> ## Documentation Index
> Fetch the complete documentation index at: https://greenteagentic.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Architecture

> Stack, routing, and runtime.

## Stack

| Layer        | Choice                                                 |
| ------------ | ------------------------------------------------------ |
| Framework    | TanStack Start v1 (React 19 + Vite 7)                  |
| Runtime      | Cloudflare Workers                                     |
| Styling      | Tailwind CSS v4 + OKLCH tokens                         |
| UI           | shadcn/ui (new-york) + lucide                          |
| Backend      | Supabase (Postgres + Auth + RLS)                       |
| Server logic | TanStack `createServerFn`                              |
| AI           | Teagentic AI Gateway (`google/gemini-3-flash-preview`) |

> Server-side logic uses TanStack server functions, **not** Supabase Edge Functions.

## Request flow

```text theme={null}
Browser
  │  fetch / page nav
  ▼
TanStack Start (SSR on Cloudflare Worker)
  │  createServerFn RPC (Authorization: Bearer <jwt>)
  ▼
requireSupabaseAuth middleware → authed Supabase client
  │  SELECT/INSERT/UPDATE (RLS scoped to user)
  ▼
Postgres (the platform)
```

For AI calls, the server function calls `chatJSON()` → Teagentic AI Gateway → model provider.

## Auth wiring

* `src/integrations/supabase/auth-attacher.ts` attaches the user's bearer token to every server function call (registered as `functionMiddleware` in `src/start.ts`).
* `src/integrations/supabase/auth-middleware.ts` validates the token on the server and yields `{ supabase, userId, claims }` in `context`.

## Layout routes

`src/routes/_authenticated.tsx` is a pathless layout with `beforeLoad` that redirects unauthenticated users to `/login`. All gated pages live under `src/routes/_authenticated/`.
