App Router

Routes live under frontend/src/app. Folder structure follows product areas: dashboard, administration, authentication, and related surfaces. Keep URL structure predictable for deep links and support workflows.

Authentication

Browser session and token handling must match the API’s authentication rules. After any auth change, manually verify:
  • Unauthenticated users are redirected or blocked as intended.
  • Organization context is available wherever admin or org-scoped views need it.

API configuration

The browser needs a public API base URL (and related non-secret configuration) at build or runtime. See Environment variables. Match values to your deployed API endpoints and TLS setup—do not rely on undocumented defaults in public text.