Architecture

Auva is not a single application. It's a distributed ecosystem of interconnected services, each purpose-built for its domain, unified by a shared authentication layer and a consistent design language.

High-Level Overview

text

┌─────────────────────────────────────────────────┐
│                 Auva Ecosystem                   │
│                                                  │
│  ┌──────────┐  ┌──────────┐  ┌──────────┐       │
│  │ Auva Go  │  │Auva Mail │  │Auva Notes│       │
│  │go.auva.dev│ │auva.email│  │notes.*   │       │
│  └────┬─────┘  └────┬─────┘  └────┬─────┘       │
│       │              │              │             │
│       └──────────────┼──────────────┘             │
│                      │                            │
│              ┌───────▼──────────────────┐         │
│              │     Auva Auth API       │         │
│              │   auth.auva.dev         │         │
│              │  JWT + Refresh Tokens   │         │
│              │  OAuth / SSO Provider   │         │
│              └─────────────────────────┘         │
│                                                  │
│              ┌─────────────────────────┐         │
│              │   Auva Account Hub     │         │
│              │     auva.dev           │         │
│              │  User profiles, settings│         │
│              └─────────────────────────┘         │
└─────────────────────────────────────────────────┘

Core Principles

Unified Authentication

Every service in the Auva ecosystem authenticates through Auva Auth (auth.auva.dev). A single account unlocks access to all products. The auth system uses:

JWT Access Tokens: Short-lived (15 min), carried in Authorization: Bearer headers
HTTP-Only Refresh Tokens: Long-lived, stored as secure cookies
Cross-Origin Session Sharing: All *.auva.dev subdomains share session state

Domain Isolation

Each product runs on its own subdomain with its own deployment pipeline:

Product	Domain	Stack
Corporate Hub	`auva.dev`	Next.js 16, React 19
Auva Go	`go.auva.dev`	Next.js, Prisma, PostgreSQL
Auva Mail	`auva.email`	Next.js, Custom SMTP
Auva Notes	`notes.auva.dev`	Next.js (Coming Soon)

Shared Design Language

All products follow the same design system:

Typography: DM Sans (body), Fraunces (display), Source Serif 4 (editorial)
Color Palette: Slate backgrounds (#f8fafc), blue accents (#2563eb)
Components: Consistent border treatments, glassmorphism effects, micro-animations

See the Design System section for detailed brand guidelines and component specifications.

Data Flow

Authentication Flow

text

User → auva.dev/login
  → POST /auth/login (auth.auva.dev)
  → Returns: { accessToken, user }
  → Sets: httpOnly refresh cookie
  → Redirect to dashboard or product

Cross-Product Navigation

When a user navigates between products (e.g., from auva.dev to go.auva.dev):

The target app checks for an existing refresh token cookie
If found, it calls POST /auth/refresh to get a fresh access token
The user is seamlessly authenticated without re-entering credentials
If no cookie exists, the user sees a "Sign in" link redirecting to auva.dev/login

Technology Stack

Layer	Technology
Frontend	React 19, Next.js 16 (App Router)
Styling	Tailwind CSS v4
Animation	Framer Motion, GSAP
Backend	Node.js, Express
Database	MongoDB, PostgreSQL
Auth	JWT, bcrypt, HTTP-only cookies
Deployment	Vercel (Frontend), Custom VPS (Backend)
DNS	Cloudflare
Analytics	Vercel Analytics, Custom dashboards

Authentication Deep Dive

Full technical details on the auth flow, token lifecycle, and security model.

API Reference

Every endpoint across all services, with request and response examples.