System Overview
A high-level view of how Starlight Practice's services connect.
Request flow
Diagram shows the target state
The dashed Lambda@Edge step on the docs path is not currently deployed. The docs site at docs.dev.starlightpractice.com and docs.starlightpractice.com is open right now — the Cognito-cookie auth gate ships in a follow-up PR that rides on the cookie-storage work landing in the admin-platform PR. This page documents the architecture once that gate is in place.
Stages
| Stage | Purpose | Frontend domain | API domain | Docs domain |
|---|---|---|---|---|
| dev | Local laptop (npx sst dev) | localhost:3000 | API Gateway URL | localhost:3001 (no auth) |
| staging | Shared remote dev environment | dev.starlightpractice.com | api.dev.starlightpractice.com | docs.dev.starlightpractice.com |
| prod | Production | starlightpractice.com | api.starlightpractice.com | docs.starlightpractice.com |
Data isolation
Every tenant-scoped table carries a practice_id. Lambda handlers connect as the dedicated app_user PostgreSQL role — which has no BYPASSRLS — so row-level security policies are enforced for every query. See Multi-Tenancy for the full design.