Code map
A high-level map of where each concern lives in the tunnelflight monorepo. The bot uses this to skip useless first-grep attempts; new engineers can use it as a “where do I start” reference.
This map only points at major locations — the actual current shape of any specific feature should be verified by reading the files. Treat this as “likely homes,” not “guaranteed homes.”
Top-level projects
tunnelflight/
├── api/ — Node.js + Express + MySQL + Redis. Backend API.
├── www/ — Node.js + Express + EJS + Backbone. Public website.
├── admin/ — Next.js 14 + React 18 + Bootstrap. Admin dashboard.
├── docs/ — Next.js 16 + Nextra 4. This docs site.
├── assistant/ — Next.js 15 + raw @anthropic-ai/sdk. Internal AI assistant (this).
├── tools/ — Standalone scripts (Postman → OpenAPI, etc.).
├── docker/ — Per-service Dockerfiles + mysql init dump.
└── specs/ — Top-level cross-project specs (auth refactor, security remediation).api/ — feature-keyed verticals
The api codebase uses features/{area}/{feature}/{controller,service,repository,routes,model,schema}/index.js
for most domain features. Examples relevant to the bot:
| Feature area | Where |
|---|---|
| Authentication (login, signup, password recovery, 2FA) | api/src/features/auth/ |
| Member profile, dashboard | api/src/features/account/{profile,dashboard}/ |
| Fees / payments / subscription | api/src/features/account/fees/ |
| Channel logbook | api/src/features/account/logbook/ (or similar) |
| Skills / approval / change requests | api/src/features/account/{coach-assessment,change-request,approve-*}/ |
| Public chatbot (OpenAI Assistants — DIFFERENT from this assistant) | api/src/features/public/chatbot/ |
| Cron jobs (scheduled) | api/src/crons/{currency,payment,test-cron}/ |
| Currency rate updaters (per role) | api/src/crons/currency/{coach,flyer,instructors,military,trainer}/ |
| Payment-reminder cron | api/src/crons/payment/reminder/ |
api/ — shared infrastructure
api/src/
└── shared/
├── base/ — base controller/service/repository classes
├── middleware/
│ ├── response/ — error handler, request logger, etc.
│ └── ...
├── utils/
│ ├── database/mysql.js ← THE MySQL pool + executeQuery wrapper
│ ├── set-env/index.js ← Infisical secrets bootstrap
│ ├── jwt/index.js
│ ├── logger/index.js ← Winston logger
│ └── common/ — masked.js, generators, cache invalidation
└── ...When the bot is asked “how is X implemented”, check the feature folder for
{area}/{feature}/service/index.js first, then repository/index.js for
the SQL.
www/ — public website
www/
├── routes/ — Express routes
├── views/ — EJS templates
├── public/ — Static assets, Backbone modules
├── i18n/ — translations
└── ...admin/ — admin dashboard
admin/
├── pages/api/ — Pages Router API routes (mostly proxies to api/)
└── src/app/ — App Router UI (the actual admin pages)docs/ — this site (Nextra 4)
docs/app/
├── overview/ — what the platform does (audience: anyone)
├── business-logic/ — rules per domain (audience: engineers + ops)
├── tech/ — system architecture, integrations
└── _assistant-index/ — hidden, bot-only hintsDatabase tables (high-level groupings)
This list points at table areas; the authoritative schema reference will
land in Phase 3 (tech/db-schema).
| Area | Key tables |
|---|---|
| Members & identity | members, member_addresses, member_logins |
| Payments | fees, fees_mapping, valid_fees, member_subscriptions |
| Skills & training | channel_skills, channel_skills_categories, safety_trainings |
| Bookings & tunnels | channel_tunnels, channel_notifications, tunnel_bookings |
| Currency rates | channel_currency_flyer, ad_costs, role-specific currency tables |
| Operational | op_cron_configs, op_cron_logs |
| Assistant-owned | assistant_users, assistant_user_identities, assistant_user_limits, assistant_conversations, assistant_messages, assistant_artifacts, assistant_cron_logs, assistant_audit_log |
CI / Deploy
| What | Where |
|---|---|
| GitHub Actions workflows | .github/workflows/ |
| Per-service deploy trigger | .github/workflows/do-deployment.yml |
| Assistant CI (lint/typecheck/test/build/migrate) | .github/workflows/assistant-ci.yml |
| DigitalOcean App Platform specs | .do/update-production-specs.sh |
Conventions worth knowing
- api/ is mid-refactor to hexagonal/DDD-lite (use cases + domain entities
- repositories). See
api/REFACTOR_PLAN.md. New code goes in that shape; legacy code is infeatures/{area}/{feature}/.
- repositories). See
- assistant/ is fully hexagonal from day one:
domain//use-cases//infrastructure//http/. Seeassistant/docs/CONVENTIONS.md. - Secrets come from Infisical in dev; from DO App Platform env in prod.
- MySQL is shared —
api/andassistant/connect to the same DB, but the assistant uses a dedicatedassistant_appuser with restricted GRANTs.
Last updated on