*
  • No package may depend on @cyber-eco/firebase except through the consumer's runtime wiring

Security

  • No secrets in source code — all Firebase config comes from environment variables
  • No firebase-admin SDK in any package — admin operations are handled by Cloud Functions separately
  • Peer dependencies for security-sensitive libraries (Firebase, jsonwebtoken) — consumers control the version