# AETHEX Project - Complete Technical Stack Analysis ## Executive Summary This document provides a comprehensive analysis of the AETHEX project's actual technical stack, comparing it against the development plan and identifying implementation status for all components. --- ## 1. FRONTEND STACK (Vercel) ### Current Implementation - **Framework**: Vite + React (Custom architecture) - **NOT Next.js** - This is a significant difference from the development plan - **Build Tool**: Vite for fast development and optimized production builds - **Hosting**: Vercel - **UI Builder Integration**: Builder.io visual editor - **Authentication Client**: Custom Supabase client (NOT @supabase/ssr) ### Architecture Components #### Page Structure ``` code/client/pages/ ├── Auth Pages │ ├── Login.tsx (Email, GitHub, Google, Roblox, Discord OAuth) │ ├── Onboarding.tsx (Multi-step creator setup) │ └── ResetPassword.tsx │ ├── Main Application │ ├── Dashboard.tsx │ ├── Profile.tsx │ └── Admin.tsx (Discord management, role mappings, metrics) │ ├── ARM Pages (6 arms) │ ├── Labs.tsx (Yellow - Research & Development) │ ├── GameForge.tsx (Green - Game Development) │ ├── Corp.tsx (Blue - Enterprise Solutions) │ ├── Foundation.tsx (Red - Community & Education) │ ├── DevLink.tsx (Cyan - Roblox Professional Network) │ └── Nexus.tsx (Purple - Talent Marketplace) │ ├���─ Creator Network │ ├── creators/CreatorDirectory.tsx (Browse creators by arm) │ ├── creators/CreatorProfile.tsx (Individual creator page) │ ├── opportunities/OpportunitiesHub.tsx (Job board) │ └── opportunities/OpportunityDetail.tsx (Individual opportunity) │ └── Discord Integration ├── DiscordVerify.tsx (Verification code linking) ├── DiscordActivity.tsx (Activity page - WIP) └── Activity.tsx (Activity dashboard - WIP) ``` #### Context Providers ``` code/client/contexts/ ├── AuthContext.tsx (User authentication state) ├── Web3Context.tsx (Metamask/wallet integration) ├── DiscordContext.tsx (Discord bot context) └── DiscordActivityContext.tsx (Discord Embedded App SDK) ``` #### Key Components ``` code/client/components/ ├── Layout.tsx (Main layout with header, navigation, footer) ├── ArmSwitcher.tsx (Arm selector - desktop horizontal, mobile full-screen) ├── ArmSwitcherModal.tsx (Full-screen mobile modal) │ ├── Admin Components │ ├── AdminDiscordManagement.tsx (Discord role mappings CRUD) │ ├── AdminDiscordDiagnostic.tsx (Token & configuration diagnostics) │ └── [Other admin panels] │ ├── Creator Network Components │ ├── CreatorCard.tsx │ ├── OpportunityCard.tsx │ └── ArmFilter.tsx (Sidebar arm filter) │ └── UI Components (shadcn/ui) ├── accordion.tsx ├── alert.tsx ├── button.tsx ├── card.tsx ├── dialog.tsx └── [40+ other UI primitives] ``` ### Authentication Methods Supported 1. **Email/Password** (Native Supabase) 2. **GitHub OAuth** (Supabase) 3. **Google OAuth** (Supabase) 4. **Roblox OAuth** (Custom implementation) 5. **Discord OAuth** (New - just implemented) 6. **Web3/Ethereum** (Metamask signature verification) ### Critical Notes on Frontend - ✅ Uses custom Supabase client (NOT the new @supabase/ssr package) - ⚠️ Does NOT use Next.js App Router or middleware - ⚠️ CSP headers need configuration in Vite for Discord Activity - ✅ Builder.io visual editor integration working - ✅ Mobile-responsive with full-screen modal arm switcher --- ## 2. BACKEND STACK (Supabase + Vercel Functions) ### Database (PostgreSQL via Supabase) #### Core Tables ``` public.user_profiles ├── id (UUID, PK) ├── email (TEXT) ├── full_name (TEXT) ├── avatar_url (TEXT) ├── experience_level (TEXT) ├── primary_arm (TEXT: labs|gameforge|corp|foundation|devlink|nexus) ├── user_type (TEXT: game_developer|community_member|pro_supporter) └── [other profile fields] auth.users (Managed by Supabase Auth) ├── id (UUID) ├── email (TEXT) ├── encrypted_password (BYTEA) ├── email_confirmed_at (TIMESTAMPTZ) ├── last_sign_in_at (TIMESTAMPTZ) └── [OAuth metadata] ``` #### Discord Integration Tables ``` public.discord_links ├── discord_id (TEXT, PK) ├── user_id (UUID, FK -> user_profiles) ├── primary_arm (TEXT) ├── linked_at (TIMESTAMPTZ) public.discord_verifications ├── id (UUID, PK) ├── discord_id (TEXT) ├── verification_code (TEXT, unique) ├── expires_at (TIMESTAMPTZ) ├── created_at (TIMESTAMPTZ) public.discord_role_mappings ├── id (UUID, PK) ├── arm (TEXT: labs|gameforge|corp|foundation|devlink|nexus) ├── user_type (TEXT) ├── discord_role_id (TEXT) ├── discord_role (TEXT) ├── server_id (TEXT, optional) ├── created_at (TIMESTAMPTZ) public.discord_user_roles ├── id (UUID, PK) ├── discord_id (TEXT) ├── server_id (TEXT) ├── role_id (TEXT) ├── assigned_at (TIMESTAMPTZ) ``` #### Creator Network Tables ``` public.aethex_creators ├── user_id (UUID, FK) ├── bio (TEXT) ├── skills (TEXT[]) ├── avatar_url (TEXT) ├── experience_level (TEXT) ├── arm_affiliations (TEXT[]) public.aethex_opportunities ├─�� id (UUID, PK) ├── title (TEXT) ├── description (TEXT) ├── job_type (TEXT) ├── arm_affiliation (TEXT) ├── salary_range (TEXT) ├── posted_by_id (UUID) ├── created_at (TIMESTAMPTZ) public.aethex_applications ├── id (UUID, PK) ├── creator_id (UUID) ├── opportunity_id (UUID) ├── status (TEXT) ├── cover_letter (TEXT) ├── applied_at (TIMESTAMPTZ) public.aethex_endorsements ├── user_id (UUID) ├── endorsed_by_id (UUID) ├── skill (TEXT) ├── count (INT) ``` #### Web3 Integration ``` public.web3_nonces ├── wallet_address (TEXT, PK) ├── nonce (TEXT) ├── created_at (TIMESTAMPTZ) ├── used_at (TIMESTAMPTZ) user_profiles extensions: ├── wallet_address (TEXT) ├── roblox_user_id (TEXT) ├── game_player_ids (JSONB) ``` #### Game Integration ``` public.game_auth_tokens ├── id (UUID, PK) ├── user_id (UUID) ├── game_type (TEXT: unity|unreal|godot|roblox) ├── auth_token (TEXT) ├── created_at (TIMESTAMPTZ) public.game_sessions ├── id (UUID, PK) ├── user_id (UUID) ├── game_type (TEXT) ├── session_data (JSONB) └── created_at (TIMESTAMPTZ) ``` ### Row Level Security (RLS) Status **Current State**: Basic RLS policies implemented ```sql -- Example: Users can see their own profile CREATE POLICY "User can see their own profile" ON public.user_profiles FOR SELECT USING (auth.uid() = id); -- Users can update their own profile CREATE POLICY "User can update their own profile" ON public.user_profiles FOR UPDATE USING (auth.uid() = id); ``` **Status**: ⚠️ NOT YET OPTIMIZED (Plan recommends performance optimization) ```sql -- Should be optimized to: CREATE POLICY "User can see their own profile" ON public.user_profiles FOR SELECT USING ((select auth.uid()) = id); -- Wrapping in sub-select for performance ``` ### API Endpoints (Code in Vercel Functions) #### Location: `code/api/` directory ##### Discord OAuth - `code/api/discord/oauth/start.ts` - GET endpoint, redirects to Discord - `code/api/discord/oauth/callback.ts` - GET endpoint, handles OAuth callback ##### Discord Linking & Verification - `code/api/discord/verify-code.ts` - POST, verifies 6-digit code from /verify command - `code/api/discord/link.ts` - POST, links Discord account to user ##### Discord Management - `code/api/discord/role-mappings.ts` - GET/POST/PUT/DELETE role mapping CRUD - `code/api/discord/sync-roles.ts` - POST, assigns Discord roles based on arm + user_type - `code/api/discord/admin-register-commands.ts` - POST, registers slash commands (requires admin token) - `code/api/discord/interactions.ts` - POST, handles Discord slash command interactions - `code/api/discord/verify.ts` - POST, checks if user is linked to Discord ##### Creator Network - `code/api/creators.ts` - GET/POST/PUT, manage creator profiles - `code/api/opportunities.ts` - GET/POST/PUT, manage