Skip to Content
Upblit
AboutOpen SourceCommunityDeveloperContactPricing
Star on GitHub—Sign in
CTRL K
  • Introduction
    • AI Gateway Overview
    • Documents
    • Tenants
    • API Reference Overview
    • AI Gateway API
    • API Keys API
    • Applications API
    • Authentication
    • Ingest API (SDK)
    • Organizations API
    • Projects API
    • Telemetry API
    • Users API
    • Architecture Overview
    • Database Architecture
    • Multi-Tenancy
    • Security Model
    • Service Boundaries
    • Telemetry Pipeline
  • DeployX CLI
    • Contributing
    • Architecture Rules
    • Coding Guidelines
    • SDK Development
    • Dashboard Overview
    • AI Gateway
    • API Keys
    • Applications
    • Observability
    • Organizations
    • Profile
    • Projects
    • Quickstart
    • Authentication
    • Your First Project
    • Installation
    • Observability Overview
    • Structured Logs
    • Telemetry Flow
    • Distributed Traces
    • SDK Overview
    • Express SDK
    • Go SDK
    • Java SDK (Coming Soon)
    • Python SDK
    • React SDK (Coming Soon)
  • Introduction
    • AI Gateway Overview
    • Documents
    • Tenants
    • API Reference Overview
    • AI Gateway API
    • API Keys API
    • Applications API
    • Authentication
    • Ingest API (SDK)
    • Organizations API
    • Projects API
    • Telemetry API
    • Users API
    • Architecture Overview
    • Database Architecture
    • Multi-Tenancy
    • Security Model
    • Service Boundaries
    • Telemetry Pipeline
  • DeployX CLI
    • Contributing
    • Architecture Rules
    • Coding Guidelines
    • SDK Development
    • Dashboard Overview
    • AI Gateway
    • API Keys
    • Applications
    • Observability
    • Organizations
    • Profile
    • Projects
    • Quickstart
    • Authentication
    • Your First Project
    • Installation
    • Observability Overview
    • Structured Logs
    • Telemetry Flow
    • Distributed Traces
    • SDK Overview
    • Express SDK
    • Go SDK
    • Java SDK (Coming Soon)
    • Python SDK
    • React SDK (Coming Soon)

On This Page

  • Rule 1 — Spring Modulith Boundaries
  • Rule 2 — Dual Database Strategy
  • Rule 3 — Authentication Architecture
  • Rule 4 — SDK Ingest Contract
  • Rule 5 — Frontend Route Hierarchy
  • Rule 6 — File Storage
  • Rule 7 — Email Service Isolation
  • Rule 8 — SDK Repository
  • Rule 9 — No Hardcoded Configuration
  • Rule 10 — API Keys Are Never Re-Displayed
ContributingArchitecture Rules

Architecture Rules

These are load-bearing architectural decisions. Breaking them creates cascading problems across the system.

Rule 1 — Spring Modulith Boundaries

The backend uses Spring Modulith. Each top-level package is a module. Do not import a class from one module’s internals into another module.

Modules: core, query, ai, security, email, Library, config

Rule 2 — Dual Database Strategy

  • PostgreSQL → relational, transactional data (users, orgs, projects, apps, keys)
  • MongoDB → high-volume, schema-flexible data (traces, logs, metrics, AI content)

Do not store telemetry in PostgreSQL. Do not store user/org/project data in MongoDB.

Rule 3 — Authentication Architecture

  • GitHub OAuth2 only — no username/password
  • JWT for dashboard API calls
  • API key (x-api-key) for SDK ingest calls
  • Do not bypass JWTAuthenticationFilter
  • Do not add new auth providers without updating SecurityConfig, CustomOAuth2UserService, and OAuth2SuccessHandler

Rule 4 — SDK Ingest Contract

All SDKs must use:

POST /ingest/traces   (x-api-key header)
POST /ingest/logs     (x-api-key header)

Do not change endpoint paths or payload structure without updating all three SDKs simultaneously.

Rule 5 — Frontend Route Hierarchy

All dashboard pages must be children of dashboard/layout.tsx. The layout provides the auth guard, sidebar, and header. Do not create dashboard pages outside this layout.

Rule 6 — File Storage

Files go to Supabase — not local disk, not PostgreSQL, not MongoDB binary fields. Local disk does not persist across container restarts.

Rule 7 — Email Service Isolation

All email sending goes through the email microservice via HTTP. Do not add email-sending logic to the Spring Boot backend.

Rule 8 — SDK Repository

Production SDK implementations live in SDK/ at the workspace root:

  • SDK/Express-sdk/
  • SDK/Go-sdk/
  • SDK/Python-sdk/

The Upblit/sdk/ directory contains empty stubs. Do not develop SDKs there.

Rule 9 — No Hardcoded Configuration

All environment-sensitive values via environment variables:

  • Backend: ${ENV_VAR} in application.properties
  • Frontend: NEXT_PUBLIC_* env vars
  • SDKs: constructor parameters only — no env var reading inside SDK code

Rule 10 — API Keys Are Never Re-Displayed

Once an API key is shown in the ApiKeyModal, it must be cleared from component state when the modal closes. It must never be stored in localStorage, sessionStorage, or cookies.

Last updated on May 27, 2026
ContributingCoding Guidelines
Upblit

A student-built observability workbench for logs, traces, metrics, API keys, and AI-assisted incident notes.

OAuthAPI scopesTrace contextRetention notes

Product

  • Architecture
  • Dashboard preview
  • AI docs
  • Security
  • Pricing

Developers

  • Developer docs
  • API reference
  • Changelog
  • GitHub
  • Status

Company

  • Support
  • Contact
  • Docs
  • Dashboard
  • Sign in

Legal

  • Privacy Policy
  • Terms
  • Cookie Policy
  • Acceptable Use
  • Data Retention
  • Data Processing

Copyright 2026 Upblit. All rights reserved.

Built for telemetry review, API operations, and incident response.