albertonline.org docs
Packages

Platform core

The shared Effect v4 RPC API, auth, database, and cross-cutting utility packages every app in the monorepo is built on.

These eight packages are the load-bearing layer under every app: the typed RPC contract, the database, authentication, and the small constants/utils/logger/security helpers that keep app code from reinventing them.

@repo/api

The shared Effect v4 RPC surface consumed by apps/web. ApiRpc (rpc/schema.ts) is an RpcGroup merging per-domain slices (todo, travel, deals, ai-sessions, plans, telemetry, health) with typed Schema in/out and per-group middleware; ApiRpcHandlers/ApiRpcLive (rpc/router.ts) implement them by composing per-domain handler builders under rpc/handlers/. A browser-side client runtime wires the same group to a transport, so both sides type against one contract.

  • . — HTTP adapters (toJsonRoute, toStreamRoute, makeErrorMapper) and plain Response.json error helpers
  • ./clientmakeRpcRuntime / makeRpcAtomRuntime, the browser RPC runtime
  • ./* — subpath access to rpc/schema, rpc/router, rpc/errors, rpc/middleware, etc.

@repo/auth

Better Auth configuration and helpers shared across apps: the server auth instance, an Effect-wrapped AuthService, browser/server auth clients, role-based access control, and transactional auth email. server.ts's auth() routes session lookups through the retry-wrapped getSessionFromHeaders rather than calling authInstance.api.getSession directly, so pooler connection drops are retried instead of throwing.

  • .auth-instance.ts (Better Auth server instance), effect.ts (AuthService/AuthServiceLive), client.ts, server.ts, next.ts
  • ./keys — env schema (@t3-oss/env-nextjs + Effect Schema)
  • ./feature-accesslib/feature-access.ts
  • ./* — subpath access to the rest of src/ (e.g. lib/access-control, lib/reset-password-email)

@repo/db

Drizzle ORM (drizzle-orm/node-postgres) over Supabase Postgres. Table schemas live under src/schema/ (auth, todo, image, travel, audio, channels/chat+RBAC, blog tasks, plus a blog.ts alias re-export module), and SQL migrations under src/migrations/, managed by Drizzle Kit. A separate src/effect/ tree provides Effect-native repos with shared helpers (pgRepoLayerWith, makeRepoError) and pool-resilience/retry layers for the Supavisor session-mode pooler.

  • . — the db Drizzle client singleton (server-only) plus schema re-exports
  • ./effect — Effect PgDrizzle-backed layer, pool resilience, connection retry
  • ./* — subpath access to schema/<table>, avatar-storage, etc.

@repo/contracts

Thin, still-small package for cross-app domain schemas shared outside the RPC boundary. Today it holds a single module, the e-commerce checkout address form: an Effect Schema builder for a localized address form (getAddressSchemaEffect), its field list/type guards, and a parseAddressForm helper. Expect this package to grow as more non-RPC contracts are shared between apps.

  • ./* — e.g. ./store/address-effect

@repo/constants

Plain shared constants — no logic, no dependencies beyond @repo/typescript-config. Covers UI opacity/icon sizes, timing/timeout values, rate-limit defaults, percentage/aspect-ratio math, and day-offset values, plus a small urls map.

  • . — the constants above (src/index.ts)
  • ./urlsurls (external link map)

@repo/utils

General-purpose helpers used across apps: string/format utilities, a cn Tailwind class merger, date/duration/file-size/millis formatters, an Effect-aware react-hook-form resolver, crypto-backed id/random helpers, and a constant-time string comparison.

  • .getStatusText, capitalize, cn, effectResolver, formatDate, formatDuration, formatFileSize, formatMillis, isDefined, optionalRedacted, compactId, randomInt, secureId, sha256, slugify, timingSafeStringEqual
  • ./format-code, ./random, ./timing-safe-equal — direct subpath access to the same helpers, useful when importing a single leaf without pulling in the rest of the barrel

@repo/logger

A single logger with debug/info/warn/error, backed by pino + pino-pretty on the server and by console in the browser (the one sanctioned console boundary in the codebase). Picks the implementation at runtime based on whether window is defined, so the same import works in server and client code.

  • src/index.ts — the logger instance
  • src/keys.tsLOG_LEVEL/env schema consumed by the server logger

@repo/security

Arcjet + Nosecone wrappers for bot/rate-limit protection and security headers. secure() runs Arcjet shield + bot detection against a request, enforcing only in production (DRY_RUN elsewhere) and allowing read (GET/ HEAD) requests through even when flagged as a bot, since the site is declared open to AI agents and crawlers. middleware.ts re-exports Nosecone's createMiddleware as securityMiddleware and exports a CSP options object (Nosecone defaults extended with the Supabase image host).

  • index.tssecure() (Arcjet shield + bot/rate-limit check)
  • middleware.tssecurityMiddleware, noseconeOptions, noseconeOptionsWithToolbar
  • keys.tsARCJET_KEY env schema

@repo/security has no exports map in its package.json — it is consumed by importing the root-level index.ts / middleware.ts / keys.ts files directly rather than through package subpaths.

See the packages overview and the architecture guide.

On this page