job opportunities - `code/api/applications.ts` - GET/POST/PUT/DELETE, manage job applications ##### Game Integration - `code/api/games/game-auth.ts` - POST, unified game authentication (Unity/Unreal/Godot/Roblox) - `code/api/games/roblox-auth.ts` - POST, Roblox-specific authentication - `code/api/games/verify-token.ts` - POST, verify game session tokens ##### Other - `code/api/user/link-roblox.ts` - POST, link Roblox account - `code/api/user/link-web3.ts` - POST, link Ethereum wallet - `code/api/web3/nonce.ts` - POST, generate Web3 nonce - `code/api/web3/verify.ts` - POST, verify Web3 signature ### Backend Server (Express.js) **Location**: `code/server/index.ts` **Responsibilities**: - Discord slash command handlers (/creators, /opportunities, /nexus) - Discord interactions endpoint (signature verification) - Health check endpoints - Site settings management - Admin functions **Key Features**: - ED25519 signature verification for Discord requests - Slash command routing - Admin token validation (DISCORD_ADMIN_REGISTER_TOKEN) - Token diagnostic endpoint (/api/discord/diagnostic) --- ## 3. DISCORD BOT STACK (Railway) ### Current Deployment - **Platform**: Railway (PaaS) - **Language**: Node.js with discord.js v14 - **Hosting Status**: ✅ Successfully deployed and running - **Repository**: `code/discord-bot/` directory ### Bot Configuration ```javascript // Bot Client Setup (code/discord-bot/bot.js) { token: process.env.DISCORD_BOT_TOKEN, intents: [ GatewayIntentBits.Guilds, GatewayIntentBits.GuildMembers, GatewayIntentBits.MessageContent, ] } ``` ### Implemented Slash Commands #### 1. `/verify` (Account Linking) - **File**: `code/discord-bot/commands/verify.js` - **Function**: Generates 15-minute verification code - **Flow**: 1. User runs /verify 2. Bot generates code and stores in discord_verifications table 3. User receives code + link to /profile/link-discord?code=XXX 4. User verifies code on website 5. discord_links record created #### 2. `/set-realm` (Choose Primary Arm) - **File**: `code/discord-bot/commands/set-realm.js` - **Function**: Dropdown menu to select primary arm - **Options**: labs, gameforge, corp, foundation, devlink, nexus - **Flow**: 1. Updates discord_links.primary_arm 2. Triggers role assignment via roleManager.js #### 3. `/profile` (Show Profile) - **File**: `code/discord-bot/commands/profile.js` - **Function**: Displays linked AeThex profile in Discord - **Shows**: Username, bio, avatar, primary realm, link to full profile #### 4. `/unlink` (Disconnect Account) - **File**: `code/discord-bot/commands/unlink.js` - **Function**: Removes Discord link and revokes roles #### 5. `/verify-role` (Check Assigned Roles) - **File**: `code/discord-bot/commands/verify-role.js` - **Function**: Shows current Discord roles and expected roles from mappings ### Supporting Utilities ```javascript // code/discord-bot/utils/roleManager.js { assignRoleByArm(discord_id, arm, server_id); // Assign role based on arm getUserArm(discord_id); // Get user's primary arm syncRolesAcrossGuilds(discord_id); // Sync roles in all servers } ``` ### Dependencies ```json { "discord.js": "^14.13.0", "@supabase/supabase-js": "^2.38.0", "dotenv": "^16.3.1" } ``` ### Environment Variables ``` DISCORD_BOT_TOKEN= DISCORD_CLIENT_ID=578971245454950421 DISCORD_PUBLIC_KEY= SUPABASE_URL=https://kmdeisowhtsalsekkzqd.supabase.co SUPABASE_SERVICE_ROLE= NODE_ENV=production BOT_PORT=3000 ``` ### Bot Health Check - **Endpoint**: POST /health - **Returns**: { status, guilds, commands, uptime, timestamp } - **Used by**: Frontend `/api/discord/bot-health` proxy --- ## 4. DISCORD INTEGRATION LAYER ### OAuth Flow (User Signup/Login with Discord) ``` User clicks "Continue with Discord" on /login ↓ Redirects to /api/discord/oauth/start ↓ Redirects to Discord OAuth authorize endpoint ↓ User authorizes on Discord ↓ Discord redirects to /api/discord/oauth/callback?code=...