Technical overview of how Sovra is structured and how requests flow across services.
docs/deployment.mddocs/environment-variables.mddocs/huggingface-integration.mddocs/worker.mddocs/testing.mddocs/premium-benchmark.mddocs/operations-runbook.mddocs/production-readiness.mddocs/release-process.md
┌──────────────────────────────────────────────────────────────────────┐
│ Browser / Clients │
└───────────────────────────────┬──────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────────────────┐
│ Next.js 15 Web App │
│ │
│ App Router + Server Actions + API Routes │
│ - Auth/session handling │
│ - Tenant membership checks │
│ - Billing/admin/workspace orchestration │
│ - Broadcast writes to worker /internal/broadcast │
└───────────────────────────────┬──────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────────────────┐
│ Supabase (PostgreSQL) │
│ │
│ - Auth + JWT │
│ - Row-level security policies │
│ - Tenant/user/workspace/agent data │
│ - pgvector embeddings + semantic retrieval │
└───────────────────────┬───────────────────────────────┬──────────────┘
│ │
▼ ▼
┌──────────────────────────┐ ┌────────────────────────┐
│ Go Worker Service │ │ External Integrations │
│ │ │ │
│ :8080 health │ │ Stripe, Sentry, │
│ :50051 gRPC health │ │ PostHog, Upstash, │
│ :3001 MCP (/mcp) │ │ OpenAI, Anthropic, │
│ :3002 Socket.IO + │ │ Hugging Face │
│ │ │ │
│ /internal/broadcast │ └────────────────────────┘
└──────────────────────────┘
- A user request reaches the Next.js app.
- Web server code creates a tenant-scoped Supabase client.
- Membership/permission checks run in app logic.
- PostgreSQL RLS enforces tenant isolation at the data layer.
- For realtime updates, web server sends events to worker
/internal/broadcast. - Worker emits Socket.IO room events to connected clients.
Sovra uses layered isolation:
- App-layer membership checks (authenticated user + tenant membership).
- Data-layer enforcement with Postgres RLS policies.
- Worker broadcast room names scoped to
{tenantId}:{workspaceId}.
RLS is the final enforcement boundary for data reads/writes.
Internal worker routes use a shared bearer secret:
/internal/broadcast/mcp
INTERNAL_API_SECRET is optional in non-production for local development, but required in production. Startup and middleware both enforce fail-closed behavior in production.
| Domain | Failure mode | Impact | Recovery |
|---|---|---|---|
| Web app | Runtime regression or bad deploy | UI/API unavailable or degraded | Roll back deploy, inspect logs/Sentry, re-run smoke tests |
| Worker | Socket/MCP/gRPC server failure | Realtime + tool execution degraded | Restart worker, inspect logs, run worker health checks |
| Supabase | Connectivity or RLS issue | Data operations fail | Validate DB health, migration state, and policy integrity |
| External APIs | Provider outage (AI/billing/observability) | Feature-specific degradation | Retry, failover, or temporarily disable dependent features |
- Next.js App Router keeps API and UI in one runtime and supports server components.
- Go worker handles high-concurrency realtime and long-running tool execution.
- Supabase is the single source of truth for auth, relational data, and vector storage.
- Security-sensitive internal routes are isolated behind explicit shared-secret auth.