# LynkedUp Platform

> Mobile-first SDK-based application suite with enterprise-grade security and offline-first capabilities

[![CI Status](https://github.com/lynkedup/monorepo/workflows/CI/badge.svg)](https://github.com/lynkedup/monorepo/actions)
[![License](https://img.shields.io/badge/License-Proprietary-red.svg)](LICENSE)

## 🏗️ Architecture Overview

LynkedUp is built as a **PNPM monorepo** with **Nx orchestration**, featuring:

- **📱 Mobile-First**: React Native applications with native security integrations
- **🔐 Security by Default**: Hardware-backed cryptography, DPoP, SQLCipher encryption
- **📴 Offline-First**: 100% functional offline with conflict-free synchronization  
- **🎯 SDK-First Modularity**: Independent, composable SDKs with strict boundaries
- **🛡️ Policy-Aware**: Fine-grained ABAC via Permit.io/OPA
- **🏢 Multi-Tenant**: Organization-level encryption keys and data isolation

```mermaid
graph TD
    A[LynkedUp Pro App] --> B[Feature SDKs]
    A --> C[Core SDKs]
    D[LynkedUp Foundation] --> B
    D --> C
    
    B --> E[@feature/auth<br/>@feature/tasks<br/>@feature/messaging]
    C --> F[@core/security<br/>@core/storage<br/>@core/sync<br/>@core/policy]
    
    F --> G[Native Layer<br/>SQLCipher • Secure Enclave • StrongBox]
    C --> H[GraphQL BFF<br/>Node.js • Permit.io • PostgreSQL]
```

## 🚀 Quick Start

### Prerequisites

- Node.js 18+ 
- PNPM 8+
- React Native development environment
- Xcode (iOS) / Android Studio (Android)

### Installation

```bash
# Clone and install dependencies
git clone https://github.com/lynkedup/monorepo.git
cd lynkedup-monorepo
pnpm install

# Initialize development environment
pnpm nx run-many -t build
```

### Development

```bash
# Start SDK playground for development
pnpm dev:playground

# Start LynkedUp Pro app
pnpm dev:pro

# Run tests across all packages
pnpm test

# Run only affected tests (recommended)
pnpm affected:test
```

## 📦 Package Structure

```
lynkedup-monorepo/
├── apps/
│   ├── lynkedup-pro/           # Primary React Native app
│   ├── lynkedup-foundation/    # Foundation variant
│   ├── api-bff/               # Node.js GraphQL BFF  
│   └── sdk-playground/        # SDK development sandbox
├── packages/
│   ├── core/                  # Tier 0: Infrastructure SDKs
│   │   ├── security/          # Hardware-backed crypto, DPoP
│   │   ├── storage/           # Encrypted RxDB/SQLCipher
│   │   ├── sync/              # Offline-first synchronization
│   │   ├── policy-client/     # ABAC policy evaluation
│   │   └── trust/             # Device posture & risk assessment
│   ├── feature-auth/          # Tier 1: Authentication
│   │   ├── domain/            # Pure business logic
│   │   ├── data/              # Repository implementations
│   │   └── ui-rn/             # React Native components
│   ├── feature-tasks/         # Task & project management
│   ├── feature-messaging/     # Unified messaging backbone
│   └── shared/                # Common utilities & types
└── tooling/                   # Development tools & mocks
```

## 🔐 Security Features

- **Hardware-Backed Keys**: iOS Secure Enclave & Android StrongBox
- **DPoP Authentication**: RFC 9449 sender-constrained tokens
- **Contextual Encryption**: Organization-specific data encryption keys
- **Cryptographic Erasure**: Remote data destruction via key deletion
- **Device Attestation**: Apple DeviceCheck & Play Integrity integration
- **Policy-Driven Access**: Real-time ABAC enforcement

## 📴 Offline Capabilities

- **Local-First Storage**: Encrypted SQLCipher with reactive queries
- **Durable Outbox Pattern**: Reliable offline mutation queuing
- **CRDT Synchronization**: Conflict-free collaborative data
- **Optimistic UI**: Immediate feedback with eventual consistency
- **Policy Caching**: Local ABAC evaluation with server enforcement

## 🛠️ Development Workflow

### Module Boundaries

The monorepo enforces strict architectural boundaries via ESLint rules:

- **Domain Purity**: Domain layers cannot import infrastructure
- **Vertical Isolation**: Features cannot depend on other features  
- **Layered Dependencies**: UI → Data → Domain → Shared

### SDK Development

Each SDK follows clean architecture principles:

1. **Domain Layer**: Pure TypeScript business logic
2. **Data Layer**: Infrastructure adapters (RxDB, GraphQL, native modules)
3. **UI Layer**: React Native components and screens

See individual SDK playbooks in `packages/*/README.playbook.md`.

### Testing Strategy

- **Unit Tests**: High coverage for business logic (Jest)
- **Contract Tests**: GraphQL schema compliance (MSW)
- **Integration Tests**: Cross-SDK interactions
- **E2E Tests**: Complete user flows (Detox)

## 📋 Available Scripts

```bash
# Development
pnpm dev:playground          # SDK development sandbox
pnpm dev:pro                # LynkedUp Pro app
pnpm dev:foundation         # LynkedUp Foundation app

# Quality Assurance  
pnpm build                  # Build all packages
pnpm test                   # Run all tests
pnpm lint                   # Lint all packages
pnpm typecheck              # TypeScript validation

# Affected Operations (CI/CD)
pnpm affected:build         # Build affected packages
pnpm affected:test          # Test affected packages
pnpm affected:lint          # Lint affected packages

# Release Management
pnpm changeset              # Create changeset
pnpm changeset:version      # Bump versions
pnpm changeset:publish      # Publish to NPM
```

## 🚢 Release Management

This monorepo uses [Changesets](https://github.com/changesets/changesets) for versioning and publishing:

1. **Create Changeset**: `pnpm changeset` 
2. **Version Bump**: `pnpm changeset:version`
3. **Publish**: `pnpm changeset:publish`

Only SDK packages are published to NPM. Applications are deployment artifacts.

## 🧪 CI/CD Pipeline

- **SLSA Level 3**: Supply chain security with signed provenance
- **Nx Cloud**: Remote caching for optimal build performance  
- **Affected Testing**: Only test/build changed packages
- **Semantic Versioning**: Automated version management
- **Security Scanning**: Dependency and code vulnerability checks

## 📚 Documentation

- **Architecture**: [docs/architecture.md](docs/architecture.md)
- **Security Model**: [docs/security.md](docs/security.md) 
- **SDK Playbooks**: `packages/*/README.playbook.md`
- **API Reference**: Generated from TypeScript types
- **GraphQL Schema**: `apps/api-bff/schema.graphql`

## 🤝 Contributing

1. **Create Feature Branch**: `git checkout -b feat/scope-description`
2. **Follow Conventions**: Conventional Commits with proper scopes
3. **Add Changeset**: `pnpm changeset` for public API changes
4. **Quality Gates**: Pre-commit hooks ensure code quality
5. **Pull Request**: Title should match commit convention

## 📄 License

Copyright (c) 2024 LynkedUp Platform. All rights reserved.

This software is proprietary and confidential. Unauthorized copying, distribution, or use is strictly prohibited.