Constraints¶
These are the hard boundaries within which we operate. They are not aspirational — they are facts about our current situation that directly shape technical decisions.
Team¶
- Size: Solo developer / small team (1-3 people)
- Implication: Tooling must minimize operational overhead. Prefer convention over configuration. Prefer fewer, well-chosen tools over a sophisticated but maintenance-heavy stack.
- Implication: No 24/7 on-call. The system must be resilient to operator absence.
Budget¶
- Infrastructure: Firebase free tier / Blaze (pay-as-you-go) only
- No dedicated servers: No Redis instance, no WebSocket server, no Kubernetes cluster
- Implication: The L2 cache uses a
CacheBackendinterface with an in-memory fallback. Redis can be plugged in later when budget allows, but the system works without it. - Implication: Real-time sync uses Firebase Realtime Database / Firestore onSnapshot, not a custom WebSocket server.
Technology Compatibility¶
The packages must be consumable by the existing monorepo without breaking changes:
| Technology | Version | Constraint |
|---|---|---|
| TypeScript | 5.3.3+ | Strict mode, moduleResolution: bundler |
| Firebase SDK | 11.8.1+ | Client-side only (no firebase-admin in packages) |
| React | 18.3.1+ | Only in @cyber-eco/auth hooks/context, as optional peer dep |
| Next.js | 15.3.2+ | Packages must work with App Router and Server Components |
| Node.js | 18+ | Minimum runtime version |
Distribution¶
- Registry: GitHub Packages (
@cyber-ecoorganization scope) - Access: Restricted (private to organization members) — not public npm
- Implication: Every consuming project needs
.npmrcwith GitHub Packages configuration - Future: Can be moved to public npm when the ecosystem is mature
Monorepo Coexistence¶
- The
cybereco-monorepomust continue working during and after migration - No big-bang switch — adoption is gradual, one app at a time
- During transition, both the old
libs/directories and the new packages may coexist - The old
@cyber-eco/shared-types,@cyber-eco/firebase-config,@cyber-eco/authimport paths must remain valid until all apps are migrated
Runtime Environment¶
- Browser + Node: All packages except
@cyber-eco/auth/servermust work in browser environments - No native modules: No packages that require compilation (no
bcrypt, usebcryptjs; no native WebSocket, use interfaces) - Bundle size matters: Tree-shaking must work.
@cyber-eco/typesshould add zero bytes to a production bundle. Firebase must be externalized, not bundled.
Package Boundaries¶
@cyber-eco/servicesmust have zero imports fromfirebase/*— this is the core architectural constraint that enables storage agnosticism@cyber-eco/typesmust have zero runtime dependencies — it is pure TypeScript@cyber-eco/firebaseis the only package that imports fromfirebase/*- No package may depend on
@cyber-eco/firebaseexcept through the consumer's runtime wiring
Security¶
- No secrets in source code — all Firebase config comes from environment variables
- No
firebase-adminSDK in any package — admin operations are handled by Cloud Functions separately - Peer dependencies for security-sensitive libraries (Firebase, jsonwebtoken) — consumers control the version