System Architecture
Post-E.3b AIJIM is a Core-first system: Python Core owns normative writes, the Next.js app owns UI and BFF proxying, and LINA remains an interaction and voice runtime layered on top.
Three-Tier Model
Tier 1 — LINA Browser and Voice Runtime
Runs in the user-facing app session. It owns interaction traces, wake/ack flow, voice telemetry, renderer transport, and assistant-local corpus work. It does not own normative audit writes.
Tier 2 — apps/aijim-app Next.js UI and BFF
Owns the React workspace shell plus the route layer that proxies browser calls into Core and LINA-local surfaces. This is the integration boundary that forwards auth, shapes request context, and keeps direct browser-to-Core calls off the public surface.
Tier 3 — AIJIM Core Python FastAPI
Owns normative execution, governance, conformance, and audit-grade write paths. Post-E.3b, Core is the single writer for invariant-bearing truth even where transitional stores still live outside the Python service boundary.
Core-First Ownership
services/aijim-core/CORE_SCOPE.md,documentation/runbooks/AIJIM_CORE_FIRST_OWNERSHIP_MATRIX.md, anddocumentation/runbooks/LINA_CORE_BOUNDARY_CONTRACT.md. Those artifacts remain authoritative when wording here is shorter.Deployment Model
| Surface | Runtime | Responsibility |
|---|---|---|
| Browser session | React + LINA client runtime | User interaction, voice capture/playback, local orchestration, and UI state. |
| Web app edge/server | Next.js app routes in `apps/aijim-app` | BFF proxying for `/api/core/*`, `/api/workspace/*`, `/api/lina/*`, and `/api/dev/*`. |
| Normative backend | Python FastAPI in `services/aijim-core` on managed runtime | Core execution, policy, review-gate, audit, and conformance ownership. |
| Voice backend | FastAPI voice renderer in `services/voice-renderer` on managed runtime | LINA STT/TTS transport and renderer-specific operations. |
| Persistence and auth | Supabase Postgres + Auth | Current relational persistence and auth/session substrate; Core-first writer ownership still applies to normative records. |
Core-First Data Flow
ASCII fallback: no Mermaid renderer is configured in `apps/docs`.Browser (workspace UI + LINA browser runtime)
|
| fetch("/api/core/*") for normative reads/writes
| fetch("/api/lina/*") for LINA-local interaction + voice routes
v
Next.js routes in apps/aijim-app
|
| /api/core/* -> auth/context forwarding -> AIJIM Core FastAPI on managed runtime
| /api/lina/* -> local interaction routes OR voice transport proxies
v
AIJIM Core FastAPI on managed runtime
|
| normative execution, governance, audit-grade writes
v
Supabase Postgres
Side path for voice:
Browser -> /api/lina/voice/* -> voice-renderer on managed runtimeThe important post-E.3b shift is ownership, not just transport: browser traffic still enters through Next.js routes, but the normative writer behind Core-owned audit and governance entities is the Python Core service, with Supabase remaining the current store for parts of the transitional boundary.
Invariants and Ownership
What Core Owns
Evidence-first execution, run contracts, policy and review-gate decisions, audit bundle operations, and the target audit replay and publication surface all remain Core-owned.
What LINA Keeps
Session events, interaction traces, voice metrics, voice provenance envelopes, voice transport proxies, and assistant corpus/RAG remain LINA-local domains.
Monorepo Structure
Namespace split, package layout, and the retired newsroom route family.
Five Invariants
Current Core-owned enforcement loci and representative error codes.
LINA/Core Boundary
What LINA still owns locally and what must move behind Core.
LINA Architecture
Interaction and voice runtime layering inside the app.