Architecture Decisions

Appearance

Daymate

A personal wellness and activity-planning application owned by the Back-to-code alliance. Orchestrator-pattern territory governing two vassal states: a Laravel REST API and a Flutter mobile app.

Tech Stack

  • API (daymate-api): Laravel 9, PHP 8.2, MySQL, Fly.io (Amsterdam)
  • App (daymate-app): Flutter / Dart ≥3, BLoC state management, Hive cache, DIO HTTP client, Firebase Cloud Messaging, Mandrill SMTP, Mixpanel
  • Default branches: orchestrator main, api and app development

Compliance

Daymate processes wellness data and companion PII. It operates under AVG (Dutch GDPR) as the minimum compliance floor. ISO 27001 is aspirational — the ally intends to reach that bar over time but is not certified today. Patterns from Kendo and UBLGenie (audit logging, explicit deletion) serve as blueprints where they apply.

Authentication

Daymate uses UUID-only stateless authentication — no Sanctum, no passwords, no sessions. Each device generates a UUID at install and presents it on every request. This is a deliberate simplification for the consumer mobile surface; it shifts the security model from password strength to device custody.

API Versioning

  • v3 — currently deployed
  • v4 — in-flight rewrite toward an offline-first architecture using Drift-based sync on the Flutter side. Under active development by the ally.

Architecture Overview

The API follows a trimmed variant of the standard Action pattern — Laravel 9 predates some of the later doctrine refinements. The pipeline is:

Controller → FormRequest → Action → Model

The Flutter app uses BLoC for state management, Hive for local cache, and DIO for HTTP. The v4 work introduces Drift (Dart SQLite ORM) for persistent offline-first state with a sync layer against the API.

Spy Coverage Note

The Flutter mobile app falls outside current spy coverage — no spy is Dart/Flutter-trained. The app/ vassal is marked unreconnoitered pending a mobile-spy doctrine decision. The API side is reconnoitered under existing spies.

Collaboration

The Commander has admin access; other collaborators are allies within the Back-to-code alliance. Ally (RinX / mhvandijk) is actively developing — Laravel 9→12 upgrade, Flutter upgrade, GitHub Actions CI migration, v4 sync API, and Claude Code ticket-to-PR skills are all in flight.

Findings get filed as issues in the Back-to-code kendo app (ally's project management tool) for ally pickup when ready. Tactical decisions require negotiation-grade documentation.

Architecture documentation for contributors and collaborators.