1.5 KiB
1.5 KiB
8. Cross-cutting Concepts
Describes crosscutting concepts (practices, patterns, regulations or solution ideas). Such concepts are often related to multiple building blocks. They may include many different topics such as domain models, architecture patterns, rules for using specific technology, security, logging, and error handling.
Pick only the most-needed topics for your system.
OpenRouter API Integration
see docs/8.1-openrouter.md for details on how the backend integrates with OpenRouter for multi-modal AI generation, including image and video generation flows.
DuckDB Concurrency and Storage
See docs/8.2-duckdb.md for details on how the backend handles concurrent access to DuckDB and manages the database file on the host filesystem.
Security
- All API endpoints (except
/auth/login) require a valid JWT in theAuthorization: Bearerheader. - HTTPS enforced in production via reverse proxy (nginx or Caddy).
- Passwords stored as bcrypt hashes.
Logging
- Structured JSON logs from FastAPI via Python
logging+structlog. - OpenTelemetry traces exported for observability.
- Log level configurable via environment variable
LOG_LEVEL.
Error Handling
- All API errors return a unified JSON shape:
{ "error": "<code>", "message": "<description>" }. - HTTP status codes follow REST conventions (400, 401, 403, 404, 422, 500).
Configuration
- All secrets (API keys, DB path, JWT secret) loaded from environment variables or
.envfile. - No secrets committed to source control.