Skip to main content

System Architecture

Platform Topology

Hikari runs a hybrid platform:

Cloudflare Pages + Workers for frontend and edge workloads
Docker-hosted services for stateful and long-running backends
PocketBase as auth/database/storage substrate

Canonical long-form map: ARCHITECTURE.md in repo root.

Tenancy Patterns

Two supported backend patterns:

Integrated RBAC

Auth and data in the same PocketBase tenant.

Federated Multi-Tenant

Auth resolved through pb-host, with tenant/account IDs as opaque text fields.

Implementation details are documented in PocketBase Patterns.

Auth Trust Model

Backend -> Backend: SigV4
Frontend -> Backend: user JWT
Public routes: intentionally unauthenticated

Data and Control Surfaces

Deploy workflows: Deploy and Runbooks
Service ownership: App Catalog
Shared package responsibilities: Package Catalog

Platform Topology
Tenancy Patterns
- Integrated RBAC
- Federated Multi-Tenant
Auth Trust Model
Data and Control Surfaces