AIJIM PROTOOLS
ArchitectureCore-first

System Architecture

Post-E.3b AIJIM is a Core-first system: Python Core owns normative writes, the Next.js app owns UI and BFF proxying, and LINA remains an interaction and voice runtime layered on top.

Three-Tier Model

Tier 1 — LINA Browser and Voice Runtime

Runs in the user-facing app session. It owns interaction traces, wake/ack flow, voice telemetry, renderer transport, and assistant-local corpus work. It does not own normative audit writes.

Tier 2 — apps/aijim-app Next.js UI and BFF

Owns the React workspace shell plus the route layer that proxies browser calls into Core and LINA-local surfaces. This is the integration boundary that forwards auth, shapes request context, and keeps direct browser-to-Core calls off the public surface.

Tier 3 — AIJIM Core Python FastAPI

Owns normative execution, governance, conformance, and audit-grade write paths. Post-E.3b, Core is the single writer for invariant-bearing truth even where transitional stores still live outside the Python service boundary.

Core-First Ownership

The scope boundary is summarized here fromservices/aijim-core/CORE_SCOPE.md,documentation/runbooks/AIJIM_CORE_FIRST_OWNERSHIP_MATRIX.md, anddocumentation/runbooks/LINA_CORE_BOUNDARY_CONTRACT.md. Those artifacts remain authoritative when wording here is shorter.

Deployment Model

SurfaceRuntimeResponsibility
Browser sessionReact + LINA client runtimeUser interaction, voice capture/playback, local orchestration, and UI state.
Web app edge/serverNext.js app routes in `apps/aijim-app`BFF proxying for `/api/core/*`, `/api/workspace/*`, `/api/lina/*`, and `/api/dev/*`.
Normative backendPython FastAPI in `services/aijim-core` on managed runtimeCore execution, policy, review-gate, audit, and conformance ownership.
Voice backendFastAPI voice renderer in `services/voice-renderer` on managed runtimeLINA STT/TTS transport and renderer-specific operations.
Persistence and authSupabase Postgres + AuthCurrent relational persistence and auth/session substrate; Core-first writer ownership still applies to normative records.

Core-First Data Flow

ASCII fallback: no Mermaid renderer is configured in `apps/docs`.
Browser (workspace UI + LINA browser runtime)
  |
  |  fetch("/api/core/*") for normative reads/writes
  |  fetch("/api/lina/*") for LINA-local interaction + voice routes
  v
Next.js routes in apps/aijim-app
  |
  |  /api/core/*  -> auth/context forwarding -> AIJIM Core FastAPI on managed runtime
  |  /api/lina/*  -> local interaction routes OR voice transport proxies
  v
AIJIM Core FastAPI on managed runtime
  |
  |  normative execution, governance, audit-grade writes
  v
Supabase Postgres

Side path for voice:
Browser -> /api/lina/voice/* -> voice-renderer on managed runtime

The important post-E.3b shift is ownership, not just transport: browser traffic still enters through Next.js routes, but the normative writer behind Core-owned audit and governance entities is the Python Core service, with Supabase remaining the current store for parts of the transitional boundary.

Invariants and Ownership

What Core Owns

Evidence-first execution, run contracts, policy and review-gate decisions, audit bundle operations, and the target audit replay and publication surface all remain Core-owned.

What LINA Keeps

Session events, interaction traces, voice metrics, voice provenance envelopes, voice transport proxies, and assistant corpus/RAG remain LINA-local domains.