Monorepo architecture

Application and package boundaries in the Panicly codebase

panicly/

apps/
  api/
  chatbot/
  web/
packages/
  auth/
  billing/
  db/
  logger/
  rules-engine/
  sdk/
  shared/
docs/
designs/
.panicly/
memory/

The repo is not perfectly separated. Backend behavior appears in apps/api, apps/web/src/app/api/*, and apps/web/src/app/v1/[...path]/route.ts.

Applications

apps/web

Main Next.js product app: marketing site, authenticated dashboard, API routes, and web gateway catch-all.

apps/api

Express service with auth, billing, dashboard, projects, gateway, and health routes.

apps/chatbot

Separate Next.js chatbot app that integrates with Panicly through @panicly/sdk.

packages/shared

domain constants

Plan limits, credit packages, provider base URLs, shared types, geo mapping, key normalization, token/cost estimates, and trusted request utilities.

packages/auth

auth helpers

WorkOS client, sealed sessions, org/user actions, and workspace role inference.

packages/billing

Stripe

Checkout, portal, webhook handling, plan definitions, credit grants, and subscription state.

packages/rules-engine

policy

Sentry Mode, burst protection, abuse detection, token guard, and loop guard.

packages/sdk

client helper

Small helper for external clients to call Panicly as an OpenAI-compatible backend.

Route redirects encode live vocabulary shifts: IP Management to Network Controls, Geo-protection to Region Rules, and Panic Mode to Sentry Mode.