Non-auth inventory (file by file)
Every code file in the non-auth surface, traced front-to-back, page by page, with backend owners and entanglement flags.
Current correction: this page remains useful as dependency research, but it is not the current first-wave move list. The active first wave in
E:\blockdatais onlyapps/web/public/index.html,apps/web/public/solutions.html, andapps/web/public/brand.html. Auth-entry pages that happen to sit outsideAuthGuardin the old router are deferred. Later auth-gated pages move as page/workflow slices and bring only the backend pieces they directly need. Design required Neon tables fresh; existing SQL files here are reference material only and old migrations are not copied.
Non-auth inventory — file by file, front to back
Traced with a transitive import-walker from each non-auth route entry. Total: 33 internal frontend files. This is a historical dependency inventory, not the current first-wave move list. No asset_id/SQL here — the non-auth surface does not touch it.
The shared spine (move first — every auth-touching page pulls it)
These appear across Login, AuthCallback, AuthWelcome, and MarketingLayout. They are the client chain into the backend — and where the entanglement lives:
| Frontend file | Talks to | Backend owner |
|---|---|---|
web/src/lib/supabase.ts | GoTrue /auth/v1 | local Supabase 127.0.0.1:7650 |
web/src/lib/platformApi.ts | /platform-api proxy | platform-api (base client) |
web/src/lib/authToken.ts | JWT storage/refresh | verified by app/auth/dependencies.py |
web/src/lib/operationalReadiness.ts | /admin/runtime/readiness/checks, /admin/runtime/storage/browser-upload-cors/reconcile | app/api/routes/admin_runtime_readiness.py + app/services/runtime_readiness.py |
web/src/lib/accountProfileApi.ts | profile read/update | app/api/routes/profile.py |
web/src/lib/platformWorkspace.ts | workspace/org context | platform-api |
web/src/auth/AuthContext.tsx | session/profile provider | wraps supabase.ts + accountProfileApi.ts |
web/src/lib/authRedirects.ts, authOAuthAttempts.ts, types.ts | helpers | — |
Entanglement flag.
operationalReadiness.tscalls platform-api admin-runtime routes, and it is imported byLogin,AuthCallback,AuthWelcome, and the marketing nav. An auth-entry/login page reaching into admin-runtime readiness + storage-CORS reconcile is exactly the cross-wiring to decide on per file before copying — bring it as-is, or cut it and re-add only when a page truly needs it.
Tier A — pure static, zero backend (move these first, trivially)
| Page / shell | Route | Own files (beyond shared utils.ts) |
|---|---|---|
PublicLayout | (auth shell) | components/layout/PublicLayout.tsx, components/layout/PublicFooter.tsx |
NotFound | * | pages/NotFound.tsx, lib/authRedirects.ts, lib/urls.ts |
MarketingIntegrations | /integrations | pages/MarketingIntegrations.tsx, components/marketing/BottomCTA.tsx, components/ui/button.tsx, lib/utils.ts |
PlatformLanding | /experiments/platform | pages/experiments/PlatformLanding.tsx, components/marketing/MarketingGrid.tsx, components/ui/badge.tsx, components/ui/button.tsx, lib/agGridTheme.ts, lib/styleTokens.ts, lib/useIsDark.ts |
These render with no backend call — the safest first transplant, page renders end-to-end on its own.
Tier B — the shared spine + its backend (stand up once)
Frontend: the 11 spine files above.
Backend: admin_runtime_readiness.py, runtime_readiness.py, profile.py, auth/dependencies.py.
Data plane: local GoTrue 7650 (no product SQL).
Tier C — auth-entry pages (sit on the spine)
| Page | Route | Own files | Backend |
|---|---|---|---|
Login | /login, /register | pages/Login.tsx, styles/landing-tokens.css, styles/landing-typography.css | supabase.auth.* (GoTrue), readiness, profile |
AuthCallback | /auth/callback | pages/AuthCallback.tsx | supabase.auth.getSession, readiness |
AuthWelcome | /auth/welcome | pages/AuthWelcome.tsx, components/ui/button.tsx | supabase.auth.updateUser, profile |
Tier D — marketing shell (sits on the spine)
| Shell | Own files |
|---|---|
MarketingLayout | components/layout/MarketingLayout.tsx, components/layout/PublicNavModern.tsx, components/layout/PublicFooter.tsx, components/brand/ProductWordmarks.tsx, components/ui/button.tsx, lib/icon-contract.ts, lib/useIsDark.ts + shared spine (nav renders auth state) |
End-to-end chain (per auth page)
pages/Login.tsx
-> auth/AuthContext.tsx -> lib/supabase.ts ----------> GoTrue 127.0.0.1:7650 (/auth/v1)
-> lib/accountProfileApi.ts -> lib/platformApi.ts ---> platform-api: app/api/routes/profile.py
-> lib/operationalReadiness.ts ----------------------> platform-api: app/api/routes/admin_runtime_readiness.py
-> app/services/runtime_readiness.py
JWT on every platform-api call verified by ----------> app/auth/dependencies.pyMove order (derived from real deps, not strategy)
- Tier A — pure static pages + their components (zero backend; prove the shell renders).
- Tier B — the shared spine + the 4 backend route files (one stand-up).
- Tier C — Login, AuthCallback, AuthWelcome (sign-up against local GoTrue works end-to-end).
- Tier D — MarketingLayout + nav.
Each file passes its gate before it lands: renders on its route · pnpm build passes · rg source_uid = 0 · backend route returns expected status · interactive pages get a browser smoke.
Where to start
Three-lens analysis (foundation audit, capability liftout, sequenced plan) of which files move into the new repo first.
Graph DB — when it earns its keep
Scenario-grounded analysis of when a graph database (AGE / Neo4j / ArangoDB) pays off vs when plain Postgres + vector is enough, for the book editor + BlockData + agent products.