Architecture
How the darna-stack monorepo fits together.
A pnpm monorepo with three deployable apps. Everything ships to Cloudflare Workers — backend natively, the Next.js apps via OpenNext. Auth crosses every boundary: WorkOS issues access tokens, the backend verifies them.
Layout
darna-stack/
├── apps/
│ ├── backend/ Hono + Effect HttpApi on :4000 (wrangler dev)
│ ├── admin/ Next.js 16 admin panel on :3000
│ ├── web-client/ Next.js 16 client app on :7001
│ └── docs/ Fumadocs site on :3001 (this app)
├── infra/ deploy notes, env templates
├── package.json workspace root
└── pnpm-workspace.yamlRequest flow
The admin obtains a WorkOS access token via AuthKit and forwards it as
Authorization: Bearer …. The backend's Authentication middleware
verifies the JWT against the WorkOS JWKS for the same WORKOS_CLIENT_ID.
The web-client talks to the same backend through a generated, fully-typed
client.
Sections
Local dev
Clone, set up .env, run wrangler dev. Fifteen minutes.
Backend
HttpApi composition, feature modules, the Worker entrypoint.
Web client
OpenAPI codegen plus openapi-react-query. End-to-end type safety.
Auth
WorkOS handshake end-to-end. What lives where.
Admin
Next.js 16 with AuthKit. Edge middleware on every route.
Tracing
OpenTelemetry to Grafana via @microlabs/otel-cf-workers.
Deploy
Wrangler for backend, OpenNext for the Next.js apps.
Conventions
- Package names —
@darna/backend,@darna/admin,@darna/docs,web-client. Workspace filters use these (pnpm --filter @darna/backend …). - Ports — backend
4000, admin3000, docs3001, web-client7001. Hardcoded in eachdevscript sopnpm dev(parallel) doesn't collide. - Wrangler — every deployable app has its own
wrangler.jsonc.compatibility_dateis the same across all of them. - Env files —
apps/backend/.env(read bywrangler dev --env-file=.env),apps/<next-app>/.env.local(read bynext dev). All gitignored, all with a.examplenext to them. Production secrets go throughwrangler secret put. - Effect — backend code uses Effect
Service+Layerfor DI. HTTP surface is@effect/platform'sHttpApi. OneTracingLayerprovides the global OTel tracer.
Top-level scripts
| Command | What it does |
|---|---|
pnpm dev | All apps in parallel |
pnpm typecheck | Recursive tsc --noEmit |
pnpm deploy | Backend → admin → docs to Cloudflare Workers |