&state=... ↓ Backend exchanges code for access token ↓ Fetch Discord user (id, username, email, avatar) ↓ Check if discord_id exists in discord_links ├─ YES: Use linked user_id ├─ NO: Check if email exists in user_profiles │ ├─ YES: Link Discord to that email │ └─ NO: Create new auth user + profile + link Discord ↓ Generate session cookie (sb-access-token, sb-refresh-token) ↓ Redirect to /dashboard (or /onboarding if new) ``` ### Verification Code Flow (Link Existing Account) ``` User authenticated, goes to /profile/link-discord ↓ Runs /verify in Discord bot ↓ Bot generates 6-digit code (15 min expiry) ↓ User copies code from Discord ↓ Enters code at /profile/link-discord ↓ Frontend calls POST /api/discord/verify-code ↓ Backend validates code in discord_verifications table ↓ Creates/updates discord_links record ↓ Shows success message ��� Redirects to /profile/settings ``` ### Discord Manifest **Location**: `code/public/discord-manifest.json` ```json { "id": "578971245454950421", "version": "1", "name": "AeThex", "description": "AeThex Creator Network & Talent Platform", "rpc_origins": ["https://aethex.dev"], "interactions": { "request_url": "https://aethex.dev/api/discord/interactions" } } ``` --- ## 5. PLANNED vs. ACTUAL - KEY DIFFERENCES ### Development Plan Says... | Actually Have... | Status ``` ┌───────────��─────────────────────────────────────────────────────┐ │ FRONTEND │ ├─────────────────────────────────────────────────────────────────┤ │ Plan: Next.js App Router + @supabase/ssr │ │ Actual: Vite + React + Custom Supabase client │ │ Status: ❌ DIFFERENT - Works but not as planned │ ├─────────────────────────────────────────────────────────────────┤ │ Plan: CSP headers in next.config.js │ │ Actual: Not implemented (Vite doesn't use next.config) │ │ Status: ⚠️ NEEDS FIX - Add to vite.config.ts │ ├─────────────────────────────────────────────────────────────────┤ │ Plan: Middleware for session refresh │ │ Actual: No middleware (not applicable to Vite+React) │ │ Status: ⚠️ SESSION HANDLING - Handled by useAuth hook │ ├──────────��──────────────────────────────────────────────────────┤ │ Plan: Discord Embedded App SDK integration │ │ Actual: Not yet implemented (DiscordActivity.tsx exists) │ │ Status: ⏳ IN PROGRESS │ ├─────���───────────────────────────────────────────��───────────────┤ │ BACKEND │ ├─────────────────────────────────────────────────────────────────┤ │ Plan: PostgreSQL + RLS with optimized policies │ │ Actual: PostgreSQL + RLS (NOT optimized) │ │ Status: ✅ EXISTS - Can optimize with (select auth.uid()) │ ├─────────────────────────────────────────────────────────────────┤ │ Plan: GitHub Actions CI/CD for migrations │ │ Actual: Manual supabase migration up │ │ Status: ⏳ NOT YET AUTOMATED │ ├─────────────────────────────────────────────────────────────────┤ │ BOT │ ├────────────────────────────────���────────────────────────────────┤ │ Plan: discord.js + Railway + direct Supabase │ │ Actual: ✅ EXACTLY AS PLANNED │ │ Status: ✅ READY │ ├─────────────────────────────────────────────────────────────────┤ │ Plan: 5+ slash commands │ │ Actual: 5 commands (/verify, /set-realm, /profile, /unlink, │ │ /verify-role) │ │ Status: ✅ COMPLETE │ ├─────────────────────────────────────────────────────────────────┤ │ DISCORD INTEGRATION │ ├──────────────────────────────────────��──────────────────────────┤ │ Plan: OAuth PKCE flow with callback │ │ Actual: ✅ IMPLEMENTED │ │ Status: ✅ WORKING │ ├─────────────────────────────────────────────────────────────────┤ │ Plan: Dual auth (Discord SDK + Supabase) │ │ Actual: Single auth implemented (OAuth) │ │ Status: ⏳ Dual auth needed for Activity │ └───────────────────────────────────────────────────────────────���─┘ ``` --- ## 6. ENVIRONMENT VARIABLES (All Set) ### Supabase ``` VITE_SUPABASE_URL=https://kmdeisowhtsalsekkzqd.supabase.co VITE_SUPABASE_ANON_KEY=sb_publishable_DfTB6qME8BkTmHNJ3dCBew_t1NLATEq SUPABASE_SERVICE_ROLE=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... SUPABASE_URL=https://supabase.aethex.tech ``` ### Discord OAuth ``` DISCORD_CLIENT_ID= DISCORD_CLIENT_SECRET= DISCORD_BOT_TOKEN= DISCORD_PUBLIC_KEY= DISCORD_ADMIN_REGISTER_TOKEN= ``` ### Roblox OAuth ``` ROBLOX_OAUTH_CLIENT_ID= ROBLOX_OAUTH_CLIENT_SECRET= ROBLOX_OAUTH_REDIRECT_URI=https://aethex.dev/roblox-callback ``` ### Web3 ``` (No env vars needed - signature verification is client-side) ``` ### API Base ``` VITE_API_BASE=https://aethex.dev ``` --- ## 7. WHAT'S PRODUCTION-READY ✅ - ✅ Supabase backend with 15+ tables and RLS - ✅ Vite + React frontend on Vercel - ✅ 6 arm pages with full styling - ✅ Creator network (creators, opportunities, applications) - ✅ Discord OAuth login - ✅ Discord account linking (verification code) - ✅ Discord bot on Railway (5 slash commands) - ✅ Admin panel with Discord role mappings - ✅ Mobile responsive (full-screen arm switcher) - ✅ Web3/Ethereum wallet linking - ✅ Roblox OAuth integration - ✅ Game integration APIs (Unity/Unreal/Godot/Roblox) --- ## 8. WHAT NEEDS WORK ⏳ 1. **CSP Headers for Discord Activity** - Status: ⏳ NEEDS FIX - Action: Add to vite.config.ts and vercel.json - Priority: HIGH 2. **Discord Embedded App SDK (Dual Auth)** - Status: ⏳ PARTIALLY DONE - Action: Implement full dual-auth flow in DiscordActivity.tsx - Priority: MEDIUM 3. **RLS Policy Optimization** - Status: ✅ WORKS, CAN OPTIMIZE - Action: Wrap auth.uid() in (select auth.uid()) for performance - Priority: LOW 4. **GitHub Actions CI/CD** - Status: ⏳ NOT IMPLEMENTED - Action: Create .github/workflows/deploy-supabase.yml - Priority: MEDIUM 5. **Mobile Arm Switcher Modal** - Status: ✅ COMPLETED - Shows full-screen modal on mobile < 768px width - Back button and Proceed button functional --- ## 9. QUICK REFERENCE - FILE LOCATIONS ``` Frontend: code/client/pages/ - All pages code/client/contexts/ - Auth, Web3, Discord contexts code/client/components/ - All UI components Backend: code/api/ - All API endpoints code/server/index.ts - Express server + Discord handlers Database: code/supabase/migrations/ - All SQL migrations Discord Bot: code/discord-bot/ - All bot code code/discord-bot/commands/ - Slash commands Documentation: code/docs/ - All guides and documentation ``` --- ## 10. DEPLOYMENT CHECKLIST ### Frontend (Vercel) - [ ] Environment variables set in Vercel dashboard - [ ] CSP headers configured in vercel.json - [ ] Branch deployments working - [ ] Discord OAuth redirect URI set in Discord portal ### Backend (Supabase) - [ ] All migrations applied - [ ] RLS policies enabled on all tables - [ ] Service role key securely stored ### Bot (Railway) - [ ] Environment variables set - [ ] Bot token valid and bot is online - [ ] Slash commands registered - [ ] Database connection working ### Discord Developer Portal - [ ] OAuth2 redirect URI: https://aethex.dev/api/discord/oauth/callback - [ ] Bot invited to test servers - [ ] Slash commands enabled - [ ] Activity features enabled (if using Embedded App SDK) --- ## CONCLUSION The AETHEX project is **~75% production-ready**. The core architecture differs from the development plan (Vite+React instead of Next.js), but the implementation is solid and functional. The main work ahead is: 1. Configuring CSP headers for Discord Activity 2. Implementing the full Embedded App SDK dual-auth flow 3. Setting up CI/CD automation 4. Minor performance optimizations to RLS policies All critical functionality (auth, Discord, creator network, bot) is working and tested.