Documentation

Live index generated from project documentation files.

Documentation

Architecture docs, API contracts, and runbooks.

docs/README.md

Request Flow: Dashboard / Channel → Director → Worker Agents

This document describes how user instructions flow from the dashboard or messaging channels through the Director agent to worker agents and back.

docs/architecture-request-flow.md

Tenant Isolation Model: Supabase Auth, RLS, Per-Team Runtime Boundaries

This document describes how users and teams are isolated so that one tenant cannot access another’s data or runtime.

docs/architecture-tenant-isolation.md

Token Accounting Flow: Raw Usage → Normalized Units → Billing Records

This document describes how token consumption is captured, aggregated, and used for billing and limit enforcement.

docs/architecture-token-accounting.md

Telegram and WhatsApp integration

Director is the single entry point: incoming messages are routed to the Director, then the response is sent back over the same channel.

docs/channels-telegram-whatsapp.md

Cookie list

Maintained for GDPR/ePrivacy compliance. When adding or changing cookies, update this list and the cookie list in the Privacy Policy (apps/web privacy page). Bump `CONSENT_VERSION` in `apps/web/src/lib/cookie-consent.ts` when the notice or list changes so users can re-consent.

docs/cookie-list.md

Deploying the orchestrator on Railway

The orchestrator depends on the workspace package `@vectra24/agent-runtime` (`workspace:*`). **npm does not support the `workspace:` protocol**, so you must build from the **monorepo root** with **pnpm**.

docs/deploy-railway-orchestrator.md

Environment variable conventions

Canonical names and where they are used. **Server-only** means never set as `NEXT_PUBLIC_*` and never exposed to the browser.

docs/env-conventions.md

Internationalization (i18n) – Adding Locales

The web app uses [next-intl](https://next-intl.dev) with path-based locale routing. Supported locales: **en** (default), **it**.

docs/i18n.md

Security and Compliance Baseline

- **OPENAI_API_KEY** is used only in the orchestrator and agent-runtime (server-side). It is **never** set as `NEXT_PUBLIC_*` and never sent to the browser or included in the Next.js client bundle.

docs/security-baseline.md

UI Quality Gate Checklist

This checklist is used before merging UI-heavy changes.

docs/ui-quality-gate-checklist.md

View roadmap →